About Information Governance  


 

Information Governance is a mandatory mode of operation for sites in England configured for EPSR2. For sites in Scotland and Wales it is an opt-in feature. For more details contact  Service Desk.

 

The principles of information security require that all reasonable care is taken to prevent inappropriate access, modification or manipulation of data from taking place. In the case of the NHS, the most sensitive of our data is patient record information.

To prevent unauthorised access to confidential patient data, ideally, all pharmacy users should be assigned an individual user ID. However, there is a balance between security and usability of system, and it is recognised that individual staff logins may not be a practical option at this time, for example to control access to Pharmacy Manager by your pharmacy staff.

Decisions on the extent of access controls should be taken by the pharmacy contractor based on the risks of unauthorised access, the nature of the data and the impact on pharmacy workload of any controls.

 

Pharmacy Manager provides password protection in line with suggestions from the NHS Information Governance Pharmacy Contractor Workbook (Requirement 305 - page 28)

  • Users must change their password after the first log in.

  • Users must specify complex passwords.

  • Users must change their passwords periodically.

  • Prevention of password re-use.

  • Users may change their password at their request.

A temporary administrator password is supplied as part of the installation/upgrade. This remains valid for 28 days during which period it is advised that you create your own user ID/passwords.

 

If you do not enter at least one administrator password within the first 28 days following installation/upgrade, access to Pharmacy Manager is disabled and can only be gained with assistance from Service Desk.

 

It is suggested that the IG lead input a list of users (including themselves) with user IDs and temporary start-up passwords that require each individual to change them when first used. The IG lead does not need to consult with staff in determining user IDs as the system creates them automatically from the entered first and last names. For example, enter the first name Peter and last name Beech and the user ID PBeechis created by the system.

Similarly, as part of any normal induction processes new staff required to use the computer system should be issued with a user ID, password and access rights appropriate to their role.

 

See also User account - adding and User account - management.

 

In addition to password access to control to Pharmacy Manager, smartcards are used for access to EPSR2 functionality within the system e.g. retrieving prescriptions from the NHS Spine or tracing and updating patients in the PDS.

 

Advanced options

In addition to the standard IG user account functionality, it is possible to have the system configured to enable an advanced password reset mode.

Without reducing overall security, system users will be able to quickly and intuitively unlock their account if they have forgotten their password. There are several benefits:

  • Less downtime for users who have been locked out of Pharmacy Manager or cannot remember their password.

  • A user is not reliant on the Cegedim Rx service desk or their IG administrator to re-establish access.

  • User can establish access to the Pharmacy Manager outside Cegedim Rx's support hours.

  • More customer friendly and intuitive approach to re-establishing access to Pharmacy Manager.

This is optional functionality. Where it is felt to be unnecessary, you will not be forced to change your established operating procedures for something that is considered "not broke"!!

For more details on this advanced option, contact Service Desk.


Updated 9th August 2013