Information governance for health practices
As you are no doubt aware, all NHS organisations are mandated by the Department of Health to carry out and publish an Information Governance assessment using the IG Toolkit by the 31 March of this year.
That time is fast approaching and Indelible Data, a Cumbrian based Information Security Consultancy located in Whitehaven and Carlisle, is offering a service to help practice managers and information governance officers implement the requirements.
The service includes a Certified Information System Security Professional (CISSP) visiting the practice to carry out an initial audit, report the findings and help to fill in any gaps that may be found, including:
- Checking the information governance policy and ensure that it addresses the overall requirements of information governance;
- Ensuring that all contracts (staff, contractor and third party) contain clauses that clearly identify information governance responsibilities;
- Appropriate training for all staff members on information governance requirements;
- Help write letters of assurance to find if all person identifiable data processed outside of the UK complies with the Data Protection Act 1998 and Department of Health guidelines;
- Help assemble confidentiality code of conduct that provides staff with clear guidance on the disclosure of personal information;
- Independently check that enforcement processes are in place to ensure NHS national application Smartcard users comply with the terms and conditions of use;
- Advise and help to assemble an information asset register that includes all key information, software, hardware and services;
- Independently review the physical security of the building to ensure that unauthorised access to the premises, equipment, records and other assets is prevented;
- Audit the use of mobile computing systems ensure their correct operation and to prevent unauthorised access and advise on best practice;
- Advise and help to write plans and procedures to support business continuity in the event of power failures, system failures, natural disasters and other disruptions;
- Assemble incident management and reporting procedures and train staff in security awareness;
- Audit and help complete any gaps to ensure that are appropriate procedures in place to manage access to computer-based information systems;
- Help ensure that all transfers of hardcopy and digital personal and sensitive information have been identified, mapped and risk assessed; technical and organisational measures adequately secure these transfers
As can be seen, there is a lot to get done, but our trained staff would work with you and aim to complete many of the difficult and specialist tasks within a day – with the option of a follow up visit to ensure that the smaller, outstanding action points (if any), have been completed by the practice.
There are two ways that our services may be obtained:
- An ad-hoc daily rate of £300+VAT or
- Joining the Quality Guild whereby all the above points are covered, but in addition:
- Free Legal Advice from Burnetts Solicitors
- A manual will be agreed by both parties at which point the QG ISS logo will be able to be used on letterheads and websites to give customers and regulators confidence.
- A certificate of conformance will be issued to show that an Information Security Management System (ISMS) is in place to help comply with regulations.
- A CISSP will audit the documented system on an annual basis
Quality Guild can be contacted on: 01228 631 681 or info@qgbiz.co.uk