Patient Self Check-in kiosk

Patient Self Check-in kiosk have been installed by Engage Health across most GP Practices. This check-in system enables patient to verify their identity and book in for their appointment. Therefore, it eases the pressure off the receptionists especially at peak times. However, since it is a self-service technology, it makes them susceptible to privacy invasion by bystanders, as well as intrusion attacks by malicious individuals since only generic log-on information is used for check-in. It is also an IT challenge to track the user activities and protect the system. Our IT service provider and the Engage Health (Wiggly Amps) manage the IT risks.

As GP practices, these are some safeguard measures we can adopt:

1. Deploy the self check-in kiosk in well-lit areas, so that we can protect both the user and the equipment from violent or malicious people.

2. Try and place the equipment that is at the vicinity of the reception while also providing privacy for the patient. E.g., a back wall is less intrusive than the wall that is in front of the patients.

3. Design questions in such a way that you can validate the answers while not requesting the patients to enter the details fully, such as the bank security questions. E.g., last few digits of phone number

4. Couple of our GP practices had complaints from patients about using these kiosks. The complaints have been addressed by re-configuring the questions appropriately. However, here are few more tips to address the same:

• Install privacy hoods on the kiosk and attach the hood using a strong Velcro or tape solution. Do not screw or use magnets to attach the privacy screen to the touchscreen as this will damage the device and potentially stop it from working.
• Engage Health provide privacy booths which is another option to provide privacy.
• Install privacy screens on kiosks, to make it difficult for anyone else to see what appears on the screen when someone is logged on. The patient can view clearly if the privacy screen is installed. Privacy screens may be a low-cost option thereby also providing privacy of the patients. We have to test the privacy screen to see which one works with touch screen.

5. Avoid any peripheral device connections.

As part of Data Protection Impact Assessment, a full vulnerability analysis will be undertaken and mitigations provided.

EMIS Health Data Storage

EMIS Health announced a change in their technical processes with a move to Amazon Web Services from its own data centre. Delivery of the services is subject to the terms of the GP Systems of Choice Framework (GPSOC) which is managed by NHS Digital on behalf of the Secretary of State for Health.

We conducted a full Data Protection Impact Assessment and filed the documentation in the DPIA folder under Google Drive.

Openness by Design

1. The Information Commissioner’s Office have released the five ‘Openness by Design’ goals this month (June 2019):

2. Ensuring that access to information rights is upheld in a consistent and timely manner and operates effectively in a digital age.

3. Providing excellent customer service to individuals making requests to us, and lead by example in fulfilling our own statutory functions.

4. Raising awareness of access to information rights and make it easier for the public to exercise their rights.

5. Promoting the reform of access to information legislation so it remains relevant for our modern society and fit for purpose.

6. Further developing and sustaining our international collaboration, learning from the best initiatives around the world.

EMIS Web & SystmOne direct interoperability

Patient records are joined up using EMIS Web and SystmOne direct interoperability to enable users of EMIS Web to view a patient’s combined community and primary health record held in SystmOne – and vice versa – in order to make fully informed healthcare decisions. This is a step forward in patient care. We have provided you with an extended data share agreement for SystmOne practices extended to cover your CCG, Public Health and IT provider.

Past Data Protection & GDPR training

Organised by the CCG.

Trainer: Radha

2^nd September 2019 – 13:00 hrs to 15:00 hrs, Room D

20^th September 2019 – 13:00 hrs to 15:00 hrs, Room D

25^th October 2019 – 13:00 hrs to 15:00 hrs, Room BC

Registration through Eventbrite.

If you are interested about forthcoming GDPR training sessions, please get in touch using the webform or email us at info@bivika.com.

CQC Audits

Few practices have received their CQC audit dates in the previous months and were fully supported by the Data Protection Officer to cover the ‘Data Protection’ elements of CQC audit. Anyone else who have received audit dates, please contact the named DPO we have provided you to organise the data protection support for the audit.

If you would like more guidance on Data Privacy and Data Protection, or require DPO services, please reach out to info@Bivika.com.