Lancashire trust tightens IT security bootstraps with ‘gold standard’ accreditation

Lancashire Care NHS Foundation Trust has secured a ‘gold standard’ in information security following an independent assessment of its IT practices.

The 400-site trust was awarded an ISO 27001 certification in information security following an audit by the United Kingdom Accreditation Services (UKAS) certified British Assessment Bureau this month.

The certification achieved by Lancashire Care NHS Foundation Trust (LCFT) covers the entire range of IT services it provides within its informatics department.

The trust, which ousted a decade-old EPR system in March, said the certification demonstrated it had “robust and agile” security protocols in place to protect patient data.

Damian Parkinson (pictured), LCFT’s director of health informatics, labelled the certification “a huge achievement and an absolute credit to the health informatics department”, saying it was the “culmination of many thousands of hours of work undertaken by a team of dedicated staff”.

He added: “Receiving the certification is testament to our commitment to security and further enforces Lancashire Care as a provider of quality care at the right time and in the right place.

“It is also a demonstration of our commitment to continuously improve processes and safeguarding data.”

The trust will have annual surveillance audits to maintain the certification.

The International Organisation for Standardisation (ISO) ISO 27001 is an international standard for IT systems, processes, policies and documentation related to cyber security.

Unlike CareCert and Cyber Essentials Plus – which are UK government schemes that are specifically for public sector organisations in the UK – ISO 27001 is a globally recognised certification that serves as a kitemark for industries around the world.

An LCFT spokesperson told Digital Health News: “At Lancashire Care we wanted to ensure compliance not only with the latest public sector and NHS guidance, but also to ensure we were compliant at the highest standard of information security that would be followed by other industries, including those with very high security requirements such as financial services.

“To our knowledge, there is only one other NHS trust in the North West region that has achieved certification for part of their IT service. The certification we have achieved at LCFT is for the entire range of IT services that we provide in a large health informatics department with 150 staff supporting a user base of just under 8,000.”

Lancashire Care’s health informatics unit recently achieved Level 2 Accreditation for Excellence in Health Informatics by the North West Informatics Skills Development Network.

According to LCFT, it is one of only three NHS organisations to hold the accreditation and plans to work towards Level 3 “in the near future”.