Scribd
Upload
197 views12 pages

Information Governance Introduction For Induction

The document outlines the importance of Information Governance (IG) in ensuring the secure and legal processing of data within a hospice setting. It covers relevant laws, key roles, the impact on staff, and highlights the risks of cyber threats such as phishing and ransomware. Additionally, it provides guidance on reporting incidents and implementing best practices for data security.

Uploaded by

Fi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
197 views12 pages

Information Governance Introduction For Induction

The document outlines the importance of Information Governance (IG) in ensuring the secure and legal processing of data within a hospice setting. It covers relevant laws, key roles, the impact on staff, and highlights the risks of cyber threats such as phishing and ransomware. Additionally, it provides guidance on reporting incidents and implementing best practices for data security.

Uploaded by

Fi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 12

Information Governance

Data Security and Cyber Awareness

How you keep our data safe.


What this session covers:

1. What is Information Governance?

2. Applicable laws and guidance

3. Key roles at the Hospice

4. How does it affect you?

5. Social Engineering and Cyber Security

6. How to spot and report breaches, incidents and near misses

7. Quick Wins
What is ‘Information Governance’?

IG helps organisations and individuals to ensure that information is processed


legally, securely, efficiently, effectively and consistently to ensure the best possible
care.

• IG covers personal and organisation information.

• That could be name and address, bank details, medical history, confidential conversations.

• Rules to follow when information is processed.

• Each team may have specific processes – make sure you are familiar with them.

• Rules to follow to ensure the security of our premises, equipment and vehicles.

• How St Leonard’s keeps that data safe – wherever it is.


The Law and Good Practice

There are many laws and


regulations that protect
individuals' rights where data
collection, sharing and storage is
concerned:
Data Computer
Protection Act UK GDPR Misuse Act
1.Instruments of law that set out 2018 1990
the rules we must follow:

Common Law
Information
Duty of
2.Advisory bodies which detail Commissioner
Confidentialit
good practice on how to follow ’s Office
y
the rules:

NHS Digital Data


Hospice Policies
Security & and Procedures
3. In-house policies and NHS
Protection Toolkit
tools to test and assure
compliance:
Key Roles at the Hospice

Emma Bill Hulme David Millions


Johnson Caldicott Associates
SIRO Guardian DPO

Hospice Risk Group Hospice Governance


Meeting Committee
How does it affect me?

Accessing the building and offices where data is


stored.
Keeping
data safe

Sharing personal or confidential data internally or


externally. Security Emails

Access to databases and files.

Sharing
Receiving, sending and saving email
communications. Accessing
Systems
Cyber Awareness – Social Engineering

A manipulation technique that exploits human error to gain private information, access or
valuables

Phishing - emails disguised to look genuine but meant to trick the


user into giving away information or installing malicious software.

Malware – malicious software contained within links or attachments

Ransomware – designed to lock access to files unless a ransom is


paid.
Staying Safe Online

Strong Passwords Device Security


Phishing Attacks

• Combine 3 random Don’t ignore software


words Be careful what you share
updates
online
• Avoid predictable Lock devices when not in
passwords Check the sender address
use – use passwords / PINs
is genuine
/ touch or face ID
• Don’t reuse the same
password for multiple Look out for poor spelling,
Use official sites for
systems odd phrasing or tone, and
downloads – e.g. Microsoft
urgency
Store or Apple App Store
• Use multi-factor
authentication
Examples of IG incidents:

 Responding to a Phishing Email - engaging in a conversation with a ‘senior manager’ to buy


online gift cards.

 Confidential waste left next to a secure console.

 Viewing records of patients in non-related services.

 Too much access given to staff when accessing a database.

 Clicking a suspicious link and introducing Locky Ransomware to the network.


Identifying and Reporting

Mistakes do happen… it’s what we do next that matters.

What should I do?

1. Report concerns, issues or unintentional actions to your Line Manager straight away.

2. Record on our incident management system.

What happens next?

The concern or issue will be investigated, assessed and corrective actions put in place to mitigate any data
loss.

Recurring themes are discussed at Risk Watch to identify trends or if corrective actions have failed to work.
Quick Wins from this session:

Understan
Set up d specific
strong team
passwords procedures
Don’t
share or REPORT your
concerns
let another ASK!
user log in Be mindful
as you of how and
Get more
where you information
share from the IG
personal section on the
Lock device information Hospice Hub
when left SHARE your
unattended ideas
Use common
sense with
email links
and
attachments
IT System Access

• Set up strong passwords • LMS – Learning Management System


(WELD Team)
• Outlook – NHS.net - MFA
• Vantage – Incident Reporting
• Access your emails (H&S Team)

• Set up your hospice email signature • SMI – HR record


(HR Team)
• Locate and understand the purpose of
M and X drive • Sage PaySlips
(Payroll Team)
• Secure Print
• SystmOne – Electronic Patient Record
• Connect devices to hospice Wi-Fi (Clinical Team)

• Navigate our Hospice Hub • Donorflex – Supporter Relationship


database
(Fundraising Team)

You might also like