On 6th June, the UK’s Health and Social Care Information Centre (HSCIC) responded to a letter from the Secretary of State to Health, confirming its commitment to ensuring data security across the health and social care system. 

With the vast amount of data collected by health and social care entities, and the very sensitivity of that, the risks are really very significant.

HSCIC set out five proposals to ensure data security:

  1. requiring certification from all health and social care entities that they meet their information governance obligations, and reporting their status to the public.  This will also involve updating the existing IG Toolkit;
  2. making data security and information governance requirements pre-requisites for providing health and social care services – including the CQC’s inspection regimes and NHS England’s commissioning and contracting arrangements;
  3. providing the best available support and resources to health and social care entities – including an approved framework of security, testing and training services;
  4. an independent security audit programme across the health and social care system; and
  5. establishing a national security strategy noting the various measures in place already and embedding these and new technologies in the design, specification and procurement of all national and local information systems.

HSCIC see this as being very much a partnership with other entities, and will report on progress annually starting in March 2015. 

Again, the message is clear – data privacy and security is no longer merely a compliance obligation.  This letter and the related developments will bring data security and good information governance right into the heart of health and social care contracting and the provision of these services.  We can expect to see a great deal of activity in this area – and DLA Piper will be a pro-active part of that.

You can find HSCIC’s web page with the Secretary of State’s letter and HSCIC’s response here.