SlideShare a Scribd company logo

Things you need to know about info governance to sell healthtech products into the NHS

3
3GDR

London Tech Week presentation by Chris Alderson, Partner, Hempsons.

Technology
1 of 28
for more information visit us at - www.hempsons.co.uk Things you need to know about information governance to sell healthtech products into the NHS 16 June 2017 Chris Alderson, Partner
NHS as a market for healthtech products • Very large economy - NHS in England alone budget of £101.3 billion in 2015/16 • Still always looking for savings • Technology is seen as key to deliver savings – not just in ‘back office’ functions but also in developing and delivering better care pathways • Fewer hospital admissions, lower healthcare costs
NHS as a market for developers of healthtech products • Increasing convergence of electronic systems • Unique identifier (NHS number) for all NHS patients – 54.3 million plus individuals in England alone • Enables linkage of information from records between hospital and primary care
Information governance considerations - Data Protection Act 1998 • Schedule 1 condition: processing necessary for the purposes of legitimate interests pursued by data controller or third party to whom data are disclosed, except where unwarranted by reason of prejudice to rights and freedoms or legitimate interests of data subjects • Schedule 3 condition: processing necessary for medical purposes and undertaken by health professional or someone owing equivalent duty of confidentiality. Medical purposes includes medical research and management of healthcare services
Information Governance considerations DPA continued • Section 33 • Processing data for research not to be treated as using data for purpose incompatible with the purpose for which it was collected, and exempt from subject access rules provided • not processed to support decisions relating to the individuals • data not processed in way that substantial damage or distress caused to any data subject
So, what is the problem?
DPA – First data protection principle • Data must be processed fairly and lawfully • Imports common law duty of confidence • Limits what can be done with data to that which is in accordance with public information about uses of data
Caldicott Principles • Principle 1 - Justify the purpose(s) for using confidential information Every proposed use or transfer of personal confidential data within or from an organisation should be clearly defined, scrutinised and documented, with continuing uses regularly reviewed, by an appropriate guardian. • Principle 2 - Don't use personal confidential data unless it is absolutely necessary Personal confidential data items should not be included unless it is essential for the specified purpose(s) of that flow. The need for patients to be identified should be considered at each stage of satisfying the purpose(s).
Caldicott Principles continued • Principle 3 - Use the minimum necessary personal confidential data Where use of personal confidential data is considered to be essential, the inclusion of each individual item of data should be considered and justified so that the minimum amount of personal confidential data is transferred or accessible as is necessary for a given function to be carried out. • Principle 4 - Access to personal confidential data should be on a strict need- to-know basis Only those individuals who need access to personal confidential data should have access to it, and they should only have access to the data items that they need to see. This may mean introducing access controls or splitting data flows where one data flow is used for several purposes.
Caldicott Principles continued • Principle 5 - Everyone with access to personal confidential data should be aware of their responsibilities Action should be taken to ensure that those handling personal confidential data - both clinical and non-clinical staff - are made fully aware of their responsibilities and obligations to respect patient confidentiality. • Principle 6 - Comply with the law Every use of personal confidential data must be lawful. Someone in each organisation handling personal confidential data should be responsible for ensuring that the organisation complies with legal requirements.
Caldicott Principles continued (From April 2013 following ‘Caldicott 2’ Report) • Principle 7 - The duty to share information can be as important as the duty to protect patient confidentiality Health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by these principles. They should be supported by the policies of their employers, regulators and professional bodies • Introduces concept of Caldicott Guardian – role within NHS organisations tasked with expertise in decisions regarding usage of patient data and decisions to share – usually Medical Director
Confidentiality: NHS Code of Practice • www.gov.uk/government/publications/confidentiality-nhs-code-of-practice • Main source of rules governing how patient data may be used in the NHS • Builds on Caldicott principles • Key message – data that relates to identifiable patients can only be used and shared by those in the direct care team and only to the extent that the information is necessary for the purpose of delivering that care
Confidentiality: NHS Code of Practice continued • Emphasis on their being no surprises in how information is to be used • Model for sharing data amongst direct care team is that patient has been informed about how their data will be used and shared and has not disagreed – implied consent • Note importance of link to direct delivery of care
Confidentiality: NHS Code of Practice continued • What is not covered by this implied consent • Usage of patient identifiable data for administrative purposes – for example invoice validation by commissioners • To researchers • To app developers • BBC News 16 05 17 “Google DeepMind patient app legality questioned” “[The national Data Guardian] questioned the use of ‘implied consent’ as the legal basis for the transfer of identifiable patient records, because the data was initially used just to test the app.”
How then, do you develop health apps • Anonymisation/pseudonymisation at source • Anonymisation if never a need to re-identify patients • Pseudonymisation if may be a need to link back outcomes of apps to individuals • Granularity of data • Risk of accidental/intentional re-identification of data if detailed information can be combined with other data sets. • If data can be re-identified in this way, has not been anonymised and so usage of data restricted • Avoid with the use of controlled environment for usage of detailed anonymised data
Other means of using personal confidential data • Patient consent • Express informed consent of patient • Suitable for research such as clinical trials • Not suitable for use of large quantities of data as would be needed for algorithm development • Section 251 NHS Act 2006 • Confidentiality Advisory Group of Health Research Authority will recommend authorisation of use of personal confidential data on case specific basis if no way of progressing a valuable project without it
Processing data overseas (including use of cloud) • Many NHS standard contracts will specify that data cannot be stored outside England/UK/EEA • Not a requirement imposed by law, as such transfers of data lawful provided permitted means under DPA utilised • Reflection of risk-averse nature of NHS economy • Product easier to sell to NHS if data transfers overseas limited • Bear in mind if data are being processed with the intention that will be accessed remotely overseas this is still an export of data
Security • Major issue for NHS market • Expect to have to explain level of security in some detail • Back up with disciplinary policies – intentional breach of confidence in NHS will lead to dismissal • Be open to audit or arrange audit with reputable external auditor whose reports will be shared • Patient level data will need to have high level of security assurance
Role of NHS IG Toolkit • Every NHS organisation has to meet information governance standards set out in the IG Toolkit in order to be allowed access to NHS secure network • For example, in relation to arrangements with third parties, must have policies addressing: • The types of third party that the organisation is likely to contract with; • The types of information that each category of third party is likely to require access to; • How monitoring of the third party’s compliance with the information governance controls will be carried out;
IG Toolkit continued • The business continuity measures that will need to be in place within both the organisation and the third party to ensure continued performance of the contract; • Training for the contracts staff in the organisation to ensure they have knowledge of the controls to be built into third party contracts; • Training for staff who work for the third party to ensure they are aware of information governance requirements; what they can and can’t do and who they should contact if things go wrong. • How information incidents will be reported and managed; • The type of information governance controls to be documented in the third party contract. • This is just one of the criteria required
Freedom of Information Act 2000 • All NHS bodies are public authorities under the FoIA and so requests can be made for any information they hold • Must greater transparency in contracts than in private sector • Expect information about your work to be put into public domain • Are exemptions, but beneficiaries of public funds must expect transparency as a result • Generally only ‘core’ sensitive information is protected
Changes coming • GDPR – impact on all aspects on the use of personal data • Requirements to demonstrate consent tightened • Regulatory framework strengthened – fines of up to €20 million or 4% of global turnover for breach • However impact on use of data in NHS likely to be limited as NHS rules already considerably beyond DPA requirements
Changes coming • Legislative change following ‘Caldicott 3’ • Right to ‘opt out’ secondary uses of patient data (but note – no opt out for the use of anonymised data) • Introduction of criminal offence of combining anonymised data with other sources so as to render data identifiable
Getting it wrong • ICO penalty notice HCA International Limited (23 February 2017) • Unencrypted transfer of recordings of IVF clinics for transcriptions to country outside EEA • Transcripts put on unsecured server and discoverable via internet search • No security checks or specifications in contract • Penalty of £200,000
How to develop your app • Make sure your team are aware of the IG framework used by the NHS at the outset • There is no use in your team developing functionality that is not based on a permissible use of NHS data • Speak to the NHS – while there is no one body that represents NHS organisations (so no contract will ever be with ‘the NHS’) there are specialists in this field – in particular NHS Digital
How to develop your app continued • NHS Digital keen to support products that likely to develop savings for NHS • Online resources - http://developer.nhs.uk/ • Further reading • Confidentiality: NHS Code of Practice • GMC – Confidentiality: good practice in handling patient information • ‘Caldicott 3’ – National Data Guardian for Health and Care Review Data Security, Consent and Opt-Outs • Information Governance Alliance
Any Questions?
Chris Alderson Partner T: 0161 234 2448 E: c.alderson@hempsons.co.uk

