Both SAIL Databank & SeRP have achieved the new high-watermark standard set out by NHS Digital’s Data Security and Protection Toolkit for any organisation that accesses NHS data.
The Toolkit is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.
SAIL Databank is the custodian of a wide range of anonymised health data from across the UK and SeRP is entrusted by many health data projects and organisations around the world to provide a first-class data sharing, storage, linkage and analysis platform.
As such, all organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.
In achieving these standards, SAIL and SeRP were assessed across the overarching themes of People, Process and Technology and measured against the following criteria;
- Confidential data is handled appropriately.
- Staff understand their obligations to handle data responsibly.
- Staff complete the necessary data security training.
- Data access is managed to allow only those who need it, to have it.
- All processes are frequently reviewed.
- Adequate defence and reporting of cyber-attacks.
- Continuity planning and scenario tests for data breaches.
- Centrally managed and supported IT systems.
- Strategy for protecting IT systems from cyber threats.
- IT suppliers vetted and accountable to the same rigorous standards.
Achieving this standard demonstrates that SAIL Databank can be trusted to uphold the confidentiality and security of vital health data used for research in the public interest, and that SeRP can be trusted to provide a safe, secure and controlled environment that’s accredited to the highest international standards.
BY Christopher Roberts, SWANSEA UNIVERSITY