1 / 12

Prism Data Security

Prism Data Security. KB Leake Head of Operations & Development, Information Products Unit Health Solutions Wales 24 February 2010. Overview. Brief overview of all aspects of security around Prism Information Sharing Agreement Extraction of data from GP Practices

silvio
Download Presentation

Prism Data Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Prism Data Security KB Leake Head of Operations & Development, Information Products Unit Health Solutions Wales 24 February 2010

  2. Overview • Brief overview of all aspects of security around Prism • Information Sharing Agreement • Extraction of data from GP Practices • Central processing & pseudonymisation • Access via the web-based tool • IG rules framework for access control

  3. Data Flow requirements • Requirements for development of risk tool • Individual-level GP practice data • Read codes with information about conditions, examinations, measurements and prescriptions • Individual-level secondary care data • Wide range of clinical and administrative data from hospital admissions and outpatient attendances databases • Pseudonymised individual-level record linkage across all 3 sources of data • Risk scores fed back to GP practices in suitable format • Adherence to information governance rules, and protection of patient confidentiality

  4. Data Flow Methodology • Based on split file methodology • Methodology developed jointly by HSW and the SAIL project (Swansea University) – recently published • The SAIL databank: linking multiple health and social care datasetsRonan A Lyons et al.BMC Med Inform Decision Making 2009; 9: 3. ,Published online 2009 January 16. doi: 10.1186/1472-6947-9-3

  5. Prism File 1(Demographic) Prism File 2(Clinical) Revised ‘at-risk’patient list PRISM Data flows Health Solutions Wales GP Practice Pseudonymisation Service HSW Data Warehouse (Includes pseudonymised Hospital Admission and Outpatient data) Audit+ NHS WalesData Switching Service(NWDSS) GPSystem Recombine PRISM ScoringDatabase De-pseudonymisation PRISMWeb-tool

  6. Securing Access to the Prism Web-tool Account Control 3 (AC3)

  7. Account Control 3: Background • AC3 is a Role Based Access Control mechanism, which has been developed in line with NHS Wales’ policies, standards and guidelines, and the emerging National Architecture • It has been signed-off as being fit for purpose by: • Informing Healthcare’s Design Advisory Group • National Architecture Design Board • National Information Governance Advisory Group • Welsh Patient Safety Board • NHS Connecting for Health’s various governance boards • Access Control Mechanism is utilised by other all-Wales services (e.g. Welsh Demographic Service)

  8. Account Control 3: Principals of Operation • AC3 uses a self-registration / remote approval model, similar to many Internet sign-up processes • Getting access to Prism is a 3 stage process: • A user registers to use Prism • Registration approved by an authorised individual • The approved user logs on to the system for 1st time • Authority to access Prism is devolved to the local Practice, not held centrally by HSW or Informing Healthcare

  9. Account Control 3: ‘Key Players’ inAuthentication Process • All-Wales Information Governance Officers • Information Governance Team within Informing Healthcare • Caldicott Guardians • One per Practice • Caldicott Delegates (optional) • One or more delegates authorised by Guardian • Users within Practices

  10. Account Control 3: IG Role Interactions All-WalesInformation GovernanceOfficers National Local Practice Caldicott Guardian Caldicott Guardian Caldicott Guardian Caldicott Delegate Caldicott Delegate Caldicott Delegate Caldicott Delegate Caldicott Delegate Registration Operational Use User User User User User User User User User User User User User User

  11. Account Control 3: IG Role Responsibilities

More Related