Recommended

The Health Information Governance Framework
The Health Information Governance FrameworkThe Health Information Governance Framework
The Health Information Governance FrameworkHealth Informatics New Zealand
 
"The value of a European approach to mHealth in cancer Unleashing the mHealth...
"The value of a European approach to mHealth in cancer Unleashing the mHealth..."The value of a European approach to mHealth in cancer Unleashing the mHealth...
"The value of a European approach to mHealth in cancer Unleashing the mHealth...3GDR
 
Annual environment and health conference 2018 fionnuala donohue hse epa data ...
Annual environment and health conference 2018 fionnuala donohue hse epa data ...Annual environment and health conference 2018 fionnuala donohue hse epa data ...
Annual environment and health conference 2018 fionnuala donohue hse epa data ...Environmental Protection Agency, Ireland
 
Protection of patient data in EU vs. US
Protection of patient data in EU vs. USProtection of patient data in EU vs. US
Protection of patient data in EU vs. USErik R. Ranschaert, MD, PhD
 
'Connected healthcare - connected to legality?'
'Connected healthcare - connected to legality?''Connected healthcare - connected to legality?'
'Connected healthcare - connected to legality?'Lucy Woods
 
Janice Abraham and Paul Allen: Risk Stratification, 30 June 2014
Janice Abraham and Paul Allen: Risk Stratification, 30 June 2014Janice Abraham and Paul Allen: Risk Stratification, 30 June 2014
Janice Abraham and Paul Allen: Risk Stratification, 30 June 2014Nuffield Trust
 
The Future of the Modern Workplace Event 2019 - Data Security and Protection
The Future of the Modern Workplace Event 2019 - Data Security and ProtectionThe Future of the Modern Workplace Event 2019 - Data Security and Protection
The Future of the Modern Workplace Event 2019 - Data Security and ProtectionAtlas_Cloud
 
Secondary use of health and social data
Secondary use of health and social dataSecondary use of health and social data
Secondary use of health and social dataSosiaali- ja terveysministeriö / yleiset
 

Recommended

The Health Information Governance Framework
The Health Information Governance FrameworkThe Health Information Governance Framework
The Health Information Governance FrameworkHealth Informatics New Zealand
 
"The value of a European approach to mHealth in cancer Unleashing the mHealth...
"The value of a European approach to mHealth in cancer Unleashing the mHealth..."The value of a European approach to mHealth in cancer Unleashing the mHealth...
"The value of a European approach to mHealth in cancer Unleashing the mHealth...3GDR
 
Annual environment and health conference 2018 fionnuala donohue hse epa data ...
Annual environment and health conference 2018 fionnuala donohue hse epa data ...Annual environment and health conference 2018 fionnuala donohue hse epa data ...
Annual environment and health conference 2018 fionnuala donohue hse epa data ...Environmental Protection Agency, Ireland
 
