Clinical Information Systems – Access & Audit – 7.03 SECTION: 7 – CONFIDENTIALITY AND INFORMATION GOVERNANCE PROCEDURE: 7.03 NATURE AND SCOPE: POLICY & PROCEDURE - TRUST WIDE SUBJECT: CLINICAL INFORMATION SYSTEMS – ACCESS & AUDIT This policy and procedure aims to provide an effective and robust framework for safeguarding Patient information contained within RiO. DATE OF LATEST RATIFICATION: APRIL 2015 RATIFIED BY: STRATEGIC INFORMATION GOVERNANCE GROUP REIVEW DATE: APRIL 2018 IMPLEMENTATION DATE: MAY 2015 ASSOCIATED TRUST POLICIES AND PROCEDURES: ISSUE 2 – MAY 2015 Information Sharing Between Professionals, Service Users and Carers Policy - 4.01 Information Systems Security Policy & Procedure - 7.01 Safe and Secure Handling of Confidential Information - 7.04 Information Life Cycle - 7.05 Clinical Records Management Policy & Procedure- 7.06 Operation of a Registration Authority Policy - 7.07 Information Services Data Quality Policy - 7.08 Access to Information Policy – 7.09 Information Technology Acceptable Use Policy & Procedure7.10 Digital Investigations Policies & Procedures- 7.12 Information Governance -7.15 Information Risk - 7.16 Clinical Information Systems – Access & Audit – 7.03 NOTTINGHAMSHIRE HEALTHCARE NHS FOUNDATION TRUST U CLINICAL INFORMATION SYSTEMS - ACCESS & AUDIT U CONTENTS 1.0 Introduction 2.0 Policy/Procedure Principles 3.0 Definitions 4.0 Duties 5.0 Clinical Information System User Responsibilities 6.0 Conditions of Access to Clinical Information Systems 7.0 Sponsorship 8.0 Training 9.0 User Roles and Levels of Access 10.0 Legitimate Relationships and Patient confidentiality 11.0 Systems Administration 12.0 Auditing Access to Patient Information 13.0 Live and Anonymous Information Held for Testing 14.0 Live Information Held for Archiving and Back-Up 15.0 Implementation 16.0 Target Audience 17.0 Review Date 18.0 Consultation 19.0 Relevant Trust Policies 20.0 Monitoring Compliance 21.0 Equality Impact Assessment 22.0 Legislation Compliance 23.0 Champion and Expert Writer 24.0 References/Source Documents Appendix 1 –Authorised Sponsors Appendix 2 – List of Staff who can Request Ad-Hoc or Unscheduled Access Audits Appendix 3 – Record of Changes Appendix 4 – Employee Record of Having Read the Policy/Procedure ISSUE 2 – MAY 2015 1 Clinical Information Systems – Access & Audit – 7.03 NOTTINGHAMSHIRE HEALTHCARE NHS FOUNDATION TRUST U 1.0 CLINICAL INFORMATION SYSTEMS - ACCESS & AUDIT POLICY & PROCEDURE U INTRODUCTION 1.1 The Trust has a legal obligation to comply with all appropriate legislation in respect of Data, Information, IT Security and Records Management. It also has a duty to comply with guidance issued by the Department of Health, other advisory groups to the NHS and guidance issued by professional bodies. 1.2 All legislation relevant to an individual’s right of confidentiality and the ways in which that can be achieved and maintained are paramount to the Trust. This relates to roles that are reliant upon both manual and computer systems. 1.3 This policy and procedure sets out how access to Clinical Information Systems along with appropriate audits measures will be managed in a way that enables the Trust to honour these obligations. 2.0 2.1 3.0 U POLICY/PROCEDURE PRINCIPLES This policy and procedure ensures appropriate safeguards and processes are in place, which in turn ensures Patient information is held securely, confidentially and that clinical and physical risks are reduced by the safe and appropriate availability of information. U DEFINITIONS 3.1 Clinical Information Systems are used by Nottinghamshire Healthcare and forms an important part of the Electronic Patient Record (EPR). 3.2 Clinical Information Systems within this document are classed as all electronic systems and/or databases containing Patient identifiable information in use within the Trust. 3.3 A Legitimate Relationship exists where it is appropriate for a system user to have access to the information of Patients whose care they are directly supporting. 3.4 A Self-Declared Relationship exists where a system user has a requirement to access Patient information not automatically included within a Legitimate Relationship. Clinical Information Systems require additional clarification and information accessed this way is subject to further audit controls. 3.5 There are various sponsors within the services / localities who “sponsor” the access to clinical Information systems to enable individuals to use and access systems. The sponsor is responsible to the legitimate relationships highlighted along with notifications of any changes which may impact on the access requirements. 3.6 HIS relates to the Health Informatics Service, a corporate department of Nottinghamshire Healthcare. 