Ten percent of NHS trusts on amber alert for....

13 July 2010, 8:24am

Ten percent of NHS trusts on amber alert for information security

Despite the Information Commissioner’s Office (ICO) imposing tougher fines on organisations that fail to protect patient data, Hytec estimates that around 10% of NHS trusts in England are on ‘amber alert’. This means that they have scored 40 - 69% when completing the Information Governance Statement of Compliance (IG SoC) approved assessment.

IG SoC is the process that all organisations have to complete in order to access Connecting for Health (CfH) services, including the N3 network and Spine. The steps in the IG SoC process set out a range of security related requirements which must be satisfied in order for an organisation to secure the N3 network and its information assets.

Since 2007 the NHS has been responsible for almost a third (over 300 incidents) of all data security breaches reported to the ICO. In April, the ICO was granted the power to impose fines of up to £500,000 for organisations that fail to protect data. Yet despite this deterrent, some health trusts are still failing to achieve satisfactory IG SoC assessment ratings.

Director of Information Security at Hytec, Alan Hunt commented: “Data security is the responsibility of everyone involved in an organisation. Some of the most common security breaches are due to lost or stolen data on portable devices, and human error when disclosing sensitive information. Most mistakes can be overcome through staff training and use of appropriate technology such as encryption.”

“To still have some trusts on amber is concerning as it means that they do not have all of the processes in place to secure patient data,” said Mr Hunt. “Our IG SoC Gap Analysis Service helps trusts ensure they are compliant with the legislation and that they continue to follow best practice. The announcement of this service is timely given that all organisations must now submit their assessments for the latest version of the Information Governance Toolkit (Version 8), by 31st March 2011.”

Version 8 of the Toolkit, announced last week, is regarded as being more rigorous than its predecessors in that there are now only two grades of assessment: SATISFACTORY (coloured green) where level 2 has been achieved on all requirements, and NOT SATISFACTORY (coloured red) where level 2 has not been achieved on all requirements.

Hytec’s IG SoC Gap Analysis Service is carried out by a Senior Information Assurance Consultant and helps trusts to identify and bridge the gap between where they are currently and where they need to be. The service is tailored to the size and type of organisation and identifies areas that a trust or organisation needs to address in order to fulfil their IG SoC responsibilities.

Mr Hunt continued: “As well as completing the IG SoC assessment, trusts have a multitude of legislation that they have to adhere to. They are also facing increasing pressure to reduce costs and drive efficiency savings. So for trusts that want to go one step further, we offer an Infrastructure Review Service to assess the security, stability, scalability and compliance of their ICT networks.”

In addition to ensuring a trust is IG SoC compliant, Hytec’s Infrastructure Review Service checks that its network adheres to the latest best practice and governance whilst benchmarking it against NIMM (NHS Information Maturity Model). Furthermore, it establishes whether a network is secure for PID, looks for potential improvements for flexible and mobile working and helps determine areas for potential cost savings.

www.hytec.co.uk

GeoConnexion UK