Protection of patient data in EU vs. US
Protection of patient data in EU vs. USProtection of patient data in EU vs. US
Protection of patient data in EU vs. USErik R. Ranschaert, MD, PhD
 
'Connected healthcare - connected to legality?'
'Connected healthcare - connected to legality?''Connected healthcare - connected to legality?'
'Connected healthcare - connected to legality?'Lucy Woods
 
Janice Abraham and Paul Allen: Risk Stratification, 30 June 2014
Janice Abraham and Paul Allen: Risk Stratification, 30 June 2014Janice Abraham and Paul Allen: Risk Stratification, 30 June 2014
Janice Abraham and Paul Allen: Risk Stratification, 30 June 2014Nuffield Trust
 
The Future of the Modern Workplace Event 2019 - Data Security and Protection
The Future of the Modern Workplace Event 2019 - Data Security and ProtectionThe Future of the Modern Workplace Event 2019 - Data Security and Protection
The Future of the Modern Workplace Event 2019 - Data Security and ProtectionAtlas_Cloud
 
Secondary use of health and social data
Secondary use of health and social dataSecondary use of health and social data
Secondary use of health and social dataSosiaali- ja terveysministeriö / yleiset
 
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationThe U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationCognizant
 
MMA roadshow m health summit europe
MMA roadshow m health summit europeMMA roadshow m health summit europe
MMA roadshow m health summit europeErik Vollebregt
 
ISACA Journal Data Protection Act (UK) and GAPP Alignment
ISACA Journal Data Protection Act (UK) and GAPP AlignmentISACA Journal Data Protection Act (UK) and GAPP Alignment
ISACA Journal Data Protection Act (UK) and GAPP AlignmentMohammed J. Khan
 
Ppt
PptPpt
PptGareth Badrian
 
Secondary use of health and social data
Secondary use of health and social data Secondary use of health and social data
Secondary use of health and social data Sosiaali- ja terveysministeriö / yleiset
 
Gpit workshops regional heads dt - gp it approved accessable
Gpit workshops regional heads dt - gp it approved accessableGpit workshops regional heads dt - gp it approved accessable
Gpit workshops regional heads dt - gp it approved accessableNHS England
 
Information governance
Information governanceInformation governance
Information governanceGerardo Medina
 
Pdpa presentation
Pdpa presentationPdpa presentation
Pdpa presentationAlan Teh
 
Christopher Fincken
Christopher FinckenChristopher Fincken
Christopher FinckenLucia Garcia
 
BDE SC1 Workshop 3 - iASiS (Guillermo Palma)
BDE SC1 Workshop 3 - iASiS (Guillermo Palma)BDE SC1 Workshop 3 - iASiS (Guillermo Palma)
BDE SC1 Workshop 3 - iASiS (Guillermo Palma)BigData_Europe
 
digital_health_2020_overview
digital_health_2020_overviewdigital_health_2020_overview
digital_health_2020_overviewWill Reedy
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy Amiit Keshav Naik
 
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17Michael Adamberry
 
Patient data privacy and E-Health Policy – Sri Lanka
Patient data privacy and E-Health Policy – Sri LankaPatient data privacy and E-Health Policy – Sri Lanka
Patient data privacy and E-Health Policy – Sri LankaDilshan Ranasinghe
 
BDE SC1 Workshop 3 - MIDAS (Michaela Black)
BDE SC1 Workshop 3 - MIDAS (Michaela Black)BDE SC1 Workshop 3 - MIDAS (Michaela Black)
BDE SC1 Workshop 3 - MIDAS (Michaela Black)BigData_Europe
 
Anne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for ResearchersAnne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for Researcherskclcompbio
 
Sustainability of HIEs under CyberSecurity
Sustainability of HIEs under CyberSecuritySustainability of HIEs under CyberSecurity
Sustainability of HIEs under CyberSecurityWilliam Buddy Gillespie ITIL Certified
 
Big Data Analytics government healthcare
Big Data Analytics government healthcareBig Data Analytics government healthcare
Big Data Analytics government healthcareData Science Thailand
 
Mha 690 discussion 2 Seynabou
Mha 690 discussion 2 SeynabouMha 690 discussion 2 Seynabou
Mha 690 discussion 2 SeynabouSeynaboundiaye
 
Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)29535814851
 
Data Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient InformationData Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient InformationClinosolIndia
 
Governance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy HawkesGovernance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy Hawkeshealthcareisi
 

More Related Content

What's hot

The U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationThe U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationCognizant
 
MMA roadshow m health summit europe
MMA roadshow m health summit europeMMA roadshow m health summit europe
MMA roadshow m health summit europeErik Vollebregt
 
ISACA Journal Data Protection Act (UK) and GAPP Alignment
ISACA Journal Data Protection Act (UK) and GAPP AlignmentISACA Journal Data Protection Act (UK) and GAPP Alignment
ISACA Journal Data Protection Act (UK) and GAPP AlignmentMohammed J. Khan
 
Gpit workshops regional heads dt - gp it approved accessable
Gpit workshops regional heads dt - gp it approved accessableGpit workshops regional heads dt - gp it approved accessable
Gpit workshops regional heads dt - gp it approved accessableNHS England
 
Information governance
Information governanceInformation governance
Information governanceGerardo Medina
 
Pdpa presentation
Pdpa presentationPdpa presentation
Pdpa presentationAlan Teh
 
Christopher Fincken
Christopher FinckenChristopher Fincken
Christopher FinckenLucia Garcia
 