3.7 Systems Administration is the main team responsible for administering the Trust’s main Clinical Information Systems. Part of HIS. (see 3.6) ISSUE 2 – MAY 2015 2 Clinical Information Systems – Access & Audit – 7.03 4.0 U DUTIES 4.1 The Information Asset Owner/s (IAO) as agreed and identified on the Information Asset register have overall authority for access to relevant Clinical Information Systems and the access model/guideline employed to manage access to them. 4.2 The Information Asset Administrator/s (IAA) have operational responsibility for managing access to Clinical Information Systems and Reports in line with the access model/guidelines authorised by the IAO/’s. 4.3 The Clinical Information Systems Manager has overall responsibility and is responsible for defining and agreeing access requests in liaison with the IAO, that fall outside of the normal guidelines set out by the access model. 4.4 Sponsors are responsible for appropriate authorisation of system users and ensuring the details of those whom they have sponsored are up to date, appropriate and accurate. (See section 7 for further details). 5.0 U STAFF RESPONSIBILITIES 5.1 All professionals within health and social care and third parties working for or with the Trust are responsible for ensuring that, within their own practice they comply with the relevant professional standards as well as those standards defined locally and nationally. 5.2 In practice, staff are responsible for any records, which they create or use. This responsibility is established at, and defined by law. Furthermore as an employee of the NHS or working as part of a team within the NHS, any records which they create are deemed to be public records. 5.3 Everyone working for or with the NHS who records, handles, stores or otherwise comes across information has a personal duty under the Common Law Duty of Confidentiality. The Data Protection Act 1998 and the Access to Records Act 1990 places statutory restrictions on the use of personal information, including health information. 5.4 Individuals who have access to Clinical Information Systems have a responsibility to ensure that they inform either their original Sponsor or another authorised Sponsor of any changes to their circumstances, including, but not restricted to a change of: • • • • • • Name Team or Service Role On call provisions Termination of contract Access requirements (additional or removal of surplus information) 5.5 The Sponsor’s responsibilities are detailed in section 7.0 5.6 All Patient related information held within any Clinical Information System forms part of the Patient record. It is the system user’s responsibility to ensure the information held within the system is accurate and entered in a timely manner. 5.7 The following policies provide further information on Data Quality and Timeliness: • • Clinical Records Management Policy - 7.06 Information Services Data Quality Policy -7.08 ISSUE 2 – MAY 2015 3 Clinical Information Systems – Access & Audit – 7.03 6.0 U CONDITIONS OF ACCESS TO CLINICAL INFORMATION SYSTEMS 6.1 The Trust has a responsibility to maintain the highest levels of data protection and security and must therefore make sure access to any Clinical Information Systems is only available to appropriate users at all times. 6.2 Access to Clinical Information Systems shall only be granted where a system user: 6.3 6.2.1 Is employed by the Trust, a partner agency with an appropriate information sharing agreement or holds an honorary contract 6.2.2 Is Social Care Staff working within the Multi-Disciplinary Team 6.2.3 Is required as part of their role to access or maintain Patient information directly in support of care provided by the Trust 6.2.4 Has been trained or else signed off as a competent user by the Trust’s IT Trainers 6.2.5 Has been sponsored by an appropriate and approved Sponsor 6.2.6 Has signed appropriate forms for access to the Trust’s network and Clinical System, which confirms their agreement to comply with statutory, national and local policies Access to Clinical Information Systems may be restricted, suspended or revoked where system user: 6.3.1 Has failed to comply with section 6.2 6.3.2 Has not accessed the system for twelve consecutive weeks 6.3.3 Has changed their job role and requires additional training in accordance with section 8.0 6.3.4 Has failed, or is suspected of failing to follow best practice guidance in respect to the use of Clinical Information Systems 6.3.5 Has failed, or is suspected of failing to maintain accurate and up to date information within the system, in accordance with the Information Services Data Quality Policy (7.8) 6.3.6 Has breached, or is suspected of breaching Patient confidentiality, is the subject of a data protection/security investigation or has otherwise failed to maintain appropriate IT security 6.3.7 Has failed, or is suspected of failing to comply with section 10.0 in respect to Patient confidentiality 6.3.8 Has failed, or is suspected of failing to maintain