Writing on the ICO news blog, Kai Winterbottom, group manager for the NHS sector in the good practice team, explained that news surrounding healthcare organisations and information security is often not positive.
“We’re approaching £5m worth of civil monetary penalties issued by the ICO to the public sector and for everyone there’s a tale of negative headlines and undermined public confidence,” he writes.
For this reason, Winterbottom claims, it is essential that good practice is recognised and promoted when it occurs.
“Our good practice team visited Plymouth and Solent to help raise awareness of data protection and look at some areas where they’ve had issues in the past,” the group manager explained.
“From the start, the attitude to staff at both Trusts was overwhelmingly positive.
“We ran an online survey in advance of the visit to gauge awareness and over 400 staff at each location took the time to respond, demonstrating a willingness to engage and an aware of the risk to information,” he claimed.
According to Winterbottom, both Plymouth and Solent demonstrated a “mature approach” to training staff in information governance and security.
The ICO claims to be particularly impressed by a network of “Information Governance Champions” and the use of unique fobs that prevent sensitive information from being left unattended at printers.
However, in his blog post, Winterbottom also noted that despite good progress, there are still some improvements that could be made.
“Using paper records, for instance, brought with it some problems that are common for NHS bodies,” he claims.
“Patient handover sheets are a prime example. While they are clearly necessary, the key is ensuring records are properly secured and disposed of when they are no longer needed,” Winterbottom adds.
Last year, Health Secretary Jeremy Hunt challenged all NHS Trusts to become “paperless” by 2018, instead opting for digital and electronic alternatives instead – however, there still seems to be a logn way to go before this target is met.