BDE SC1 Workshop 3 - iASiS (Guillermo Palma)
BDE SC1 Workshop 3 - iASiS (Guillermo Palma)BDE SC1 Workshop 3 - iASiS (Guillermo Palma)
BDE SC1 Workshop 3 - iASiS (Guillermo Palma)BigData_Europe
 
digital_health_2020_overview
digital_health_2020_overviewdigital_health_2020_overview
digital_health_2020_overviewWill Reedy
 
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17Michael Adamberry
 
Patient data privacy and E-Health Policy – Sri Lanka
Patient data privacy and E-Health Policy – Sri LankaPatient data privacy and E-Health Policy – Sri Lanka
Patient data privacy and E-Health Policy – Sri LankaDilshan Ranasinghe
 
BDE SC1 Workshop 3 - MIDAS (Michaela Black)
BDE SC1 Workshop 3 - MIDAS (Michaela Black)BDE SC1 Workshop 3 - MIDAS (Michaela Black)
BDE SC1 Workshop 3 - MIDAS (Michaela Black)BigData_Europe
 
Anne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for ResearchersAnne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for Researcherskclcompbio
 
Big Data Analytics government healthcare
Big Data Analytics government healthcareBig Data Analytics government healthcare
Big Data Analytics government healthcareData Science Thailand
 
Mha 690 discussion 2 Seynabou
Mha 690 discussion 2 SeynabouMha 690 discussion 2 Seynabou
Mha 690 discussion 2 SeynabouSeynaboundiaye
 
Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)29535814851
 

What's hot (20)

The U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationThe U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
 
MMA roadshow m health summit europe
MMA roadshow m health summit europeMMA roadshow m health summit europe
MMA roadshow m health summit europe
 
ISACA Journal Data Protection Act (UK) and GAPP Alignment
ISACA Journal Data Protection Act (UK) and GAPP AlignmentISACA Journal Data Protection Act (UK) and GAPP Alignment
ISACA Journal Data Protection Act (UK) and GAPP Alignment
 
Ppt
PptPpt
Ppt
 
Secondary use of health and social data
Secondary use of health and social data Secondary use of health and social data
Secondary use of health and social data
 
Gpit workshops regional heads dt - gp it approved accessable
Gpit workshops regional heads dt - gp it approved accessableGpit workshops regional heads dt - gp it approved accessable
Gpit workshops regional heads dt - gp it approved accessable
 
Information governance
Information governanceInformation governance
Information governance
 
Pdpa presentation
Pdpa presentationPdpa presentation
Pdpa presentation
 
Christopher Fincken
Christopher FinckenChristopher Fincken
Christopher Fincken
 
BDE SC1 Workshop 3 - iASiS (Guillermo Palma)
BDE SC1 Workshop 3 - iASiS (Guillermo Palma)BDE SC1 Workshop 3 - iASiS (Guillermo Palma)
BDE SC1 Workshop 3 - iASiS (Guillermo Palma)
 
digital_health_2020_overview
digital_health_2020_overviewdigital_health_2020_overview
digital_health_2020_overview
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy
 
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
 
Patient data privacy and E-Health Policy – Sri Lanka
Patient data privacy and E-Health Policy – Sri LankaPatient data privacy and E-Health Policy – Sri Lanka
Patient data privacy and E-Health Policy – Sri Lanka
 
BDE SC1 Workshop 3 - MIDAS (Michaela Black)
BDE SC1 Workshop 3 - MIDAS (Michaela Black)BDE SC1 Workshop 3 - MIDAS (Michaela Black)
BDE SC1 Workshop 3 - MIDAS (Michaela Black)
 
Anne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for ResearchersAnne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for Researchers
 
Sustainability of HIEs under CyberSecurity
Sustainability of HIEs under CyberSecuritySustainability of HIEs under CyberSecurity
Sustainability of HIEs under CyberSecurity
 
Big Data Analytics government healthcare
Big Data Analytics government healthcareBig Data Analytics government healthcare
Big Data Analytics government healthcare
 
Mha 690 discussion 2 Seynabou
Mha 690 discussion 2 SeynabouMha 690 discussion 2 Seynabou
Mha 690 discussion 2 Seynabou
 
Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2
 

Similar to Things you need to know about info governance to sell healthtech products into the NHS

Data Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient InformationData Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient InformationClinosolIndia
 
Governance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy HawkesGovernance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy Hawkeshealthcareisi
 
Key marketing impacts of the GDPR - Rosemary Smith, Director, Opt-4
Key marketing impacts of the GDPR - Rosemary Smith, Director, Opt-4Key marketing impacts of the GDPR - Rosemary Smith, Director, Opt-4
Key marketing impacts of the GDPR - Rosemary Smith, Director, Opt-4Adestra
 
Data Protection & Data Security in Clinical Trials
Data Protection & Data Security in Clinical TrialsData Protection & Data Security in Clinical Trials
Data Protection & Data Security in Clinical TrialsClinosolIndia
 
Information governance considerations in developing healthcare applications
Information governance considerations in developing healthcare applicationsInformation governance considerations in developing healthcare applications
Information governance considerations in developing healthcare applicationsHANDI HEALTH
 
Ethical Considerations for Healthcare Analytics Data Disposal.pdf
Ethical Considerations for Healthcare Analytics Data Disposal.pdfEthical Considerations for Healthcare Analytics Data Disposal.pdf
Ethical Considerations for Healthcare Analytics Data Disposal.pdfAlex860662
 
Members evening - data protection
Members evening - data protectionMembers evening - data protection
Members evening - data protectionMRS
 
Health Data Sharing Scene Setting
Health Data Sharing Scene Setting Health Data Sharing Scene Setting
Health Data Sharing Scene Setting ipposi
 
Public sector breakfast club, October 2016, Exeter
Public sector breakfast club, October 2016, ExeterPublic sector breakfast club, October 2016, Exeter
Public sector breakfast club, October 2016, ExeterBrowne Jacobson LLP
 