the confidentiality of their user name and password for any Clinical Information System/s or other IT system 6.3.9 Is subject to any other form of investigation requiring the suspension of their access to Clinical Information System/s as authorised by a senior manager 6.3.10 Has in any other way misused, or is suspected of misusing Clinical Information System/s or any other IT systems provided by the Trust ISSUE 2 – MAY 2015 4 Clinical Information Systems – Access & Audit – 7.03 6.3.11 Will be taking 12 weeks or more from work i.e. maternity / paternity leave, extended sick leave, carers leave or career break 6.3.12 Has through their actions and/or communications led Health Informatics Service (HIS) staff to believe that further training and guidance is required to ensure the safe and accurate use of the system, pending further investigation and re-accreditation from the IT Trainers 7.0 7.1 U SPONSORSHIP All access to Clinical Information Systems shall require appropriate authorisation (sponsorship). Sponsors shall be responsible for: 7.1.1 Authorising user access for staff working within their team/service within which they have sufficient seniority to permit access to Trust Services (See Appendix 2) 7.1.2 Ensuring access and user roles are appropriate and Patient information is required directly in support of care provided by the Trust and otherwise meets the requirements set out in section 6 7.1.3 Ensuring Legitimate Relationships are appropriate and access to clinical areas (i.e. ward, team, clinic etc.) is allocated appropriately (See sections 9 & 10) 7.1.4 Ensuring access and user roles are relevant and up to date, informing the Systems Administration team of any changes to user details, their access or other information 7.1.5 Ensuring the Systems Administration team are informed if a system user changes role, or leaves 7.1.6 Ensuring that system users have the appropriate training for their role, informing the IT Trainers or Systems Administration team of any unmet training requirements / specific training needs 7.1.7 Immediately informing the Systems Administration team, or the Clinical Information Systems Manager of any breach of Patient confidentiality or any other condition of access to Patient information as set out in this policy and procedure 7.2 Sponsors are appointed and entrusted to act on behalf of the Trust’s Caldicott Guardian in determining access rights and maintaining the appropriateness of that access and will be held accountable by the Trust for their actions. 7.3 Sponsors will be required to apply to the Systems Administration team who will verify their appropriateness and limitations (i.e. their areas of clinical responsibility). 8.0 U TRAINING 8.1 The IT Trainers provide training and support by qualified trainers, who maintain appropriate training materials in line with current best practice. New user and refresher training is available for all aspects of Clinical Information Systems. 8.2 The IT Trainers can be contacted by email: [email protected] 8.3 Access to Clinical Information Systems shall only be granted to competent users who have received appropriate training to the satisfaction of the IT Trainers. 8.4 Where a system user changes role, it may be necessary for additional training to be provided by the IT Trainers before access to that system is amended or updated. 31TU ISSUE 2 – MAY 2015 5 U31T Clinical Information Systems – Access & Audit – 7.03 8.5 Following software upgrades and implementations of new functionality, it may be necessary for additional training to be provided by the IT Trainers prior to accessing the new functionality. 8.6 Cross organisation or ‘cascade’ training from colleagues is not permitted, expect by prior agreement with the IT Training Manager and the Clinical Information Systems Manager. 8.7 The IT Trainers also provide support and training for basic IT skills where required. 8.8 Information Governance Training must be undertaken as part of the Trust’s mandated training on an annual basis within each financial year to ensure staff are fully aware and compliant with confidentiality / security requirements. The training for IG found at https://www.igtt.hscic.gov.uk/igte/index.cfm?communityid=2 31TU 9.0 U U31T USER ROLES AND LEVELS OF ACCESS 9.1 The Trust seeks to maintain the highest levels of data protection, security and Patient confidentiality. In order to maintain Patient trust and to comply with legislation and best practice, access to Clinical Information Systems is restricted to that which is necessary to fulfil the system user’s job role. 9.2 Clinical Information Systems generally operate a ‘role-based’ access policy, which means access is granted in accordance to the job role of the system user. Where possible, systems will be configured with user roles in line with the national RBAC (Role Based Access Control) or PBAC (Position Based Access Control). It may be necessary for the access levels within each role to vary between clinical services in order to comply with local operating procedures and standards, however the principles of providing access to systems will be consistent Trust-wide. 9.3 In addition to the user role, each system user will be given automatic access to certain screens relating to Patients whose care they are directly associated. This is called “Legitimate Relationship” and is detailed in section 10. 