IMPORTANT INFORMATION

This website is no longer being updated.

NHS Rotherham Clinical Commissioning Group has, from 1 July 2022, been replaced by the new NHS South Yorkshire Integrated Care Board (ICB). The ICB is now responsible for commissioning and funding of health and care services in the local area. Please go to our new website www.southyorkshire.icb.nhs.uk for information about the work of NHS South Yorkshire ICB.

For local health information visit Your Health Rotherham

To view an archive of this website, please click here

Thank you.

branch graphic

FOI Disclosure Log

Back to Freedom of Information list

CCG 1055 TPP’s SystmOne has a serious design flaw non compliance with the Caldicott guidelines

Request 1	As you are aware it has been noted that TPP’s SystmOne has a serious design flaw which exposes patient data to all users of the system whether they are associated with a patient or not; which is not in compliance with the Caldicott guidelines. As part of our research please provide a response to the following questions. 1: How many of the GP practices within your CCG have switched on ‘Enhanced Data Sharing’ from TPP?
Response 1	21
Request 2	2: How is patient data being protected from being viewed by individuals who are not involved with that patient’s care?
Response 2	Patients are asked for explicit consent to share information with healthcare professionals under their care. Information can only be accessed by other health and care professionals if consent has been recorded. Initially, patients should be advised by their GPs or medical practitioners about the way their information is to be shared and given the option to opt out of sharing. Once the GP sets the patient’s consent to ‘share’, only health and social care professionals with the appropriate access controls and relevant security clearance (via the use of NHS smartcards, passwords etc) are able to access that medical record, again with patient consent. In exceptional circumstances, a health professional may decide to use an ‘access override’. Only a limited number of identified NHS users are able to use the access via their Smartcard. Once activated, the override creates a privacy officer alert at all the affected organisations to show that the record has been accessed and for what reason. Any access to a patients record is audited within the system and will show who and when the record was accessed.
Request 3	How do patients with sensitive medical issues eg. Mental Health, HIV positive, early pregnancy, prevent their data being shared?
Response 3	TPP SystmOne allows patients to mark any aspect of their record they deem sensitive as private, which prevents this information from being shared.
Request 4	How is the CCG working to ensure data protection compliance and the avoidance of misuse of the data?
Response 4	In accordance with our Data Protection and Access to Health Records Policy http://www.rotherhamccg.nhs.uk/Downloads/Policies%20and%20Procedures/IT%20Policies/001-IT%20Data%20Protection%20and%20Access%20to%20Health%20Records%20-%20February%202017.pdf
Request 5a	a): Does SystmOne have the capability to identify unauthorised access to a patient record by a user not involved with the patient’s care?
Response 5a	The system is fully audited to show all access made to a patients record.
Request 5b	b): If so, how is this unauthorised access to patient data reported to the CCG?
Response 5b	This would not be reported to the CCG as the practice would be the data controller.
Request 6	How is the CCG planning to report unauthorised access to the patient?
Response 6	n/a the responsibility would fall with the data controller.
Request 7	What plans does the CCG have to handle data protection claims from patients whose data has been illegally accessed?
Response 7	n/a the responsibility would fall with the data controller.

Oak House
Bramley
Rotherham
S66 1YY

Tweets by NHSRotherhamCCG

© 2024 Rotherham CCG. Privacy Policy | Cookie Policy | Accessibility | Sitemap | Contact us | Print page

LinkedIn YouTube Twitter Facebook