Health Insurance Portability & Accountability Act (HIPAA)
Health Insurance Portability & Accountability Act (HIPAA)Health Insurance Portability & Accountability Act (HIPAA)
Health Insurance Portability & Accountability Act (HIPAA)Arpitha Aarushi
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsHarrison Clark Rickerbys
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsWSO2
 
Review of historic IG cases - Shelley Brown
Review of historic IG cases - Shelley BrownReview of historic IG cases - Shelley Brown
Review of historic IG cases - Shelley BrownHealth Innovation Wessex
 
Introduction to data protection
Introduction to data protectionIntroduction to data protection
Introduction to data protectionRachel Aldighieri
 
Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006Kimberly Verska
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...Harrison Clark Rickerbys
 

Similar to Things you need to know about info governance to sell healthtech products into the NHS (20)

Data Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient InformationData Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient Information
 
Governance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy HawkesGovernance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy Hawkes
 
HSCIC's Professor Martin Severs previewing the HSCIC's forthcoming 'New Code ...
HSCIC's Professor Martin Severs previewing the HSCIC's forthcoming 'New Code ...HSCIC's Professor Martin Severs previewing the HSCIC's forthcoming 'New Code ...
HSCIC's Professor Martin Severs previewing the HSCIC's forthcoming 'New Code ...
 
Barbara Bierer, "Clinical Trial Data Sharing"
Barbara Bierer, "Clinical Trial Data Sharing"Barbara Bierer, "Clinical Trial Data Sharing"
Barbara Bierer, "Clinical Trial Data Sharing"
 
Key marketing impacts of the GDPR - Rosemary Smith, Director, Opt-4
Key marketing impacts of the GDPR - Rosemary Smith, Director, Opt-4Key marketing impacts of the GDPR - Rosemary Smith, Director, Opt-4
Key marketing impacts of the GDPR - Rosemary Smith, Director, Opt-4
 
Data Protection & Data Security in Clinical Trials
Data Protection & Data Security in Clinical TrialsData Protection & Data Security in Clinical Trials
Data Protection & Data Security in Clinical Trials
 
Information governance considerations in developing healthcare applications
Information governance considerations in developing healthcare applicationsInformation governance considerations in developing healthcare applications
Information governance considerations in developing healthcare applications
 
Ethical Considerations for Healthcare Analytics Data Disposal.pdf
Ethical Considerations for Healthcare Analytics Data Disposal.pdfEthical Considerations for Healthcare Analytics Data Disposal.pdf
Ethical Considerations for Healthcare Analytics Data Disposal.pdf
 
Health data - Is it safe?
Health data - Is it safe?Health data - Is it safe?
Health data - Is it safe?
 
Members evening - data protection
Members evening - data protectionMembers evening - data protection
Members evening - data protection
 
Health Data Sharing Scene Setting
Health Data Sharing Scene Setting Health Data Sharing Scene Setting
Health Data Sharing Scene Setting
 
Public sector breakfast club, October 2016, Exeter
Public sector breakfast club, October 2016, ExeterPublic sector breakfast club, October 2016, Exeter
Public sector breakfast club, October 2016, Exeter
 
Health tech slides 12 june 2019
Health tech slides 12 june 2019Health tech slides 12 june 2019
Health tech slides 12 june 2019
 
Health Insurance Portability & Accountability Act (HIPAA)
Health Insurance Portability & Accountability Act (HIPAA)Health Insurance Portability & Accountability Act (HIPAA)
Health Insurance Portability & Accountability Act (HIPAA)
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity Architects
 
Review of historic IG cases - Shelley Brown
Review of historic IG cases - Shelley BrownReview of historic IG cases - Shelley Brown
Review of historic IG cases - Shelley Brown
 
Introduction to data protection
Introduction to data protectionIntroduction to data protection
Introduction to data protection
 
Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
 

More from 3GDR

HorseTech Conference Cheltenham 15/16 March 2022
HorseTech Conference Cheltenham 15/16 March 2022HorseTech Conference Cheltenham 15/16 March 2022
HorseTech Conference Cheltenham 15/16 March 20223GDR
 
DOCTORS AND SOCIAL MEDIA webinar (delivered by Liz Price, MDDUS senior risk a...
DOCTORS AND SOCIAL MEDIA webinar (delivered by Liz Price, MDDUS senior risk a...DOCTORS AND SOCIAL MEDIA webinar (delivered by Liz Price, MDDUS senior risk a...
DOCTORS AND SOCIAL MEDIA webinar (delivered by Liz Price, MDDUS senior risk a...3GDR
 
How would the Born Mobile redesign Medicine and the future role of the Doctor.
How would the Born Mobile redesign Medicine and the future role of the Doctor.How would the Born Mobile redesign Medicine and the future role of the Doctor.
How would the Born Mobile redesign Medicine and the future role of the Doctor.3GDR
 
Royal Pharmaceutical Society UCL School of Pharmacy New Year Lecture 2019
Royal Pharmaceutical Society UCL School of Pharmacy New Year Lecture 2019Royal Pharmaceutical Society UCL School of Pharmacy New Year Lecture 2019
Royal Pharmaceutical Society UCL School of Pharmacy New Year Lecture 20193GDR
 
Royal Pharmaceutical Society UCL School of Pharmacy New Year Lecture 2019
Royal Pharmaceutical Society UCL School of Pharmacy New Year Lecture 2019Royal Pharmaceutical Society UCL School of Pharmacy New Year Lecture 2019
Royal Pharmaceutical Society UCL School of Pharmacy New Year Lecture 20193GDR
 
Mobile Health: the enable of Empowered Patients
Mobile Health: the enable of Empowered PatientsMobile Health: the enable of Empowered Patients
Mobile Health: the enable of Empowered Patients3GDR
 