9.4 It is the responsibility of the Systems Administration team to maintain the user roles and access controls and to ensure they remain relevant, consistent and that they continue to comply with current operating practice and guidance where this is not nationally set. Where a significant change is required to any one user role, or to the access level of any users or groups of users, they shall seek the approval and guidance of The Clinical Information Systems Manager. The IAO(s) shall have overall responsibility and authority for the user roles and access controls used within the systems, via the Strategic Information Governance Group. 10.0 10.1 U LEGITIMATE RELATIONSHIPS AND PATIENT CONFIDENTIALITY In addition to the user role, each system user shall be given automatic access to information relating to Patients whose care they are directly supporting. This is called “Legitimate Relationship”. An example of a Legitimate Relationship might be the requirement to access information of Patients within a ward, clinic, or who are allocated to a particular HCP’s caseload. A comprehensive audit is maintained of all information accessed within the Clinical Information Systems, but it is considered to be appropriate for that user to have access to information about Patients with whom they have a ‘Legitimate Relationship’. U 10.2 U It will be necessary for some system users to search for information for Patients with whom they have no Legitimate Relationship. This may be for administrative reasons, or where they need to provide care or support for Patients outside of their normal setting. It is important to retain this facility to reduce clinical risk, particularly in the community or within a hospital for ISSUE 2 – MAY 2015 6 Clinical Information Systems – Access & Audit – 7.03 staff operating an ‘on-call’ system. Where a Patient’s information has been accessed in this way, the system will require a reason for accessing that Patient’s information. This is called “Self-Declared Relationship”. A reason must be selected from the pick-list and a comment must be entered into the free-text box. Regular audits shall be made of the use of the Selfdeclared relationship facility. U U 10.3 It is important to remember that Patients are entitled to know who has access to their information, when and by whom their information has been viewed. The Clinical Information Systems maintain a comprehensive audit trail. 10.4 System users shall only access Patient information where it is necessary to support their job role. Accessing confidential information where there is no legitimate reason, or disclosing confidential information inappropriately is forbidden. Access audit information shall be available to senior managers and clinicians in order for them to protect the confidentiality of Patients in their care. Further information is detailed in section 12.0. 11.0 11.1 U SYSTEMS ADMINISTRATION The Systems Administration team shall be responsible for the day to day maintenance and where appropriate configuration, including user access. User access shall be managed within guidelines laid down by either this policy & procedure or national guidance. The Systems Administration Manager shall have responsibility for the management of all configuration and user access, where this is not controlled by Smartcard/Registration Authority. 11.2 In order to ensure access to information within Clinical Information Systems is maintained appropriately and remains secure, the Systems Administration and Systems Maintenance functions shall be restricted to the Systems Administration team. Exceptions to this rule shall only be made for official support arrangements, for instance the resetting of passwords or temporary access for essential maintenance and development. Where clinical systems are not managed by the systems admin team this will be undertaken by the authorised team. 11.3 The Systems Administration team shall require appropriate authorisation for any changes to user access and shall be required to keep evidence of such for audit purposes. Without appropriate authorisation, changes to user access shall not be completed, except for the suspension of access due to investigation, misuse of systems or leavers etc. (See section 7.) 