Primary Care Data Security Kent and Medway Health Informatics Service. Data Warehouse and Business Intelligence

Transcription

1 Primary Care Data Security Kent and Medway Health Informatics Service Data Warehouse and Business Intelligence Author: Paul Bolton Date: 20 August 2012 Version:0.1 Hosted by Maidstone & Tunbridge Wells NHS Trust Page 1 of 5

2 Documentation Document file name: Document Location The document is located in HISshare and is held in electronic format. Revision History Date Version Status Summary Changes Customer Distribution Record This document has been distributed to: Date Version Distribution Purpose Enquiries All enquiries relating to this document should be addressed to: Name: Job Title / Department: Address: Telephone: Page 2 of 5

3 Contents 1 INTRODUCTION PRIMARY CARE DATA STORAGE ON THE KMHIS DATA WAREHOUSE Overview Existing Primary Care Data on KMHIS data warehouse Security... 5 Page 3 of 5

4 1 Introduction This document briefly describes the safeguards in place to protect patient level data that is stored on the KMHIS data warehouse or accessible through the KMHIS business intelligence system HISbi. 2 Primary Care data storage on the KMHIS Data Warehouse 2.1 Overview The Kent and Medway Health Informatics Service (KMHIS) provides data warehousing services to most of the NHS organisations in the county. This includes 2 acute trusts, all community trusts, NHS Kent and Medway, Contract and Procurement (CaP) and Dartford, Gravesham and Swanley CCG. The data warehouse hardware and infrastructure is located at Kent and Canterbury Hospital in a data centre managed, maintained and serviced by KMHIS staff although the various equipment is owned by either EKHUFT or KMHIS. The data warehouse is built on two separate 2005/8 instances that are used to process and present the data and to manage the queries from the BI system HISbi and any users accessing the warehouse directly. There is no data physically stored on these servers, they simply manage the transactions between the source data and the Storage Area Network (SAN) where the data is held. For the rest of this document the servers and SAN file storage will be referred to combined as the data warehouse 2.2 Existing Primary Care Data on KMHIS data warehouse Primary care data from Dartford, Gravesham and Swanley CCG is stored on the data warehouse and the process for this is as follows: 1. Primary care data is extracted from the GP systems by a company called Apollo. On each practice system there is an application that runs a download of the data at set periods. This is usually overnight and the practice system has to be active for this to happen. The security arrangements for this stage are between the CCG and Apollo. 2. The data extract is then pushed to a secure GPIT server, in the case of DGS CCG this is based in Gravesend and is managed and maintained by NHS GPIT technical staff. 3. The individual datasets from each practice are then combined into a single file by a batch process that is run by the GPIT staff. 4. KMHIS, at set times, transfer this single file and store it on the SAN at Kent and Canterbury Hospital. The only staff who have access to this area are the data warehouse staff that are responsible for processing the file for HISbi, the HISbi staff who develop the reporting and the KMHIS Database Administrator (DBA). The KMHIS data warehouse is a safe haven. 5. The data is run through several processes to transform it into a state where it can be used, at present, for the GPMIS system developed for DGS on HISbi. In DGS CCG a privacy impact assessment has been carried out and there will be a similar process, using the DGS PIA as a basis, for other practices/ccgs that are going to store data on the data warehouse. The above process for GP data used in DGS CCG is shown here to provide an example of a current procedure. The process of how and where the data will be extracted from Page 4 of 5

5 other GP systems will need to be established to ensure that the initial download store is secure. 2.3 Security Patient level data is never loaded onto desktop PCs for the purpose of developing reporting. Patient level data is never copied to data sticks or other transportable media. Development/live servers are accessed by secure password. Data is removed from development servers once the development is complete. The KMHIS Business Intelligence system is the only method of gaining access to the primary care record level data. HISbi is developed using IBM Cognos that is a market leader in business intelligence software and has a sophisticated and secure user access system. The data extracted from the primary care system will contain the practice code where it came from and this is used in the security to ensure that only the practice where the data came from can access clear record level data. For all other users, the link to record level data is either hidden or a message is displayed that informs them that they are not entitled to see patient level data. Where record level access is required for demonstration or non clinical purposes the data is pseudonymised. HISbi users that have admin rights to the system, or are developers of the system, are able to see record level data as part of their role within the safe haven. No user outside of the HISbi development team has admin rights. Users must apply for access to HISbi using a formal user access form and, if patient level data is requested, then it must be countersigned by the Caldicott Guardian or approved representative before access is granted. KMHIS keep a list of these authorised signatories and will not grant patient level access to anyone who is not on this list. KMHIS will challenge any person or organisation who requests patient level access and who currently do not receive it and will not give access without the proper authorisation. Page 5 of 5