RiaggZuid – Information management practices audit

RiaggZuid is an institution for mental healthcare since 1960. It offers help to young persons, adults and older people with psychiatric or serious psychological problems and their family and persons involved from establishments in Roermond (RiaggRoermond), Weert (RiaggWeert), Echt (RiaggEcht), Heythuysen (RiaggLeudal) and Venlo (RiaggVenlo).

Description | business case

At the end of 2006 there was a breach in the confidentiality of the medical data in the GGZ (now Riagg), South Limburg. A patient managed to publish his and other EPD's on the internet. hict was asked to evaluate the practices, consciousness, processes and technological aspects related to the professional confidentiality in the GGZ, and this in relation to the privacy protection and the respect for medical confidentiality.

Approach

  • mapping of al the parties concerned who worked functionally for the GGZ; 
  • checking the existing procedures and their adequacy; 
  • physical visit of adresses, covering physical and logical security, day and night; 
  • interviews with therapists and staff memebers to map consciousness and practices; 
  • use of NEN 7510 as reference frame for IT security. 

 Result

  • understanding that information management is more than ICT security; 
  • inventory of applications, processes and technological aspects which lead to a breach in the confidentiality;  
  • pointing out the differences between professional confidentiality, medical confidentiality and privacy protection; 
  • mapping of gaps in culture, practices and systems. Together with the management weight was given to the different improvement actions and their urgency or not; 
  • adapted physical organisation and placing of ICT modalities: 
    • The printers are situated in a enclosed room.
    • The archives are electronically guarded.
    • The screens are turned away from any public zones.
    • The waiting rooms are visually protected.
    • There are better backup modalities for laptops.
    • The laptop policy has been made more rigid.
    • The time-out at login was shortened so that unguarded workstations can't provide any access to information.  
  • introducing a risk evaluation scheme in which risks and the impact in relation to persons, roles and category of cause are gathered so that in the future a normal priority can be given to improvement actions; 
  • developing an action plan in order to further improve the information management inside the organisation.

Your contact person

Jan Demey
Managing director
Jan Demey
By submitting this form, you accept the Mollom privacy policy.
MeetDistrict | Ottergemsesteenweg-Zuid 808 B/354 | 9000 Gent | Belgium | Phone: +32 (0)92 77 77 84 | BTW BE 0866 039 556 | RPR/RPM Brugge | e-mail: info@hict.com