12.0 U AUDITING ACCESS TO PATIENT INFORMATION 12.1 The Trust takes its obligation to Patient confidentiality seriously. In order to retain Patient confidence the Trust must demonstrate its commitment to keeping their information safe. The Trust must also give assurances of its compliance with statute, national and local operating standards. 12.2 The nature of the services provided by the Trust further enforce the need to tightly control and audit access to the information of its Patients. 12.3 All Clinical System users should be aware that their activity may be audited at any time and may also be used to provide evidence to support investigations into suspected or actual breaches in Patient confidentiality, data security, fraud and corruption, or the physical security requirements of low, medium or high secure facilities. 12.4 Access to Patient information shall only be granted in support of a user’s job role and shall be limited to information required to carry out their specific duties. Where the clinical Information system does not automatically grant access to information via a Legitimate Relationship, the system may require the user to provide a reason for accessing that ISSUE 2 – MAY 2015 7 Clinical Information Systems – Access & Audit – 7.03 information. A reason must be selected from the pick-list if appropriate and a comment must be entered into the free-text box. More information regarding Legitimate Relationships is included in section 10. 12.5 For the purposes of access audits, the Systems Administration team shall be taken to mean staff members working within and in support of the Systems Administration team. 12.6 Unscheduled access audits shall be completed upon request from an appropriate member of staff in confidence by the Systems Administration team. See Appendix 3 for a list of appropriate staff. Requests for unscheduled audits should be made directly to the Systems Administration Manager, or the Clinical Information Systems Manager. 12.7 The Systems Administration team shall audit the use of Self-declared Relationships quarterly. Significant misuse of this facility (including insufficient explanation for access) shall be reported to the Clinical Information Systems Manager. The records of each audit shall be recorded and retained as per national guidance. 12.8 The Systems Administration team shall audit the use of Self-declared Relationships for any individual user or groups of users at the request of an appropriate manager. The request and results of each audit shall be recorded. 12.9 Service/General Managers, Clinical Directors and appropriate senior staff shall have access to online reports that detail individual or summary audit information for Patients or HCPs within their area. 12.10 Audits of access to high profile or vulnerable Patients will be monitored on a regular basis and reports provided to appropriate managers. 13.0 U LIVE AND ANONYMOUS INFORMATION HELD FOR TESTING 13.1 All training shall take place on training instances that have been anonymised, where demographic details are scrambled and assessment information and clinical/progress notes have been removed completely. 13.2 All development testing shall take place on testing instances that have been anonymised, where demographic details are scrambled and assessment information and clinical/progress notes have been removed completely. 13.3 Copies of the live databases (containing real Patient information) shall be retained solely for testing updates to resolve problems with real data. Access to these databases will be strictly controlled and audited. 13.4 Where external suppliers and contractors are required to access live Patient information away from a Trust site, access shall be granted on a case by case basis and will be monitored and audited. Access will only be allowed via an N3 connection, in compliance with the confidentiality agreements between the supplier, the Trust and Health & Social Care Information Centre, including the Information Governance Statement of Compliance (IGSoC) required to establish the N3 connection. Access to computers connected via N3 must be in a secure and unobserved “safe haven”. 14.0 14.1 U LIVE INFORMATION HELD FOR ARCHIVING AND BACK-UP For system performance reasons and in compliance with medical records (retention) policies, it is necessary to store Patient identifiable information outside of the Clinical System. Access to this information shall normally only be permitted from within the system and shall be managed and audited as defined in this policy and procedure. ISSUE 2 – MAY 2015 8 Clinical Information Systems – Access & Audit – 7.03 14.2 15.0 15.1 16.0 17.1 17.0 17.1 18.0 18.1 For system resilience and recovery it is necessary for back up copies of live Patient information to be held within the Trust’s data centres. Access to this information will be managed and audited as defined in this policy and procedure. U IMPLEMENTATION This policy does not require an implementation plan as