This page contains a Flash digital edition of a book.
RECORDS,DOCUMENTS & DATA


add on an hour to their working day, just to comply with the information governance policies. We need to be flexible, but we need to be secure.”


Many into one


The trust is now consolidating its IT security systems, many of them previously provided by different vendors. It chose to go with Symantec’s products, with some of the technical migration to the new systems – which is still in process – helped by Dell’s health sciences division. Tony Osborn, Symantec UK’s head of public sector, who has been working with the Government on information governance, told NHE: “Within the health sector, information is the lifeblood of any organisation, and ensuring that information is secure, available and accurate is a fundamental priority. The work the Royal Liverpool and Broadgreen trust is doing around information governance, ensuring information is well- managed and confidential, is critical, and we welcome that.


“Our views are aligned with those of the Information Commissioner; building in good security practices into projects from the beginning is the most cost-effective and secure way of doing it.”


Norman told NHE: “We’re no different


from any other trust; we’re having to comply with a lot of regulation on information governance to protect patient records, staff records, the transfer of data between ourselves and GPs, and also in how we provide access for patients to their data.


“We’ve got to have locked-down systems, but the flexibility to transfer data without affecting patient care; it’s quite a challenge. Over the last two years we’ve been reviewing all of our security systems and processes to look at what’s worked and what hasn’t. We realised we had a mismatch of different systems. They were all relatively good systems in their own right, but they were all independent of each other, so we decided to look at rationalising those to get complementary systems that, rather than competing against each other and taking up a lot of resource, would just employ the right clients that we needed that would monitor the right areas and would give us the flexibility to manage it all at quite a granular level.”


Sounding the alarm


There is a lot of data to manage; not just patient records,


but staff data,


communications with potential employees, details of junior doctors employed by the deanery, honorary


consultants,


laboratory work and much else, like the flows of commissioner data to the PCTs, and the provision of direct results to GP practices as well.


The trust has implemented smart software that blocks any and all data protection risks – but Norman is keen to ensure it is not over-zealous in what it blocks.


He explained: “We’re running it in ‘monitor’ mode at the moment, simply because we don’t want to put in something so restrictive that it could cause harm to patients, or make the clinicians less efficient. While it’s in monitor mode, we’re using it to help educate the staff as to what the issues are, identifying potential alerts, going into those, contacting the staff when it turns out to be a real potential breach, and letting them know we’ve captured it and to ensure they’re fully aware of the trust’s policy and processes, and to let them know we’re watching them!


“In the future, we won’t need to be so constrictive, because when people realise they’re being observed, they change their practice anyway.”


The trust recently introduced a clinical


“We wanted to look at how systems would work together, and value-for-money versus effectiveness.”


Investment plans


The team is now just over a year into a three-year plan to migrate the IT systems, all while also implementing digital dictation and voice recognition software, electronic document management, centralising booking, upgrading internal communications software and investigating changes to the way the trust uses mobile communications devices.


Real cost savings will start to accrue after three years, Norman said, from the savings on maintenance costs from previous systems, less money spent on cooling and reducing the trust’s number of servers, and other infrastructure savings too.


Norman said: “We’ve still got more to go. It’s not something you can do overnight. You can’t rush these things.”


James Norman


TELL US WHAT YOU THINK opinion@nationalhealthexecutive.com


national health executive Mar/Apr 12 | 41


portal provided by CSC and Carefx (now part of Harris Corporation) which has reduced paper flows, but that has meant that IT security had to be beefed up further. That is all part of a broader strategy, which Norman worked on from his arrival in post in early 2010 until its publication in September last year, to guide the trust’s IT through until 2014.


Soon after that, the existing Royal


Liverpool hospital will be replaced by a new one, being funded through a PFI scheme. The strategy should mean that the whole IT infrastructure is ready a year before the physical move to the new site.


Norman said: “We’ve implemented a whole new data room with new dedicated links, improved connectivity, we’ve created our own NHS cloud environment, into which we’ve moved the vast majority of our systems, amd for ultra-resistance and added security we’re using the new VMAX system, and Centera for our archiving and legal compliance. We’ve had to install a lot of systems in the background, and moving down the Symantec route and getting all of our security systems together was always in the pipeline; not necessarily with that specific company, but they came out top when we looked at all the potential systems.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84