2 Responses

1. Methods for or Importance of?
   I’m not too sure I understand the rationale of the question. Usually, the methods for maintaining security of any sensitive electronic data are prescribed by the organisation who ‘owns’ them. The common problem is instilling into those responsible for processing them the importance of following the procedure.

   Whether it’s a written protocol, a security policy or training assistance, I may be able to assist.

   Please tell more.

2. More information for Robert Edwards
   Hello Robert, this is in preparation for a 2-hour core lecture to nursing students. My aim is to give them an overview of the strategies used in the NHS to maintain confidentiality and security of electronic health records. It will include compliance with UK data protection legislation, common law duty in respect of confidentiality, compliance with NHS/Department of Health policies and local Trust policies. It will include the standard precautions in relation to all stages of patients’ health data management from data input to retrieval including usernames and passwords, access permissions, data encryption, anti-virus precautions, firewalls, back-ups et cetera. Non-compliance with local procedures is also relevant – writing one’s username and password on a Post-it note and sticking it on the monitor, leaving the workstation with confidential data still visible on the monitor, and printing out patients’ records and leaving them in a non-secure environment, are examples of serious non-compliance that I am aware of.

   I do have an NHS background but now work in higher education. Previous attempts to use people with expertise in this area have not been very successful, but in any case this one is down to me. I am expected to acquire the relevant information and to deliver it appropriately. I will be using PowerPoint.

   If you require more information or you are willing to help me please contact me via [email protected]