The Local Government Association (LGA) has highlighted the need for more consistency in approaches to data security in the care provider sector.
This comes after it commissioned an assessment of the sector’s digital maturity, the broad results of which were outlined at the UKAuthority Digital Health and Social Care Conference on Friday.
Abby Vella, from the LGA’s Care and Health Improvement Programme, said it has run an exercise over the past year with the support of the Care Provider Alliance and NHS Digital that has included an assessment of data and digital security in the sector.
It came partly in response to the spread of the WannaCry virus two years ago, which affected many NHS organisations and had an indirect effect on some councils and care providers.
“We know that data security is just as much about the non-digital or physical information as electronic information,” Vella said. “The purpose of the programme was to pick up both elements from a social care perspective.”
The LGA commissioned the Institute of Public Care, part of Oxford Brookes University, to carry out on-site work with 70 care providers across three local authority areas – Bedfordshire, North Yorkshire and Greenwich – to assess digital maturity and data security. It took in care homes, home care organisations and others.
This was backed up by the Telecare Services Association doing some similar work with call monitoring centres.
Vella said the findings have confirmed what the LGA had heard anecdotally. Among the main points is that it is a challenge to get care providers engaged in the programme, especially in talking about data and cyber security in a way that resonates with them. But the feedback from those that did get involved was overwhelmingly positive, with feedback on the benefits once they did begin to address the issues.
One problem to emerge is that the inspection process for care providers often involves them being asked to provide paper copies of files when digital copies already exist, and when information is sent to them it often has restrictions attached.
While plenty of care providers have plans to increase their use of digital, they often need to strengthen their arrangements in some areas, such as password management, mobile device security and contingency testing.
Overall, the project showed there is a mix of approaches in the sector, falling into three personas: those that continue to rely largely on paper; those using a blend of digital and paper; and those predominantly focused on digital.
“We know 70 care providers is a small number compared to the total, but it is interesting to note that in the programme there was a fairly even split with roughly a third falling into each persona,” Vella said.
A number of recommendations are emerging from the research. Care providers are urged to review their procedures around mobile working, password security and back-up testing, and to ensure they carry out due diligence on cloud and third party IT suppliers.
Councils commissioning the care should be helping to raise awareness of security issues among providers, explore more consistent approaches to procurement and consider on-site assessments to incorporate aspects of data security.
In addition, the national bodies involved should be looking to provide clear and tailored support on the issue for the care providers.
Vella said the final report is scheduled to be published this week by the Institute of Public Care, and that it will be hosting webinars during June and July to share the findings more widely.
The LGA has secured funding for further work in the area next year, and plans to provide grants to encourage collaboration between councils and care providers.
Image from iStock, abluecup