Mobile Health: the enable of Empowered Patients
Mobile Health: the enable of Empowered PatientsMobile Health: the enable of Empowered Patients
Mobile Health: the enable of Empowered Patients3GDR
 
The Future Role of the Doctor
The Future Role of the DoctorThe Future Role of the Doctor
The Future Role of the Doctor3GDR
 
How would the Born Mobile redesign Medicine
How would the Born Mobile redesign MedicineHow would the Born Mobile redesign Medicine
How would the Born Mobile redesign Medicine3GDR
 
Introduction to gdpr
Introduction to gdprIntroduction to gdpr
Introduction to gdpr3GDR
 
Irish HSE EHR strategic business case master briefing deck v1.4
Irish HSE EHR strategic business case master briefing deck v1.4Irish HSE EHR strategic business case master briefing deck v1.4
Irish HSE EHR strategic business case master briefing deck v1.43GDR
 
Alan Connor, eHealth Ireland
Alan Connor, eHealth IrelandAlan Connor, eHealth Ireland
Alan Connor, eHealth Ireland3GDR
 
Can mobiles save lives by Dr Line Kleinebreil (WHO Consultant)
Can mobiles save lives by Dr Line Kleinebreil (WHO Consultant)Can mobiles save lives by Dr Line Kleinebreil (WHO Consultant)
Can mobiles save lives by Dr Line Kleinebreil (WHO Consultant)3GDR
 
Request for Expressions of Interest: The EU mHealth Hub (17 August 2017)
Request for Expressions of Interest: The EU mHealth Hub (17 August 2017)Request for Expressions of Interest: The EU mHealth Hub (17 August 2017)
Request for Expressions of Interest: The EU mHealth Hub (17 August 2017)3GDR
 
5G World: Better Networks for Better Healthcare
5G World: Better Networks for Better Healthcare 5G World: Better Networks for Better Healthcare
5G World: Better Networks for Better Healthcare 3GDR
 
Notes on a talk on “Pricing and evaluating Orphan Drugs – present and future”...
Notes on a talk on “Pricing and evaluating Orphan Drugs – present and future”...Notes on a talk on “Pricing and evaluating Orphan Drugs – present and future”...
Notes on a talk on “Pricing and evaluating Orphan Drugs – present and future”...3GDR
 
Digital Health a call for Government Leadership and cooperation between ICT a...
Digital Health a call for Government Leadership and cooperation between ICT a...Digital Health a call for Government Leadership and cooperation between ICT a...
Digital Health a call for Government Leadership and cooperation between ICT a...3GDR
 
The importance of post-marketing registries for payers and regulators to mana...
The importance of post-marketing registries for payers and regulators to mana...The importance of post-marketing registries for payers and regulators to mana...
The importance of post-marketing registries for payers and regulators to mana...3GDR
 
Deriving more value from real world evidence to ensure timely access of medic...
Deriving more value from real world evidence to ensure timely access of medic...Deriving more value from real world evidence to ensure timely access of medic...
Deriving more value from real world evidence to ensure timely access of medic...3GDR
 
Early evidence development for new products - planning for reimbursement success
Early evidence development for new products - planning for reimbursement successEarly evidence development for new products - planning for reimbursement success
Early evidence development for new products - planning for reimbursement success3GDR
 

More from 3GDR (20)

HorseTech Conference Cheltenham 15/16 March 2022
HorseTech Conference Cheltenham 15/16 March 2022HorseTech Conference Cheltenham 15/16 March 2022
HorseTech Conference Cheltenham 15/16 March 2022
 
DOCTORS AND SOCIAL MEDIA webinar (delivered by Liz Price, MDDUS senior risk a...
DOCTORS AND SOCIAL MEDIA webinar (delivered by Liz Price, MDDUS senior risk a...DOCTORS AND SOCIAL MEDIA webinar (delivered by Liz Price, MDDUS senior risk a...
DOCTORS AND SOCIAL MEDIA webinar (delivered by Liz Price, MDDUS senior risk a...
 
How would the Born Mobile redesign Medicine and the future role of the Doctor.
How would the Born Mobile redesign Medicine and the future role of the Doctor.How would the Born Mobile redesign Medicine and the future role of the Doctor.
How would the Born Mobile redesign Medicine and the future role of the Doctor.
 
Royal Pharmaceutical Society UCL School of Pharmacy New Year Lecture 2019
Royal Pharmaceutical Society UCL School of Pharmacy New Year Lecture 2019Royal Pharmaceutical Society UCL School of Pharmacy New Year Lecture 2019
Royal Pharmaceutical Society UCL School of Pharmacy New Year Lecture 2019
 
Royal Pharmaceutical Society UCL School of Pharmacy New Year Lecture 2019
Royal Pharmaceutical Society UCL School of Pharmacy New Year Lecture 2019Royal Pharmaceutical Society UCL School of Pharmacy New Year Lecture 2019
Royal Pharmaceutical Society UCL School of Pharmacy New Year Lecture 2019
 
Mobile Health: the enable of Empowered Patients
Mobile Health: the enable of Empowered PatientsMobile Health: the enable of Empowered Patients
Mobile Health: the enable of Empowered Patients
 
Mobile Health: the enable of Empowered Patients
Mobile Health: the enable of Empowered PatientsMobile Health: the enable of Empowered Patients
Mobile Health: the enable of Empowered Patients
 
The Future Role of the Doctor
The Future Role of the DoctorThe Future Role of the Doctor
The Future Role of the Doctor
 
How would the Born Mobile redesign Medicine
How would the Born Mobile redesign MedicineHow would the Born Mobile redesign Medicine
How would the Born Mobile redesign Medicine
 
Introduction to gdpr
Introduction to gdprIntroduction to gdpr
Introduction to gdpr
 
