The Northern, Yorkshire & Humberside
NHS Directors of Informatics Forum
Information Governance Sub-Group
Yorkshire & Humber Area Strategic Information Governance Network (SIGN)
Lecture Room, Goole & District Hospital, Woodland Avenue, Goole, DN14 6RX
Minutes of the Meeting held on Friday 10 November 2017
Present:
Caroline Britten / CB / Leeds Community HealthcareAmy Cooper / AC / Sheffield Teaching Hospital
Sue Drury / SD / NHS Digital
Susan Hall / SH / Audit Yorkshire
Jo Higgins / JH / Harrogate and District Foundation Trust
Kay Hill / KH / Harrogate and District Foundation Trust
Barry Jackson / BJ / EMBED
Leon Kaplan / LK / DMBC
Steve Massen / SM / RDaSH
Sue Meakin / SMe / RDaSH (Chair)
Caroline Million / CM / Embed
Adam Mosley / AM / The Retreat, York
Andy Nutting / AN / Leeds City Council
Karen Robinson / KR / Humber NHS
Caroline Sampson / CS / Sheffield Children’s Hospital
Caroline Squires / CS / NHS Calderdale CCG (THIS)
Derek Stowe / DS / Rotherham Foundation Trust
Joanne Sturdy / JS / Sheffield Teaching Hospital
Mike Taylor / MT / Doncaster Clinical Commissioning Group
Lynne Trickett / LT / RDaSH (Minute Taker)
Roy Underwood / RU / Doncaster and Bassetlaw Teaching Hospitals FT
Peter Wilson / PW / Sheffield Teaching Hospital
John Wolstenholme / JW / Sheffield Health and Social Care
1. Apologies:
Jeremy Daws / JD / North Lincolnshire & GooleAndy Dawson / AD / North Lincolnshire and Goole
June Emptage / JE / Optum Support Service (Lincolnshire Council)
Michael Goodson / MG / NHS England
Narrisa Leyland / NL / NHS England
ACTION
2. / Minutes of the last meeting held on 13 October 2017 – Paper A
The minutes of the last meeting were agreed as a true record subject to the following amendments:
Sue Hill was in attendance at the meeting.
Page 1 - September was the last meeting, not July.
3. / Action Points – Paper B
The actions were closed or updated as required on the action log.
4. / GDPR
Draft Data Protection Bill
It was noted parliament is currently debating the age of a child at the moment and a discussion took place on the length this may take to conclude.
DS and PW spoke of amalgamating the Data Protection Bill and the GDPR and there being no guidance around how to take this forward. RU spoke of this Group creating a policy for this and asked how helpful this might be; this was agreed as a good idea and interested parties are to contact RU.
It was noted some attendees are attending the GDPR certificate course in two weeks’ time. A discussion took place on the value of this.
The Article 29 Working Party guidance has still not been published.
Legal Basis
Discussions took place around moving away from legal consent and common law duty of confidentiality causing problems with this. DS spoke of consent and how this works in his organisation and gave an example of HR using HR law to store staff information as opposed to consent. SM asked if using a legal basis and consent which would prevail? It was agreed law would prevail, PW stated under GDPR consent is law and there cannot be two conflicting laws. The words, ‘I agree to be bound by…’ would make this a legal statement. RU spoke again of the policy the group can create and including a narrative around this in it.
Consent
It was noted consent to treatment is different to information governance consent and BJ spoke of the right to erasure which applies if consent is given and the possibility of getting this request from the public. A number of members reported that they were looking at the legal aspect of these types of requests at the moment. The group agreed a lot of questions cannot be answered until the Bill comes out, DS stated organisations could be doing a lot of work now which may look different in February. SMe spoke of RDaSH moving to SystmOne and sharing data with consent built into the system. BJ stated many SMEs have not yet begun to plan for the GDPR.
Next meeting Children and Data Breaches will be discussed. / ALL
5. / Regional/National Event Updates
Several colleagues are attending the GDPR 5 day course in Leeds from Monday 20 November.
