New RCPA members service – Caldicott Guardians
The RCPA is pleased to announce a new Caldicott Guardian Service for members. This service is designed to offer you support and guidance around data security.
What is a Caldicott Guardian?
A CG is a specialist role that sits within the senior leadership of a health and social care organisation. The role represents and champions information governance and is sometimes referred to as the conscience of the company. The role is not defined by any specific legislation and uses a range of legislation to work including GDPR, DPA, FOI, Common law of confidentiality, Health and Social Care Act and the NHS 10 data security standards. Caldicott Guardians help their organisations to ensure that confidential information about health and social care service users is used ethically, legally, and appropriately.
All health and social care organisations are required to have a CG. However, smaller organisations who don’t have the internal structure or budget to appoint one should have consideration for the CG principles or outsource the role.
Who will be your Caldicott Guardian?
Many of you will already know our Project Delivery Officer, Daniel Plummer, who has been supporting providers with the Data Security & Protection Toolkit. Daniel is registered on The UK Caldicott Guardian register and has completed full training for this role.
What will the service offer?
- Initial consultation to understand your organisation and how the CG can support you.
- Ongoing availability to handle issues and give guidance.
- Report to your organisations board or senior leadership with updates and recommendations
- Support for data breaches (this service isn’t an incident management service)
- Review and advice on data protection impact assessments (DPIAs)
There will be an annual fee for this service, no obligation to renew and full terms and conditions will be provided before any commitment is made.
We would like to gauge interest in this service amongst our membership. If this is a service you would be interested in hearing more about or have any questions then please email daniel.plummer@rcpa.org.uk. Once we have gauged interest we will contact you with our full service offer.
Message from CHC digital
CHC Digital End-to-End Person Management System
Dear Care Provider,
Please be advised that in the last few months, NHS Somerset ICB has undergone a procurement exercise for the provision of a Continuing Healthcare Digital End-to-End Person Management System.
The procurement exercise has now been concluded and can confirm that the successful bidder is IEG4 Limited.
The Continuing Healthcare Team is now entering into the Mobilisation phase of the project and therefore, we will be contacting you in the coming weeks to provide you with further information on the implementation of the new system and training for care providers on how to access and use the Provider Portal within the system.
In the meantime, if you have any queries, please do not hesitate to contact the Continuing Healthcare Team at somicb.chcdigital@nhs.net.
NHSmail – Multi-Factor Authentication (MFA)
To improve cyber security, NHSmail have started to introduce MFA from August 19th. The updates from NHS England have been summarised below:
New account creations for National Administration Service (NAS) managed organisations will start to have Multi-Factor Authentication (MFA) applied by default from 29 September, with existing user accounts to follow at a time to be confirmed.
Due to a desire to ramp up cybersecurity and streamline processes the rollout of MFA to all existing NAS user accounts will now mirror the timelines for remaining non-NAS accounts.
The timeline and process is as follows:
- For all existing NHSmail accounts, on the 19 August users will receive a pop-up notification asking them to register an MFA authentication method when you logging to their account. This prompt can be snoozed for a period of 14 days.
- By 2 September, if you MFA has not been enrolled in, access to NHSmail will change.
How will access change?
NHSmail accounts will be moved to a specific group policy that will require a stronger password policy approach and additional restrictions with stringent security measures applied, these being:
- Enhanced password policy including having to reset your password on 2 September and requiring a minimum of 20 characters.
- Not having persistent browsing sessions.
- Restrictions on sign in frequency.
- Password expiring every 90 days.
If any RCPA member is having difficulty enabling MFA or implementing the new password policy then please contact the Digital Social Care team – digitisationinsocialcare@somerset.gov.uk
Workshops/events
- RCPA Data Security workshop – Business Continuity planning – 29th August 09:30-10:30. Click here to register
- Completing the Data Security and Protection Toolkit – 3rd September 15:00-16:00. Click here to register
- Review and Republish your Data Security and Protection Toolkit – 10th September 15:00-16:00. Click here to register
- Busting Myths on Digital Social Care Records (DSCRs) – 11th September 14:00-1530. Click here to register
- Take a virtual tour of the Adult Social Care Workforce Data Set (ASC-WDS) – 18th September 13:30 – 14:30. Click here to register
- Completing the Data Security and Protection Toolkit – 22nd October 15:00-16:00. Click here to register
- Review and Republish your Data Security and Protection Toolkit – 29th October 15:00-16:00. Click here to register
Digital Social Care Records Feedback
The Digital Social Care team (DiSC) are seeking provider feedback for the implementation of digital social care records (DSCRs). Particularly from providers who have not yet gone digital or accessed the DiSC funding. The team are looking to support providers who have already accessed the funding and gone digital, and how to help providers who have not accessed the funding yet.
Please could you share your experiences with DSCRs and the DiSC project funding – digitisationinsocialcare@somerset.gov.uk