1
Mahwish Noor, Information Governance Manager and Data Protection Officer
2 Describe your role in one sentence
As a Data Protection Lead, I protect personal and sensitive information relating to patient and employees and provide a framework to ensure personal information is dealt with legally, securely, efficiently and effectively, in order to deliver best possible care.
Tell us about a project you’re working on and how does it / will it benefit patients?
I am working on various projects on a daily basis. One of the projects is called Health Information Exchange (HIE). HIE is an electronic, real-time, shared record view of a resident’s key health and care information – right now
It allows doctors, nurses, pharmacists and other
health care providers within NCL STP to appropriately access and securely share a service user’s vital medical information electronically—improving the speed, quality, safety and cost of care.
From information governance perspective, we have setup a data sharing agreement with all the organisations to allow sharing of information lawfully as part of direct care but also to respect any opts out raised by services users.
3
Name and job title
the personal data as well as managing these risks with mitigating actions.
The DPIA template is available on the intranet here.
Second ask is, please complete your mandatory Data Security training so that you are compliant with the Data security standards. Failure to complete the training can lead to fines and complaints raised by the Independent Supervisory authority called Information Commissioner Officer (ICO).
5 What three words would you use to describe our single organisation?
Hectic, Fun and helpful (staff)
6 What do you like most about your role / working here, and what do you find most challenging?
I love working as an Information Governance Manager and leading on various projects project to ensure they are compliant with GDPR and Data Protection Act 2018. I also enjoy working with my team and support received by Senior Management around importance of keeping confidential data secure.
A challenging aspect of my job is receiving documentations and approving projects within a day. If enough notice is provided and IG is involved at the start of the project, the issue of IG blocking the work would be less. So the message is, involve IG from the start of the project! Also, another challenge is chasing staff to complete their data security training.
7 The NHS Long Term Plan will make sure the NHS has a bright future ahead of it. Regarding technology / IT, how do you think the NHS will change over the next 10 years?
Technology will be enhanced and more toward agile working.
4
Is there anything you’d like your colleagues to do as a result of reading this that would help you with your project?
If you are procuring or setting up a new project which involves personal data processing, please email me at first instance. One of the requirements for such projects is for the staff to complete a Data Protection Impact Assessment (DPIA) which allows the project team and
IG Team to identify any risk associated with processing
Cyber security
In December 2019, IT, working alongside Bulletproof, was awarded the Cyber Essentials certificate.
Cyber Essentials is a UK government scheme that sets out 5 basic security controls to protect organisations against around 80% of common internet cyber-attacks.
The certification lets our service users and supply chain know we have considered security controls and are working in a safe and secure environment.
By March 2020 we will have achieved Cyber Essentials Plus (CE+). This will help us to guard against the most common cyber threats and will demonstrate our commitment to cyber security.
If you have any concerns about cyber security contact IT via ICTService.Desk@Candi.nhs.uk or the Trust’s Local Counter Fraud Specialist, Erin Sims on 07800 617456 or at erin.sims@rsmuk.com / erin.sims@nhs.net