In the past year, PHIN has received 7,500 data submissions comprising over 100 million rows of raw data. Data is central to everything we do at PHIN, and one of my roles as Chief Technology Officer is to make sure that we protect the healthcare data we collect and ensure it is only shared in the appropriate ways with the appropriate people. We know that it is important to patients, consultants and hospitals that data is secure and confidentiality is upheld.

There are constant and evolving threats in the digital world, so we take security and privacy very seriously. We are very pleased to have passed our recent ISO 27001 audit with flying colours. ISO 27001 is an international standard that specifies the requirements for an information security management system (ISMS) and it provides independent, third-party verification that our ISMS meets the exacting requirements.

Accreditation lasts for the next three years, but there is no resting on our laurels. Our ISMS must be managed and maintained throughout that period. We do this through our continuous improvement register and programme. We will continue to remain vigilant and take all the necessary steps to counter developing threats.

This is not something we do in isolation as the Technology team. It’s an organisation-wide effort and we regularly update our staff training on information governance to ensure people are aware of the risks and the precautions they need to take.

I also thank our stakeholders and partners who assist us in these matters, and remind those who share data with us that email is not a secure way to do this. If you want to share data and aren’t sure how, please get in touch to discuss the best solution for your needs, such as our application program interface (API) which allows data to flow into and out of PHIN’s systems securely.

We hope ISO 27001 recertification will continue to provide our members with a high degree of confidence and trust in PHIN’s information governance.

Was this article useful?