link to page 5
Data Privacy Impact Assessment
A Data Privacy Impact Assessment (DPIA) is a process which helps to assess privacy risks to individuals in
relation to any use of their personal information (known as ‘processing’).
From May 2018, DPIAs will be mandatory for any organisation that is undertaking any project which involves
new or changed use of any personal data.
Project Administration
Project Name:
CERNER and TPP SystmOne Integration
Project Lead:
The person responsible for managing the project and documentation.
Date Updated:
27/12/2018
Programme Governance
Programme Board:
Integrated Health Record
Programme Lead:
The programme lead for this projects Right Care Programme.
These questions are intended to help decide if a DPIA is necessary.
Is new information about individuals (staff, patient or others) being collected?
Is information about individuals being collected or processed in a new way?
Will information about individuals be collected or stored in a new place (physical or electronic)?
Will a system that stores information about individuals be reconfigured or developed?
Will your project disclose information about individuals to organisations or people who have not previously
had routine access to the information?
Are you using new technology (software, hardware etc.) that will collect, process or store information on
individuals?
Will your project combine, compare or match data from multiple sources?
Alternatively, follow the flowchart in Appendix 1 to determine if a DPIA is required.
If the answer to any of the above is yes, a DPIA is required.
Results of Initial Screening
Is a full DPIA required?
Yes
If not, confirm reasons:
If a DPIA is incorrectly not carried out, the Trust is at risk of prosecution.
Date of screening:
15/10/2018
If a DPIA is not required, please send a copy of this front page to the Information Governance team at
xxxxx.xxxxxx@xxxxx.xxx.xx. If a DPIA is required please continue.
The following template should be used to record the full DPIA process and results. You can start to fill in
details from the beginning of the project, after the screening questions have identified the need for a DPIA.
Step 1 - Identify the need for a DPIA
Currently the record of patients under the care of ANHSFT is restricted (subject to consent) to those whose
practice uses TPP SystmOne. There has been a technical barrier to viewing CERNER data. CERNER has
been since May 2018 been the Electronic Patient Record (EPR) and PAS System in use at Bradford
Teaching Hospitals Foundation Trust (BTHFT) and Calderdale and Huddersfield NHSFT. TPP and CERNER
have developed a way to view patient data (subject to consent) between the system platforms to be possible.
The benefits to patients is that there will be visibility of the ANHSFT SystmOne record within the BTHFT
CERNER Record. This will increase the depth and breadth of information available to the clinicians,
improving clinical quality and operational efficiency as well as patient experience (not having to repeat their
‘stories’).
Once approved, rolling this outbound and Inbound integration between ANHSFT SystmOne and BTHFT
CERNER is aligned with our IM&T Strategy and also the organisations Digital Strategy.
A DPIA is required in this case as this integration will provide us and our colleagues using CERNER (subject
to consent) with the opportunity view more information on patients receiving care from ANHSFT teams. This
integration will also be comparing, combining and matching data from multiple sources
Step 2 - Describe the information flows Whether or not a patient’s record is shared via the SystmOne-CERNER integration is governed by the
patient’s Record Sharing consent settings.
Data from the external CERNER system will not be stored in our SystmOne record (or vica versa), we will
consume data on a consent basis and it will be a read only real time snapshot.
The patient’s sharing consent is usually recorded at the time of registration.
2 LINES REDACTED
Step 3 - Consultation requirements
Explain what practical steps you will take to ensure that you identify and address privacy risks. You should
link this to the relevant stages of your project management process. Consultation can be used at any stage
of the DPIA process.
Who should be consulted,
BTHFT IG Service, ANHSFT IG Group, IHR Programme Board, SIRO, Caldicott
internally and externally?
Guardian,
How will you carry out the
Briefing papers, Meetings, Individual consultations, Undertaken as a Business
consultation?
As Usual rollout rather than as directly within an IHR Project.
Step 4 - Identify privacy and related risks
Highlight KEY associated compliance and corporate risks
Larger-scale PIAs might record this information on a more formal risk register.
Associated
Privacy Issue
Risk to Individuals
Compliance Risk
Organisation /
Corporate Risk
Primary care record
Records being viewed
being viewed without
without consent for a
Audit process not being
consent for a wider group
wider group of patients
in place leading to
Reputational Risk
of patients than currently
than currently technically
unauthorised access
technically possible.
possible.
Step 5 - Identify privacy solutions
Describe the actions you could take to reduce the risks, and any future steps which would be necessary (e.g.
the production of new guidance or future security testing for systems).
Evaluation
Result
(Is the final impact on individuals
(Is the risk
after implementing each solution a
Risk
Solution(s)
eliminated, reduced
justified, compliant and
or accepted?)
proportionate response to the aims
of the project?
Policy, and SOP
supported by training
and guidance to staff
Records potentially
relating to consent
being viewed without
capture and accessing
consent for a wider
Reduced and
of records.
Yes
group of patients than
Accepted
Implement Audit
currently technically
Procedures.
possible.
Monitor and review
effectiveness of audit
procedures
Step 6 - Sign off and record the DPIA outcomes
Solutions to be
Explain how the above solutions to privacy risks are to be implemented.
implemented:
Approved by:
Should be approved by project sponsor or other designated approver.
Approved Date:
Date of approval.
Step 7 - Integrate the DPIA outcomes back into the project plan
Consider who is responsible for integrating the DPIA outcomes back into the
How will DPIA outcomes
project plan and updating any project management paperwork.
be integrated with the
project plan?
Who is responsible for implementing the solutions that have been approved, by
when?
Contact point for future
privacy concerns:
Please ensure that a copy of this completed form is uploaded onto AireShare and forwarded to the Information
Governance team: xxxxx.xxxxxx@xxxxx.xxx.xx
Please note that where a DPIA identifies a high risk and you cannot take any measures to reduce the risk, you
cannot go ahead until this is referred to the Information Commissioners Office. You must refer immediately to
the Information Governance team.
Appendix 1
Does your project collect or
process staff or patient
Is new information about
Yes
information on individuals (staff,
individuals being collected?
patients, others)?
Yes
No
Is information about individuals
being collected or processed in a
new way?
No
Yes
Will information about
individuals be collected or stored
in a new place (physical or
electronic)?
No
No
Yes
Will a system that stores
information about individuals be
reconfigured or developed?
No
Will your project disclose
information about individuals to Yes
organisations or people who
have not previously had routine
access to the information?
Yes
Yes, carry out a full
No
DPIA
Are you using new technology
(software, hardware…) that will
Yes
collect, process or store
information on individuals?
No
Will your project combine,
compare or match data from
Yes
multiple sources?
No
Do not carry out a full DPIA