Data protection and cyber security elearning for care workers
Date: Tuesday 12 December 2023
As a registered nurse, I’ve previously worked across a range of health and care settings, so I have the clinical knowledge and local experience to help guide me on big projects such as the GP proxy access programme.
Patients have been able to use online services for booking appointments, ordering medication, and viewing information held in their GP patient record since 2005. Sometimes authorised care staff are granted access to elements of online GP records on behalf of patients so that they can, for example, order repeat medication for them online. This is called ‘proxy access’. It is typically used by the parents of young children and recognised carers of adults who need support to get the best care.
There are, however, security and confidentiality risks that need to be considered from a patient, GP, and care home point of view before any level of proxy access is set up. It is essential that resident/patient privacy is respected and protected.
Often staff are worried about not understanding the rules when it comes to data sharing, so they simply don’t share for fear of getting it wrong – I’ve experienced this in my previous nurse manager roles. Fears come from a place of concern, with niggling questions such as do I need consent? Can I share this information? Am I doing it properly?
To get over these fears, individual staff need to understand the rules around information sharing and have clear data sharing agreements and processes in place. But ultimately it comes down to building confidence in partnerships at an organisational level: ‘winning hearts and minds’ with teams and frontline managers across health and care settings that need to work together as a team.
All the work I do is based on having quality conversations, building trust and relationships, so that everybody across the health and care system benefits. My mantra has always been:
Beyond this, I have been working closely with NHS England and Improvement and our information governance colleagues at NHSX to develop templates for data protection impact assessment (DPIA), consent forms and simplified care data sharing agreement (DSA) to cover off GDPR, helping to make IG processes as simple and straightforward as possible – breaking down the barriers that often exist through complexities.
To give individual staff confidence, they need a clear understanding of the rules and where to go for clear, simple information sharing guidance. I really welcome the NHSX IG one-stop shop. Managers should encourage their staff to use this online resource, but also invite them to ask those niggling questions to help relieve concerns. It is only by tackling the ‘IG elephant’ head on that we can tackle one of the biggest barriers to more joined up care for the people who need it most.
Note from Digital Social Care: The NHSX IG portal has social care specific guidance. We have worked with NHSX to avoid duplication and have social care resources available in our latest guidance section.
We provide free support to adult social care providers with completing the Data Security and Protection Toolkit which is a pre-requisite for proxy access. You can find out more details about this support offer under our Better Security, Better Care programme.