Add to collection(s) Add to saved
  1. Science
  2. Health Science

Checklist of the requirements needed for an organisation to have

advertisement 
Checklist of the requirements needed
for an organisation to have SCR access
As with the use of SCR in any care setting, the security and confidentiality of patient information is
paramount. Each new care setting must adopt the same robust governance that is standard for SCR
implementations. Detailed below are the individual requirements needed by any organisation wishing
to use SCR.
Access to NHS Network & Information Governance Requirements
NHS N3 Connection: The NHS N3 national broadband network connects NHS organisations by
enabling information to flow efficiently through the system. A secure N3 connection is currently
required to access SCR. To be granted access to N3, organisations must have completed the
Information Governance Toolkit and Information Governance Statement of Compliance (see below).
Information Governance Toolkit (IGT): The Information Governance Toolkit (IGT) is a performance
tool, produced by the Department of Health (DH)/Health & Social Care Information Centre (HSCIC)
that enables organisations to assess themselves against information governance policies, standards
and requirements. It draws together the legal rules and central guidance set out and presents it in one
place as a set of information governance requirements. The Toolkit consists of a number of standards
against which assurance of compliance needs to be given.
Information Governance Statement of Compliance: The Information Governance Statement of
Compliance (IG SoC) is the process by which organisations enter into an agreement with HSCIC for
access to the NHS National Network (N3). The process includes elements that set out terms and
conditions for use of HSCIC systems and services including the N3, in order to preserve the integrity
of those systems and services. The steps in the IG SoC process set out a range of security related
requirements which must be satisfied in order for an organisation to be able to provide assurances in
respect of safeguarding the NHS N3 network and information assets that may be accessed.
Smartcards
To view an SCR, Healthcare staff will require an NHS Smartcard with correct Role Based Access
Control codes on the card. Smartcards are ‘chip and pin’ cards with the name and photograph of the
user on them. The user will then insert the smartcard into a card reader attached to their computer. In
order to access SCR, staff are required to be registered on the Spine and issued with a Smartcard.
Staff will then be allocated specific role based access codes, ensuring only appropriate staff are
granted access to SCR. The service responsible for managing and administering this process is
known as the Registration Authority (RA). It will be necessary to work with an organisation that has an
RA function as they are responsible for confirming the identity of individuals and granting appropriate
profiles/access rights.
Privacy Officer
Every organisation that has access to SCR must have at least one nominated person that is
responsible for monitoring the SCR viewing activity of their users. This person is known as the Privacy
Officer and will be responsible for taking reasonable efforts to ensure that SCRs are being viewed
appropriately. Alerts and audits are available to support privacy officers in this task. It is a requirement
of the SCR Programme that a Privacy Officer is identified before the SCR go-live takes place.
Page 1
Business Change
Some key business change activities are required prior to SCR viewing going live within an
organisation:
Permission to view: Permission to view is required prior to an SCR being viewed. If the patient
cannot give permission (for example, due to the patient being unable to communicate for any reason)
staff may look at the record without asking for consent, if they consider it is in the patient’s best
interests. Organisations implementing SCR viewing need to use the SCR Permission to View
Guidelines systems.hscic.gov.uk/scr/implement/viewing to consider the business processes they will
need to adopt to ensure the effective implementation of permission to view.
Operational Processes: Each individual organisation must determine where the viewing of SCR best
fits in terms of day to day working practices and which staff members are the most appropriate to view
SCRs.
Training
All staff required to view SCRs must receive appropriate training to ensure they know how to access
the records and also to understand and interpret the information that they will be viewing. HSCIC has
developed an online learning package and other materials to support organisations wishing to train
their staff and roll out SCR. HSCIC is available to offer advice and support.
Page 2
Related documents
Document14923153 14923153
Document14923153 14923153
QUICK GUIDE: SHARING PATIENT INFORMATION TRANSFORMING URGENT AND EMERGENCY CARE SERVICES IN ENGLAND
QUICK GUIDE: SHARING PATIENT INFORMATION TRANSFORMING URGENT AND EMERGENCY CARE SERVICES IN ENGLAND
Sharepoint 101
Sharepoint 101
Add and Subtract - Mr. Lakas Algebra 1 Page
Add and Subtract - Mr. Lakas Algebra 1 Page
Twelfth Night * SCR
Twelfth Night * SCR
SCR, PO Box 541837, Merritt Island, FL 32954
SCR, PO Box 541837, Merritt Island, FL 32954
Download
advertisement