NI AS Report for IGB 15th February 2017
Agenda item: 8.1
National Intelligent Integrated Auditing Solution (NIIAS)
Purpose
The purpose of this paper is to report on NI AS incidents up to and including 31st January 2017.
Background
NI AS is a software auditing tool available to all Health Boards / Trusts across NHS Wales. It is used to
detect potentially inappropriate access to electronic clinical records where employees may have
accessed and/or viewed data they are not entitled to access.
Monitoring NIIAS Alerts
The verified figures (after removal of false positives), split by week, are as follows:
October 2016
November 2016
December 2016
January 2017
Own
Family
Own
Family
Own
Family
Own
Family
Record
Record
Record
Record
Record
Record
Record
Record
14
6
6
*
*
*
13
5
10
8
8
*
*
*
5
*
11
*
*
*
10
*
*
*
10
11
11
*
*
*
5
*
*
*
*
0
*
*
45
29
31
13
27
9
28
14
Manager Responses to NIIAS notifications
From 1st December 2016 the IG Department have been monitoring how well Line Managers respond
to NI AS notifications we send to them. Any feedback and / or confirmation of appropriate action
received from Line Managers is recorded. As of 6th February 2017 the figures for Line Manager
responses back to IG are as fol ows:
December 2016 – Manager Responses by week
2nd access
Family
Confirmation of
Disciplinary action
to Own
Record
appropriate action
taken. Yes / No /
Record
received
Unknown
0
*
Yes
Unknown
0
*
No
Unknown x4
0
*
Yes/No
Unknown x2
0
*
Yes
Unknown
0
0
---
---
0
9
1
NI AS Report for IGB 15th February 2017
Agenda item: 8.1
January 2017 – Manager Responses by week
2nd access
Family
Confirmation of
Disciplinary action
to Own
Record
appropriate action
taken. Yes / No /
Record
received
Unknown
0
5
Yes/No
Unknown - 5
0
*
Yes
Unknown
*
*
Yes – *; No - *
Unknown - *
0
*
Yes – *; No - *
Unknown - *
*
*
Yes – *; No - *
Unknown - *
*
14
Breakdown by SDU
From 1st December 2016 the IG Department have also been recording the number of incidents by
Service Delivery Unit. The monthly incident figures by SDU are as fol ows:
December 2016 – SDU by month
Own Record
Family Record
SDU
Incidents
SDU
Incidents
Mental Health
*
Mental Health
*
Morriston
*
Morriston
*
NPTH
0
NPTH
0
PoWH
11
PoWH
0
Primary Comm.
*
Primary Comm.
0
Singleton
6
Singleton
0
Corporate (HR)
0
Corporate (HR)
0
Corporate (Strategy)
0
Corporate (Strategy)
0
Corporate (Informatics)
*
Corporate (Informatics)
*
Corporate (Finance HQ)
0
Corporate (Finance HQ)
*
Corporate (R&D)
0
Corporate (R&D)
*
Unknown
0
Unknown
0
External Organization
*
External Organization
0
27
9
2
NI AS Report for IGB 15th February 2017
Agenda item: 8.1
January 2017 – SDU by month
Own Record
Family Record
SDU
Incidents
SDU
Incidents
Mental Health
*
Mental Health
0
Morriston
6
Morriston
*
NPTH
6
NPTH
*
PoWH
7
PoWH
*
Primary Comm.
*
Primary Comm.
*
Singleton
*
Singleton
*
Corporate (HR)
0
Corporate (HR)
0
Corporate (Strategy)
0
Corporate (Strategy)
0
Corporate (Informatics)
*
Corporate (Informatics)
0
Corporate (Finance HQ)
0
Corporate (Finance HQ)
0
Corporate (R&D)
0
Corporate (R&D)
*
Unknown
*
Unknown
0
External Organization
*
External Organization
0
28
14
* Where less than 5 has been indicated we are unable to provide you with the exact number of
patients as due to the low numbers, there is a potential risk of identifying individuals if this was
disclosed. We are therefore withholding this detail under Section 40(2) of the Freedom of Information
Act 2000. This information is protected by the Data Protection Act 1998, as its disclosure would
constitute unfair and unlawful processing and would be contrary to the principles and Schedules 2 and
3 of the Act. This exemption is absolute and therefore there is no requirement to apply the public
interest test.
Procedural updates
1. Folowing discussions within the IG Department, it is proposed that the time given to Line
Managers to initial y respond to NI AS notifications is increased to 2 weeks. This will allow for
things such as Annual Leave or Sick Leave to be taken into consideration.
2. The Policy Acceptance screen that appears periodically when a user logs onto the network has
now been amended to include awareness of NI AS.
3. It is proposed that the IG Department will provide the SDU leads with a monthly breakdown of
any outstanding / open incidents in their areas. A template spreadsheet is being developed by
the IG Department which will be distributed as soon as it is ready. It is hoped that this will assist
the SDU leads to bring outstanding / open cases in their areas to conclusion.
Recommendations
• IGB are asked to note the number of NI AS breaches, which appears to have increased
slightly in the last month
• IGB are asked to note that a consistent approach to breaches across ABMU still needs to be
developed and this is an outstanding action from the October 2016 IGB meeting.
3