The IGA conference takes place on 28 November at the Kia Oval in London. Attendance at this was discussed.
CB spoke of registering for a place on the ICO Data Protection Conference in 2018.
6. / IG Education/Personal Development Updates
Covered under Item 4.
7. / Information Governance Toolkit
It was noted the version 15 of the Information Governance Toolkit will be known as the Data Security and Protection Toolkit.
DS asked if the two sites will continue to run or will they transfer over the functionality to the Data Security and Protection Toolkit? SMe will take this to the SIGNS Chairs meeting on Monday 13 November as there is no answer to this as yet.
A discussion took place around Audit requesting to look at the toolkit early next year in some organisations. / SMe
8. / Confidentiality, Data Protection and Freedom of Information
Guidance on Police Powers
This document was circulated with the meeting papers for information as was taken as read.
9. / Data and IT / Information Security
Migrating the Dispatch of Discharge Summaries to the Regional Exchange
RU and PW spoke of the central exchange unit and how will information go? It was noted this will be data mapped and there is a working together project. The package will enable e-discharge with central discharge areas at one point which will go to GPs. RU is attending a meeting around this which not all attendees of the meeting were aware of; it was agreed to continue discussions around this outside of this meeting with those who are involved.
Mobile Phone Usage by Patients in Meetings or on Wards
RU reported on an email received from a matron regarding a patient recording a conversation between them and then playing it back to other areas. A discussion took place around the potential editing of a recording and the implications of this should it happen. DS suggested if staff have any concerns around a patient altering a recording of a conversation they too can record the consultation and equipment will be provided should it be required. SMe stated there have been issues with patients on long stay mental health wards at RDaSH around the use of mobile phones.
2017/18 Data Security and Protection Requirements
This document was circulated with the papers for this meeting and CS raised a sentence in the document relating to General Practices complying with the requirements.
A discussion regarding the definition of a Data Protection Officer (DPO) under the GDPR with the GDPR not yet in force took place. PW stated the GDPR states the DPO must be sufficiently resourced and is a legal requirement.
A checklist for this is to be provided by NHS Digital, which has not yet been received yet.
10. / Any Other Business
PW raised data security and the Barclays email scam where senior staff opened the scam email despite receiving the email which told all staff not to open.
SMe will circulate the revised Terms of Reference for this meeting to all attendees which will then be discussed further at the December meeting.
AN – correspondence re IS gateway. Invite to meeting in Sheffield received by some attendees but not all who started on the pilot had received them. The Gateway will go live on 1 February, and from this date organisations will enter new ISAs on the system. SIROs will be required to sign up to register. A paper has gone to YH Part management board, annual subscription for regional IT projects, discussed at 5 December, if okay will be funded. CM asked re CCGs being involved. 17 January next meeting, re super users. Try and agreed standards, glossary and terms. AN will feedback and enquire why not all organisations have been included.
AN raised the Internet of Things in smart cities which is an Active Age project. Local Authorities are using this in social care so as to monitor vulnerable people. A project is being undertaken with Samsung across Leeds where people on a scale of frailty can sign up to be monitored. Leeds City Council is creating the information governance around this and is developing an IG framework. PW reported on 6 remote patient systems running at the moment in Sheffield, which is an NHSE approach. It was noted this is designed to help stop re-admittance. PW will look into getting an overview of the Sheffield project and will send to AN.
CB raised IG training and queried which organisations are using the NHSD data security training; a shoe of hands demonstrated most organisations are using this, including the CCGs. It was noted this training is statutory or organisations must deliver comparable training which is audited. SMe reported RDaSH have seen a reduction in the e-learning of this now it is more in-depth and a rise in face to face training.
No other business was discussed and the meeting closed at 14:53. / PW
Date and Time of Next Meeting
Friday 8 December 2017, 1:00pm – 4:00pm, Lecture Room, Goole Hospital, Woodland Avenue, Goole, DN14 6RX.
Page 5 of 5