Risk assessment central to health data disclosure

At the NHS Information Centre, we can provide data on issues at both national and local level. For instance, we can help healthcare professionals isolate and identify particular health issues in their PCT or evaluate the quality of care in their local hospital and how it compares with others. We can assess the extent of smoking, alcohol and drug-related problems, and which groups of the population are most affected.

Because we are able to provide such localised data, the fact that we are often dealing with small numbers of people. This means that the risk of them being identified by those with a particular interest in them is higher.

Take for example data that is provided on childhood obesity in a small town. Because it might be likely this group of people will be small, there is an increased risk of them being identified out of the wider population and patient confidentiality compromised. We need to ensure we safeguard against these risks.

Because a group of people is small, there is a risk of them being identified.

All NHS organisations and those who supply or make use of the information have an obligation to ensure that there is adequate provision for the security management of the information resources that they own, control or use. Before we publish health statistics we must:

  1. Determine users’ requirements for the published statistics: It is vital to identify the main users of the statistics and understand why they need the figures and how they will use them in detail.
  2. Understand the key characteristics of the data: It is important to have a good understanding of the data that may require protection to assess any risk of disclosure.
  3. Assess circumstances where disclosure is likely to occur: We need to think of the views of patients or staff in each assessment we make and what the impact of potential identification could be.
  4. If required, select appropriate control methods to manage any risk
  5. Implement and disseminate the information: once all necessary checks have been made, data can be released.

Data encryption, digital signing, authentication and non-repudiation services are effective information security tools, which we actively use to ensure our data is reliable and secure. What is more, all individuals who work within, or under contract to an NHS organisation have a responsibility for the security of information that they create or use in the performance of their duties. Because a group of people is small, there is a risk of them being identified.

Latest from Marketing Week

PLEASE SIGN IN OR REGISTER. IT'S FREE, QUICK AND EASY!

Access Marketing Week’s wealth of insight, analysis and inspiration that will help you develop as a marketer and leader.

Register and receive the best content from the only title 100% dedicated to serving marketers' needs.

We’ll ask you just a few questions about what you do and where you work, so we can make Marketing Week more relevant to you.

Register now

THE BEST CONTENT

Our award winning editorial team and columnists will ask the biggest questions about the biggest issues on everything from strategy through to execution to help you navigate the fast moving modern marketing landscape.

THE BIGGEST ISSUES

From the opportunities and challenges of emerging technology to the need for greater effectiveness, from the challenge of measurement to building a marketing team fit for the future, we will be your guide.

PERSONAL AND PROFESSIONAL DEVELOPMENT

Information, inspiration and advice from the marketing world and beyond that will help you develop as a marketer and as a leader.

Dedicated to developing your skills and helping you achieve marketing excellence. Find guidance on leadership, professional development and the latest industry jobs.

Having problems?

Contact us on +44 (0)20 7292 3711 or email subscriptions@marketingweek.com

If you are looking for our Jobs site, please click here