To introduce Information Security legislation, guidance and processes that are required in health and social care organisations.
Knowledge and Understanding
After taking this unit the student should be able to:
* Describe the legislation and guidance surrounding information security including:
- BS 7799/ISO 17799
- Data Protection Act 1998
- NHSnet Code of Conduct
- Computer Misuse Act 1990
* Examine the role of information security management within the NHS.
* Discuss the relationship between information security management and confidentiality
* Critically analyse the role of information security management especially with relevance to confidentiality
* Examine the effects of information security management in a shared service environment
* Critically analyse the role of information security management and data quality.
* Explain the contingency procedures and processes that are needed for effective information security management.
* Critically analyse the role of information security management and the information needs of service users.
* Give evidence-based advice to individuals or organisations regarding the effects and management of information security factors in a variety of clinical and management contexts.
* Explain the procedures involved in applying information security management processes and procedures in a range of clinical and management contexts.
* Explain the procedures in assessing the risks in relation to information security management and incident investigation procedures.
* Critically analyse the role of information security management in relation to new development in information systems in the NHS.
These learning outcomes will be taught and assessed.
On completion of this unit students should be able to:
* Apply general guidance and legislation to specific instances
* Audit and identify and manage information security risk
* Advise on the information security needs of the organisation
* Plan and manage their learning through reflecting on and analysing their own learning needs.
* Integrate and critically evaluate information gathered from a wide range of resources including the unit resources, text books, journal articles, web pages and other online resources. An appreciation for a hierarchy of evidence should be displayed.
* Communicate effectively with colleagues and tutors including through asynchronous online discussions.
These learning outcomes will be facilitated and some may be assessed.
This unit will introduce the student to the Information Security legislation, guidance and processes that are required in the NHS. This will specifically look at the BS 7799 / ISO 17799 standard.
* Information Security Legislation and Guidance - effects of Information security Management on the NHS, service users and organisational management.
* IMT Security Officer - role and responsibilities and how this is integrated into the wide Information Governance role
* Wider Legislation - Placing information security management in wider national and international legislative context.
* Information Sharing - Examining how information can be shared internally, externally and across organisational boundaries.
* Risk and Continuity - Assessing Information Security Risk, Information Security Audits and Business continuity
* New Developments - The role and place of Information Security Management within new Information Systems developments.