PRZOOM - /newswire/ -
Eynsham, Near Oxford, United Kingdom, 2010/07/12 - Despite the Information Commissioner’s Office (ICO) imposing tougher fines on organisations that fail to protect patient data, Hytec estimates that around 10% of NHS trusts in England are on ‘amber alert’.
This means that they have scored 40 - 69% when completing the Information Governance Statement of Compliance (IG SoC) approved assessment.
IG SoC is the process that all organisations have to complete in order to access Connecting for Health (CfH) services, including the N3 network and Spine. The steps in the IG SoC process set out a range of security related requirements which must be satisfied in order for an organisation to secure the N3 network and its information assets.
Since 2007 the NHS has been responsible for almost a third (over 300 incidents) of all data security breaches reported to the ICO. In April, the ICO was granted the power to impose fines of up to £500,000 for organisations that fail to protect data. Yet despite this deterrent, some health trusts are still failing to achieve satisfactory IG SoC assessment ratings.
Director of Information Security at Hytec, Alan Hunt commented: “Data security is the responsibility of everyone involved in an organisation. Some of the most common security breaches are due to lost or stolen data on portable devices, and human error when disclosing sensitive information. Most mistakes can be overcome through staff training and use of appropriate technology such as encryption.”
“To still have some trusts on amber is concerning as it means that they do not have all of the processes in place to secure patient data,” said Mr Hunt. “Our IG SoC Gap Analysis Service helps trusts ensure they are compliant with the legislation and that they continue to follow best practice. The announcement of this service is timely given that all organisations must now submit their assessments for the latest version of the Information Governance Toolkit (Version 8), by 31st March 2011.”
Version 8 of the Toolkit, announced last week, is regarded as being more rigorous than its predecessors in that there are now only two grades of assessment: SATISFACTORY (coloured green) where level 2 has been achieved on all requirements, and NOT SATISFACTORY (coloured red) where level 2 has not been achieved on all requirements.
Hytec’s IG SoC Gap Analysis Service is carried out by a Senior Information Assurance Consultant and helps trusts to identify and bridge the gap between where they are currently and where they need to be. The service is tailored to the size and type of organisation and identifies areas that a trust or organisation needs to address in order to fulfil their IG SoC responsibilities.
Mr Hunt continued: “As well as completing the IG SoC assessment, trusts have a multitude of legislation that they have to adhere to. They are also facing increasing pressure to reduce costs and drive efficiency savings. So for trusts that want to go one step further, we offer an Infrastructure Review Service to assess the security, stability, scalability and compliance of their ICT networks.”
In addition to ensuring a trust is IG SoC compliant, Hytec’s Infrastructure Review Service checks that its network adheres to the latest best practice and governance whilst benchmarking it against NIMM (NHS Information Maturity Model). Furthermore, it establishes whether a network is secure for PID, looks for potential improvements for flexible and mobile working and helps determine areas for potential cost savings.
About Alan Hunt
Alan is Director of Information Security for Hytec, part of OLM Group. Having spent 28 years in the IT industry, he has been involved in many high profile projects, particularly in the government sector where 'joined-up government' provides significant benefits, but is a major information security challenge.
Alan is an accredited CLAS consultant (CESG Listed Advisor Scheme), and is an acknowledged expert in information security policies, ISO27001 and Codes of Connection. An advisor to Capital Ambition, the London Public Service Network, Alan has also worked with a number of NHS Trusts and currently acts as technical lead on CfH demonstrator and early adopter projects.
Prior to joining Hytec, he was co-founder and Technical Director of Danetre Business Systems. Alan is married and lives in Rugby - he has a keen interest in aviation and is an avid follower of grand prix racing.
Hytec (hytec.co.uk) is the technology and infrastructure specialist arm of OLM Group. It creates technology environments that help NHS trusts improve their processes, become more efficient, productive and ultimately transform services.
Specialising in information security, infrastructure management, systems integration and mobile applications, Hytec works with health trusts in the design, implementation and operation of IT infrastructures and application platforms that support good information governance, data sharing and flexible working.
Recognised by CfH, Hytec’s accreditations include ISO 27001 (information security management) and ISO 9001 (quality management). It is a Microsoft Gold Partner, a TigerScheme company, member of the BSI Consultant Programme and Socitm member.