Flashcards in Health informatics governance Deck (11):
What is required to ensure confidentiality and data protection?
Adequate training in data protection
Compliance with data protection act 1998
Organisational policies and procedures
Audit process and evidence of compliance
What are the requirements of the data protection act 1998?
Data should be:
Fairly and lawfully processed
Processed for limited purposes
Sufficient and relevant
Not stored for longer than necessary
Processed in line with data subject's rights
Transferred only to countries with adequate security
What are the caldicott principles related to?
Use and transfer of patient identifiable data other than for direct care, medical research, or statutory requirement
What are the duties of a Caldicott Guardian?
Strategy and governance
Confidentiality and data protection expertise
Internal information processing
What are required for information security assurance?
Established business processes
Choice of IT systems supports security requirements
Business continuity plans
Identifiable information assets
Network access security
What are required for clinical information assurance?
Adequate skills and knowledge
Correct use of NHS number
Procedures for accuracy of clinical information
What are required for secondary uses assurance?
National data definition standards
Maintain external data quality standards
Audit clinical coding accuracy
Validation processes for clinically coded data
Who is the competent authority in the UK to implement the MDD
Who are the notified body?
Company accredited to assess device against CE mark
What are the practical considerations for software with a CE mark?
Development must follow a recognised software lifecycle
Scrutiny of process as well as product