Irish HSE EHR strategic business case master briefing deck v1.4
Irish HSE EHR strategic business case master briefing deck v1.4Irish HSE EHR strategic business case master briefing deck v1.4
Irish HSE EHR strategic business case master briefing deck v1.4
 
Alan Connor, eHealth Ireland
Alan Connor, eHealth IrelandAlan Connor, eHealth Ireland
Alan Connor, eHealth Ireland
 
Can mobiles save lives by Dr Line Kleinebreil (WHO Consultant)
Can mobiles save lives by Dr Line Kleinebreil (WHO Consultant)Can mobiles save lives by Dr Line Kleinebreil (WHO Consultant)
Can mobiles save lives by Dr Line Kleinebreil (WHO Consultant)
 
Request for Expressions of Interest: The EU mHealth Hub (17 August 2017)
Request for Expressions of Interest: The EU mHealth Hub (17 August 2017)Request for Expressions of Interest: The EU mHealth Hub (17 August 2017)
Request for Expressions of Interest: The EU mHealth Hub (17 August 2017)
 
5G World: Better Networks for Better Healthcare
5G World: Better Networks for Better Healthcare 5G World: Better Networks for Better Healthcare
5G World: Better Networks for Better Healthcare
 
Notes on a talk on “Pricing and evaluating Orphan Drugs – present and future”...
Notes on a talk on “Pricing and evaluating Orphan Drugs – present and future”...Notes on a talk on “Pricing and evaluating Orphan Drugs – present and future”...
Notes on a talk on “Pricing and evaluating Orphan Drugs – present and future”...
 
Digital Health a call for Government Leadership and cooperation between ICT a...
Digital Health a call for Government Leadership and cooperation between ICT a...Digital Health a call for Government Leadership and cooperation between ICT a...
Digital Health a call for Government Leadership and cooperation between ICT a...
 
The importance of post-marketing registries for payers and regulators to mana...
The importance of post-marketing registries for payers and regulators to mana...The importance of post-marketing registries for payers and regulators to mana...
The importance of post-marketing registries for payers and regulators to mana...
 
Deriving more value from real world evidence to ensure timely access of medic...
Deriving more value from real world evidence to ensure timely access of medic...Deriving more value from real world evidence to ensure timely access of medic...
Deriving more value from real world evidence to ensure timely access of medic...
 
Early evidence development for new products - planning for reimbursement success
Early evidence development for new products - planning for reimbursement successEarly evidence development for new products - planning for reimbursement success
Early evidence development for new products - planning for reimbursement success
 

Recently uploaded

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Recently uploaded (20)

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 

Things you need to know about info governance to sell healthtech products into the NHS

