GDPR: Which NHS trusts are ready for 25 May 2018?
New data from Digital Health Intelligence (DHI) reveals that 55% of acute trusts 47% of mental health trusts have an implementation plan for the General Data Protection Regulation (GDPR).
DHI approached 150 acute trusts and 53 mental health trusts and asked them whether they had formulated a strategy to ensure they are compliant with upcoming changes to the way organisations handle and store data.
One hundred and thirty-three trusts responded to DHI, including 97 acute trusts and 36 mental health trusts.
In total, 70 of the 133 respondents (53%) claimed to have a plan in place for GDPR implementation. Of the acute trusts, 53 said they had a compliance strategy, while 43 said they had no such plan.
Meanwhile, 17 of the mental health NHS trusts in England claimed to have a game plan for GDRP compliance, and 18 said they did not.
Two of the 133 trusts that responded claimed to have a developed a “partial” plan. This included Milton Keynes University Hospital and Avon and Wiltshire Mental Health Partnership.
Of the 61 trusts without a GDPR plan, 11 said they were in preliminary planning stages or otherwise suggested that a plan was being considered.
The data gathered by DHI has been collated into an interactive map. Each trust is represented by a coloured circle, with green indicating that a plan is in place, orange that a plan is being developed and red that there is no plan in place.
The research was carried out between February and November 2017. Its aim of the study was to provide insight for suppliers engaging with the NHS around data-sharing projects, while allowing NHS organisations to compare their GDPR compliance status with that of peers.
The EU-wide legislation holds massive implications for the NHS and other healthcare providers, which handle huge volumes of sensitive patient information.
Organisations have until 25 May 2018 to bring their data-handling policies in-line with the new legislation. Those who fail to adhere to the rules face sanctions by the Information Commissions Office (ICO), including fines of up to €20 million for the most serious infringements.
As such, the NHS now faces the unenviable task of pulling together the reams of data it holds across its multitude of silos and stand-alone systems.
Attempts have been made to make it easier for trusts – some of which own up to 500 IT systems – to consolidate their data in preparation for next year’s deadline.
4 Comments
It would be really helpful if the guidance from NHSE/NHSD was more forthcoming. While there will be specifics to each organisation many of the themes will be common just like cyber security.
Organisations can then focus resource and investment in these areas with the aim of improving as at the moment I know suppliers are in touch every day wanting to perform assessments etc. some times at huge cost.
The IG Toolkit is not GDPR compliant but the new one if they pull their finger may be. Ignorance may be bliss but it is also a dodgy strategy. I am more worried about the micro busniess including public authorities. On the other hand if the ICO, NHSE or NHSD can publish clear guidance on the most important aspects then we all should okay. But the most important is not out until February 2018.
NHS trust’s complete the Information Governance Toolkit assessment which is largely GDPR compliant. There is work to be done but the impact of GDPR will be far greater on other sectors.
There are lots of people making money out of GDPR scaremongering.
When it doubt, stick your head in the sand.
Comments are closed.