Monday, June 3, 2013

NHS To Come Under Data Protection Spotlight, Warns Business Consultants


NHS trusts will come under the spotlight as Data Protection regulations undergo significant changes in order to protect sensitive patient information, Shropshire business consultants have warned.
Mark Harris and Jason Perry, of The Business Company.
Mark Harris and Jason Perry, of The Business Company.
Private companies are subject to compulsory ICO audits under the Data Protection Act unlike the NHS where data audits are currently only consensual.
Consultants from The Business Company, near Shrewsbury, said that could soon change following a consultation paper which could see them move to the Clinical Commissioning Group model.
Mark Harris, managing director of the consultancy firm, said: “The Information Commissioner can come in and audit a private company for data protection and check they have the correct framework and sufficient controls in place at any time.
“However, this is not the case with the NHS. As a public body the ICO can only request an audit, often these requests are made as a result of patient complaints or data protection breaches meaning this type of audit request is more about remediation activity rather than the more desired preventative approach seen with compulsory audits.
“The NHS historically does not have a great track record in terms of Data Protection compliance.
“Couple this with the fact the NHS is now going through some of the most radical changes in its history which will see unprecedented volumes of patient data being transferred, then it is clear that the ICO see the NHS as a major risk in terms of compliance.”
Jason Perry, a partner at The Business Company, who specialises in data protection frameworks, said the Caldicott Guardians and Heads of Information and Governance within NHS trusts and newly formed Clinical Commissioning Groups would need to provide assurance to their Boards and to the public that they are meeting these compliance challenges head on.
He said it was particularly important as most of the reporting and internal audit conducted within the trusts were freely available on their websites for public consumption
“If the they do not have appropriate controls and procedures in place they could be fined significant sums of money – we have seen a recent case where the trust was fined £329,000.
“When you also consider that these newly formed groups will be selecting services not only based on cost but compliance there could be an even higher price to pay,” Mr Perry added.
Mr Harris said other care professionals such as care homes, dental practices and GP practices, would also come under the spotlight in the potential change of regulation and should “get ahead of the curve”.
“This is under consultation until the end of May and then every NHS service could be in the spotlight.
“As a regulatory compliance organisation, we believe it is always better to confront compliance head on rather than wait for the ICO to conduct an audit and publish the findings by which time it could be too late,” he said.
“We will be offering a virtual compliance programme to the NHS sector to ensure they have assurance in meeting the regulations.
“We will be working with a number of other professional partners in Shropshire and the West Midlands to ensure that data held by NHS services is fully protected.
“This could have a huge impact on the NHS across the UK and we will be working alongside them to ensure it has minimal impact and cost.”

No comments:

Post a Comment