INFORMATION GOVERNANCE ESSENTIALS JILLIAN NEILSON NHS AA DPO

Information Governance Roles IT Security Team

The Rules. . Professional Codes of Practice Confidentiality Caldicott Principles Common Law Duty of

The Principles Lawfulness, Fairness & Transparency Purpose Limitation Data Minimisation Accuracy Storage Limitation Integrity

Confidentiality • • • Don’t be NOSEY “Need to Know” Principle No unauthorised disclosures

Physical Security • Keep confidential information held on any format secure at all times.

Technical Security Use complex passwords Never share your password or write it down Don’t

Protect yourself , the organisation and your patients

Creating memorable, strong passwords • Think of a sentence that you can remember such

Email Consider: • Is there are legitimate need to share the information? • Could

What about Whats. App ? Secure ? Purpose? Professional ? Patient info = NO

acebook & Twitter For work purposes: • Be clear about the purpose • Obviously

There’s this great new App. . Contact your IG or IT Security Team

Keep yourself RIGHT Be vigilant Know the rules Know who to ask

Slides: 14

Download presentation

INFORMATION GOVERNANCE ESSENTIALS JILLIAN NEILSON NHS A&A DPO CHAIR OF NHSSCOTLAND INFORMATION GOVERNANCE FORUM

Information Governance Roles IT Security Team

The Rules. . Professional Codes of Practice Confidentiality Caldicott Principles Common Law Duty of Confidentiality

The Principles Lawfulness, Fairness & Transparency Purpose Limitation Data Minimisation Accuracy Storage Limitation Integrity & Confidentiality Accountability

Confidentiality • • • Don’t be NOSEY “Need to Know” Principle No unauthorised disclosures Role-based Access to IT Systems Audit trails on IT Systems

Physical Security • Keep confidential information held on any format secure at all times. • Always practice a clear desk routine. • Use the minimum amount of identifiable information • Letters properly addressed & packaged • Verbal communication – check identity & not overheard • Secure disposal Apply Common Sense !

Technical Security Use complex passwords Never share your password or write it down Don’t use the same password for everything Do not leave your PC logged on and unattended • Secure email • Encryption, Secure disposal Be aware, be vigilant • •

Protect yourself , the organisation and your patients

Creating memorable, strong passwords • Think of a sentence that you can remember such as "My son Aiden is 3 years old. " • Take the first letter of each word of the sentence Using the example above, you'd get: "msai 3 yo. ". • Add complexity by mixing uppercase and lowercase letters, and additional punctuation or substitute special characters. For example: – Ms. Ai 3 yo! – My$on. Aiden. Is 3 – MSAI 3 yo…

Email Consider: • Is there are legitimate need to share the information? • Could you anonymise the information? • Have you sent the minimum amount of information? • Have you got the correct email address? • Is it considered secure to email that email address? • Are you using a distribution list ? • Does everyone on that list need to receive the email? • Is the distribution list up-to-date? • Avoid bulk transfers of personal data – there may be a more secure alternative to email

What about Whats. App ? Secure ? Purpose? Professional ? Patient info = NO NO Not approved Other alternatives?

acebook & Twitter For work purposes: • Be clear about the purpose • Obviously never post any patient identifiable data • Keep it professional at all times • Adequate resources to manage • Actively manage the content • Keep your log-in credentials secure Personal use: • Keep your personal life and professional life separate • Should not discuss your work on facebook • Do not post any photos of yourself at work • Be careful who you choose to “friend” • Don’t “dis” your boss or colleagues on facebook – NOT A GOOD IDEA! • Apply common sense !

There’s this great new App. . Contact your IG or IT Security Team

Keep yourself RIGHT Be vigilant Know the rules Know who to ask