this policy formally approves current working policy. U TARGET AUDIENCE The target audience for this procedure is all staff of Nottinghamshire Healthcare and partner agencies who require and are eligible for access to Clinical Information Systems, including their Sponsors, Team Leaders, General Managers, Clinical and Executive Directors. U REVIEW DATE This policy/procedure shall be reviewed in three years or sooner if required U CONSULTATION The creation and review of this procedure shall be in consultation with: • • 19.0 U RELEVANT TRUST POLICIES/PROCEDURES • • • • • • • • • • • 20.0 U Strategic Information Governance Group Executive Leadership Council (ELC) Information Sharing Between Professionals, Service Users and Carers 4.01 Information Systems Security - 7.01 Safe and Secure Handling of Confidential Information - 7.04 Information Life Cycle - 7.05 Clinical Records Management - 7.06 Operation of a Registration Authority - 7.07 Information Services Data Quality - 7.08 Information Technology Acceptable Use- 7.10 Digital Investigations - 7.12 Information Governance -7.15 Information Risk - 7.16 MONITORING COMPLIANCE 20.1 The Systems Administration Manager shall be responsible for maintaining regular access and administration audits as detailed within this policy and procedure, Liaising with the Information Asset Owner and reporting twice yearly to the Strategic Information Governance Group. 20.2 The effectiveness of this policy and procedure shall be assessed annually by the Strategic Information Governance Group. 21.0 21.1 U EQUALITY IMPACT ASSESSMENT Following the completion of an equality impact screening exercise it has been concluded that a full impact assessment is not required. The purpose of this policy and procedure is to safeguard Patient information and therefore has no impact on individuals or institutional processes. ISSUE 2 – MAY 2015 9 Clinical Information Systems – Access & Audit – 7.03 21.2 22.0 22.1 23.0 No adverse impact or positive discrimination has been identified across any of the equality strands/protective characteristics. However, monitoring will be carried out periodically across all strands to ensure consistency. U LEGISLATION COMPLIANCE This policy and procedure has been considered in context of the following legislation and guidance: • Data Protection Act 1998 • The Caldicott & Caldicott 2 Review • Common Law; Duty of Confidence • Access to Health Records Act 1990 • The Computer Misuse Act 1990 • ISO 17799 (Information System Security) U CHAMPION AND EXPERT WRITER 23.1 The Champion of this procedure is the Caldicott Guardian. 23.2 The Expert Writer of this procedure is the Systems Administration Manager. ISSUE 2 – MAY 2015 10 Clinical Information Systems – Access & Audit – 7.03 APPENDIX 1 U LIST OF APPROPRIATE SPONSORS • Caldicott Guardian • Senior Information Risk Owner • Divisional Director/Associate Director • Medical Director/Associate Medical Director • Divisional Managers • Director/Associate Director of Nursing/Allied Health • General Manager • Clinical Director • Service Manager • Support Manager • Ward Manager • Team Leader • Clinical Information Systems Manager • Systems Administration Manager ISSUE 2 – MAY 2015 11 Clinical Information Systems – Access & Audit – 7.03 APPENDIX 2 U LIST OF STAFF WHO CAN REQUEST AD-HOC OR UNSCHEDULED RiO ACCESS AUDITS • Caldicott Guardian • Senior Information Risk Owner • Divisional Director/Associate Director • Medical Director/Associate Medical Director • Divisional Managers • Director/Associate Director of Nursing/Allied Health • Clinical Director • General Manager • Head of Security • Service Manager • Support Manager • Ward Manager • Team Leader • Head of Health Informatics • Clinical Information Systems Manager • Systems Administration Manager • IT Security & Compliance Manager • Mental Health Act & Information Governance Manager • Appropriate managers in line with authorised investigations ISSUE 2 – MAY 2015 12 Clinical Information Systems – Access & Audit – 7.03 APPENDIX 3 Policy/Procedure for: Clinical Information Systems – Access & Audit Issue: 02 Status: APPROVED Author Name and Title: Richard Detheridge, Systems Administration Manager Issue Date: MAY 2015 Review Date: APRIL 2018 Approved by: STRATEGIC INFORMATION GOVERNANCE GROUP Distribution/Access: NORMAL RECORD OF CHANGES DATE Jan 15 AUTHOR R Detheridge / M Robinson ISSUE 2 – MAY 2015 POLICY/ PROCEDURE 7.03 (Issue 2) DETAILS OF CHANGE Deletion of system names to be more generic across all clinical systems 13 Clinical Information Systems – Access & Audit – 7.03 APPENDIX 4 EMPLOYEE RECORD OF HAVING READ THE POLICY/PROCEDURE U Title of Policy/Procedure : Clinical Information Systems – Access & Audit U I have read and understand the principles contained in the named policy/procedure. PRINT FULL NAME 0B ISSUE 2 – MAY 2015 SIGNATURE 14 DATE
© Copyright 2024 Paperzz