IG Toolkit v14.1 compliance still required for healthcare organisations

Healthcare was the hardest-hit industry in terms of the number of breaches in the first half of 2017, according to the Gemalto Breach Level Index report, suffering 228 data breaches that resulted in 31 million stolen records.

One of the most notable incidents this year was the WannaCry ransomware attack, which affected an estimated 300,000 devices and led to the cancellation of approximately 14,778 patient appointments.

Despite the increasing threat of cyber crime facing healthcare organisations, a recent report indicated that 23% of UK IT professionals are not confident about their organisation’s ability to combat a cyber attack, and 26% of IT professionals would pay a ransom if they were affected by a ransomware attack.

IG Toolkit v14.1 can help to improve data security

The Information Governance (IG) Toolkit has enabled health and social care organisations to assess themselves against best-practice information governance policies and standards. The guidance document says the aim of the IG Toolkit is to “demonstrate that the organisation can be trusted to maintain the confidentiality and security of personal information”. The IG Toolkit has worked to improve cyber security and data protection through improvements to information governance standards embedded in healthcare organisations.

The IG Toolkit ensures that the confidentiality and integrity of patient data is protected, and enables organisations to supply to the NHS and access the Health and Social Care Network (HSCN).
The toolkit will give way to the Data Security and Protection (DSP) Toolkit from April 2018, so organisations may wrongly view compliance with the IG Toolkit v14.1 as no longer a priority. However, failing to submit compliance documents before the March deadline can lead to:

  • Removal of privilege to access NHS networks for general suppliers to the NHS, commercial third parties and business partners;
  • Enforcement action by the Information Commissioner in the event of a data breach;
  • Adverse effects on Care Quality Commission (CQC) registration; and
  • An impromptu inspection by the CQC.

Until 31 March 2018, compliance with the IG Toolkit v14.1 is mandatory for healthcare organisations.