Jon Baines writes that the results of a small survey involving junior doctors at two general district hospitals may be so concerning as to require compulsory ICO audits:
all NHS bodies are required to comply with the comprehensive and demanding IG Toolkit and in my experience there are some extremely skilled and dedicated people working in the field of NHS information governance.
This makes the findings of a small, but significant, study at two hospitals of the attitudes and practices of junior medical staff towards security of patient identifiable information particularly concerning. And, perhaps, the justification for compulsory ICO audits is made out.
The study, published in the Journal of Patient Safety, involved asking 50 junior medical staff across two unnamed district general hospitals
Read more of Jon’s post on Information Rights and Wrongs.
At the very least, the survey findings suggest to me that there’s not enough attention to training and monitoring junior medical staff on data protection. But then, this might even be broader than just junior medical staff. The ICO won’t know until he follows up on these findings with a broader survey.
In my training program (as a psychologist), we were obligated to pass a course and test on ethics, which included privacy issues. Are junior medical doctors in the UK requires to take a full course on data protection and related obligations and to demonstrate competency before they are ever allowed to get their hands on patient information? If not, that might be a strategy to explore.