The roles of policy and professionalism in the protection of processed clinical data: A literature review

“…Initially, use had to be approved by PIAG (Patient Information Advisory Group) but this has been superseded by the National Information Governance Board. Legislation is based on the European Human Rights Act within Europe, 8 and on the Health Insurance Portability and Accountability Act (HIPAA) 9 in the USA. There are some well-established projects in the UK, and the Wellcome Trust and research councils have funded a number of new programmes of research that will be based on routinely collected data.…”

Vault, cloud and agent: choosing strategies for quality improvement and research based on routinely collected health data

“…Initially, use had to be approved by PIAG (Patient Information Advisory Group) but this has been superseded by the National Information Governance Board. Legislation is based on the European Human Rights Act within Europe, 8 and on the Health Insurance Portability and Accountability Act (HIPAA) 9 in the USA. There are some well-established projects in the UK, and the Wellcome Trust and research councils have funded a number of new programmes of research that will be based on routinely collected data.…”

Vault, cloud and agent: choosing strategies for quality improvement and research based on routinely collected health data

“…5 There is greater need for informatics training among managers, leaders and users, as well as system-specific training. This is something recognised in the Swindells report, 10 but not as yet implemented. It is possible that greater professionalism in informatics is fundamental to addressing privacy as well transformational goals.…”

“…Addressing the transformation issues has only formally started in the wake of implementation, vide the recent report on the single shared electronic patient record commissioned from the Royal College of General Practitioners (RCGP) by NHS Connecting for Health as a result of user concerns. 10 In the wider context, there is also a need to explore what we mean by sharing patient information, and the characteristics and comparative merits/demerits of the various means of doing so: shared detailed care records are only one such means. In this context, it is worthy of note that the RCGP report 10 considered sharing access to records as very different from purposeful communication between people, e.g.…”

“…10 In the wider context, there is also a need to explore what we mean by sharing patient information, and the characteristics and comparative merits/demerits of the various means of doing so: shared detailed care records are only one such means. In this context, it is worthy of note that the RCGP report 10 considered sharing access to records as very different from purposeful communication between people, e.g. via a referral or discharge letter.…”

Further changes are needed if the National Care Record Service (NCRS) implementation is to succeed

“…The latter is important in order to interpret the communicative limitations of the policy from the employees' perspective. Hence, this research responds to the call for more research on employees' behaviour with respect to information security policies within health care [9] and it focuses communicative aspects of the information security policy artefact, which is an even more understudied area. As far as we know there exist no quality criteria for information security policy design in health care anchored in a practice-based perspective.…”

Practice-Based Discourse Analysis of InfoSec Policies