  • 1. for more information visit us at - www.hempsons.co.uk Things you need to know about information governance to sell healthtech products into the NHS 16 June 2017 Chris Alderson, Partner
  • 2. NHS as a market for healthtech products • Very large economy - NHS in England alone budget of £101.3 billion in 2015/16 • Still always looking for savings • Technology is seen as key to deliver savings – not just in ‘back office’ functions but also in developing and delivering better care pathways • Fewer hospital admissions, lower healthcare costs
  • 3. NHS as a market for developers of healthtech products • Increasing convergence of electronic systems • Unique identifier (NHS number) for all NHS patients – 54.3 million plus individuals in England alone • Enables linkage of information from records between hospital and primary care
  • 4. Information governance considerations - Data Protection Act 1998 • Schedule 1 condition: processing necessary for the purposes of legitimate interests pursued by data controller or third party to whom data are disclosed, except where unwarranted by reason of prejudice to rights and freedoms or legitimate interests of data subjects • Schedule 3 condition: processing necessary for medical purposes and undertaken by health professional or someone owing equivalent duty of confidentiality. Medical purposes includes medical research and management of healthcare services
  • 5. Information Governance considerations DPA continued • Section 33 • Processing data for research not to be treated as using data for purpose incompatible with the purpose for which it was collected, and exempt from subject access rules provided • not processed to support decisions relating to the individuals • data not processed in way that substantial damage or distress caused to any data subject
  • 6. So, what is the problem?
  • 7. DPA – First data protection principle • Data must be processed fairly and lawfully • Imports common law duty of confidence • Limits what can be done with data to that which is in accordance with public information about uses of data
  • 8. Caldicott Principles • Principle 1 - Justify the purpose(s) for using confidential information Every proposed use or transfer of personal confidential data within or from an organisation should be clearly defined, scrutinised and documented, with continuing uses regularly reviewed, by an appropriate guardian. • Principle 2 - Don't use personal confidential data unless it is absolutely necessary Personal confidential data items should not be included unless it is essential for the specified purpose(s) of that flow. The need for patients to be identified should be considered at each stage of satisfying the purpose(s).
  • 9. Caldicott Principles continued • Principle 3 - Use the minimum necessary personal confidential data Where use of personal confidential data is considered to be essential, the inclusion of each individual item of data should be considered and justified so that the minimum amount of personal confidential data is transferred or accessible as is necessary for a given function to be carried out. • Principle 4 - Access to personal confidential data should be on a strict need- to-know basis Only those individuals who need access to personal confidential data should have access to it, and they should only have access to the data items that they need to see. This may mean introducing access controls or splitting data flows where one data flow is used for several purposes.
  • 10. Caldicott Principles continued • Principle 5 - Everyone with access to personal confidential data should be aware of their responsibilities Action should be taken to ensure that those handling personal confidential data - both clinical and non-clinical staff - are made fully aware of their responsibilities and obligations to respect patient confidentiality. • Principle 6 - Comply with the law Every use of personal confidential data must be lawful. Someone in each organisation handling personal confidential data should be responsible for ensuring that the organisation complies with legal requirements.
  • 11. Caldicott Principles continued (From April 2013 following ‘Caldicott 2’ Report) • Principle 7 - The duty to share information can be as important as the duty to protect patient confidentiality Health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by these principles. They should be supported by the policies of their employers, regulators and professional bodies • Introduces concept of Caldicott Guardian – role within NHS organisations tasked with expertise in decisions regarding usage of patient data and decisions to share – usually Medical Director
  • 12. Confidentiality: NHS Code of Practice • www.gov.uk/government/publications/confidentiality-nhs-code-of-practice • Main source of rules governing how patient data may be used in the NHS • Builds on Caldicott principles • Key message – data that relates to identifiable patients can only be used and shared by those in the direct care team and only to the extent that the information is necessary for the purpose of delivering that care
  • 13. Confidentiality: NHS Code of Practice continued • Emphasis on their being no surprises in how information is to be used • Model for sharing data amongst direct care team is that patient has been informed about how their data will be used and shared and has not disagreed – implied consent • Note importance of link to direct delivery of care
  • 14. Confidentiality: NHS Code of Practice continued • What is not covered by this implied consent • Usage of patient identifiable data for administrative purposes – for example invoice validation by commissioners • To researchers • To app developers • BBC News 16 05 17 “Google DeepMind patient app legality questioned” “[The national Data Guardian] questioned the use of ‘implied consent’ as the legal basis for the transfer of identifiable patient records, because the data was initially used just to test the app.”
  • 15. How then, do you develop health apps • Anonymisation/pseudonymisation at source • Anonymisation if never a need to re-identify patients • Pseudonymisation if may be a need to link back outcomes of apps to individuals • Granularity of data • Risk of accidental/intentional re-identification of data if detailed information can be combined with other data sets. • If data can be re-identified in this way, has not been anonymised and so usage of data restricted • Avoid with the use of controlled environment for usage of detailed anonymised data
  • 16. Other means of using personal confidential data • Patient consent • Express informed consent of patient • Suitable for research such as clinical trials • Not suitable for use of large quantities of data as would be needed for algorithm development • Section 251 NHS Act 2006 • Confidentiality Advisory Group of Health Research Authority will recommend authorisation of use of personal confidential data on case specific basis if no way of progressing a valuable project without it
  • 17. Processing data overseas (including use of cloud) • Many NHS standard contracts will specify that data cannot be stored outside England/UK/EEA • Not a requirement imposed by law, as such transfers of data lawful provided permitted means under DPA utilised • Reflection of risk-averse nature of NHS economy • Product easier to sell to NHS if data transfers overseas limited • Bear in mind if data are being processed with the intention that will be accessed remotely overseas this is still an export of data
  • 18. Security • Major issue for NHS market • Expect to have to explain level of security in some detail • Back up with disciplinary policies – intentional breach of confidence in NHS will lead to dismissal • Be open to audit or arrange audit with reputable external auditor whose reports will be shared • Patient level data will need to have high level of security assurance
  • 19. Role of NHS IG Toolkit • Every NHS organisation has to meet information governance standards set out in the IG Toolkit in order to be allowed access to NHS secure network • For example, in relation to arrangements with third parties, must have policies addressing: • The types of third party that the organisation is likely to contract with; • The types of information that each category of third party is likely to require access to; • How monitoring of the third party’s compliance with the information governance controls will be carried out;
  • 20. IG Toolkit continued • The business continuity measures that will need to be in place within both the organisation and the third party to ensure continued performance of the contract; • Training for the contracts staff in the organisation to ensure they have knowledge of the controls to be built into third party contracts; • Training for staff who work for the third party to ensure they are aware of information governance requirements; what they can and can’t do and who they should contact if things go wrong. • How information incidents will be reported and managed; • The type of information governance controls to be documented in the third party contract. • This is just one of the criteria required
  • 21. Freedom of Information Act 2000 • All NHS bodies are public authorities under the FoIA and so requests can be made for any information they hold • Must greater transparency in contracts than in private sector • Expect information about your work to be put into public domain • Are exemptions, but beneficiaries of public funds must expect transparency as a result • Generally only ‘core’ sensitive information is protected
  • 22. Changes coming • GDPR – impact on all aspects on the use of personal data • Requirements to demonstrate consent tightened • Regulatory framework strengthened – fines of up to €20 million or 4% of global turnover for breach • However impact on use of data in NHS likely to be limited as NHS rules already considerably beyond DPA requirements
  • 23. Changes coming • Legislative change following ‘Caldicott 3’ • Right to ‘opt out’ secondary uses of patient data (but note – no opt out for the use of anonymised data) • Introduction of criminal offence of combining anonymised data with other sources so as to render data identifiable
  • 24. Getting it wrong • ICO penalty notice HCA International Limited (23 February 2017) • Unencrypted transfer of recordings of IVF clinics for transcriptions to country outside EEA • Transcripts put on unsecured server and discoverable via internet search • No security checks or specifications in contract • Penalty of £200,000
  • 25. How to develop your app • Make sure your team are aware of the IG framework used by the NHS at the outset • There is no use in your team developing functionality that is not based on a permissible use of NHS data • Speak to the NHS – while there is no one body that represents NHS organisations (so no contract will ever be with ‘the NHS’) there are specialists in this field – in particular NHS Digital
  • 26. How to develop your app continued • NHS Digital keen to support products that likely to develop savings for NHS • Online resources - http://developer.nhs.uk/ • Further reading • Confidentiality: NHS Code of Practice • GMC – Confidentiality: good practice in handling patient information • ‘Caldicott 3’ – National Data Guardian for Health and Care Review Data Security, Consent and Opt-Outs • Information Governance Alliance
  • 28. Chris Alderson Partner T: 0161 234 2448 E: c.alderson@hempsons.co.uk