Information Commissioner's Office
ICO reports on community healthcare providers’ data handling
The Information Commissioner’s Office (ICO) has yesterday published a report looking at how community healthcare providers approach data protection.
Community providers are an increasingly important part of the NHS, providing cradle to grave services worth over £11 billion a year. But they often involve staff working at remote locations or off-site entirely. This brings particular data protection challenges.
The report provides an analysis of data breaches in the sector that shows a trend of information being ‘disclosed in error’ - a problem that can be addressed by following the tips in the report.
The ICO good practice team’s programme of audit and information risk reviews from October 2013 to date included four audits and three information risk reviews of community health providers. That experience informed the top five tips included in the report:
Know what you hold and where: be aware of what personal data you hold, and map where it goes.
Ensure staff awareness of basic security: this is key to reducing the number of serious data breaches.
Don’t forget training: the off-site nature of work of a large number of community healthcare roles means there can be a low uptake of training.
Develop guidelines for taking patient information off site: this is clearly an area of information risk, and it is key that staff are thinking about how information is looked after when it leaves the office.
Ensure central oversight of the records management process: the wide geographic area covered by many providers means records management can be fragmented and inconsistent.
ICO Lead Auditor Carol Knights said yesterday:
“Community healthcare providers are at the forefront of the move to integrate and co-ordinate NHS services. They can offer innovative and effective methods of delivering healthcare but it’s crucial that innovation comes with an understanding of the risk to people’s information.
"The series of visits we carried out was reassuring, and suggest there is an understanding of data protection. But there’s always room to improve. The tips we’ve published today should prove invaluable to community healthcare providers, as well as being useful reading for anyone whose role involves handling patient information.”
Notes to Editors
- The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
- The ICO is onTwitter, FacebookandLinkedIn. Read more in the ICO blogand e-newsletter.Our Press Office page provides more information for journalists.
- If you need more information, please contact the ICO press office on 0303 123 9070 or visit the website at: www.ico.org.uk.
Latest News from
Information Commissioner's Office
Blog: Providing practical data protection guidance to the media sector13/10/2021 14:25:00
A blog by Elizabeth Denham, Information Commissioner
ICO response to DCMS consultation “Data: a new direction”07/10/2021 12:20:00
Foreword from Elizabeth Denham CBE, UK Information Commissioner.
Statement on mandatory vaccination and COVID status check schemes ahead of their introduction in Scotland and Wales29/09/2021 14:10:00
The UK Information Commissioner, Elizabeth Denham, commented ahead of the introduction of mandatory vaccination and COVID status checks in Scotland and Wales
Statement in response to use of ICO corporate charge card28/09/2021 15:20:00
An ICO spokesperson released a statement in response to use of ICO corporate charge card
Statement in response to use of ICO corporate charge card27/09/2021 16:43:00
Statement given in response to use of ICO corporate charge card.
International progress for domestic benefit: why the ICO convened a G7 meeting on data flows20/09/2021 16:15:00
A blog by Elizabeth Denham, UK Information Commissioner
We Buy Any Car, Sports Direct and Saga fined £495,000 after sending millions of ‘frustrating and intrusive’ nuisance messages.15/09/2021 13:20:00
The ICO has today announced fines totalling £495,000 to well-known companies that between them sent more than 354 million nuisance messages.
Blog: Sharing personal data in an emergency – a guide for universities and colleges15/09/2021 09:15:00
A blog by Viv Adams, Principal Policy Adviser in the ICO Parliament and Government Affairs team
G7 data protection and privacy authorities’ meeting: communiqué13/09/2021 09:10:00
The UK Information Commissioner’s Office (ICO) brought together data protection and privacy authorities from G7 countries, as well as guests from the Organisation for Economic Cooperation and Development (OECD) and the World Economic Forum (WEF), for a discussion this week on shared emerging challenges that need closer international collaboration.