1 Improved Support for Collaboration Collaboration Toolkit Prepared for Capital Ambition by Private...
-
Upload
gabrielle-mcdonough -
Category
Documents
-
view
224 -
download
2
Transcript of 1 Improved Support for Collaboration Collaboration Toolkit Prepared for Capital Ambition by Private...
1
Improved Support for Collaboration
Collaboration Toolkit
Prepared for Capital Ambition by Private Public Ltd
2
How to use this toolkit
The Collaboration Toolkit represents the combined result of our work in defining and developing improvements to inter-agency collaboration.
The intention is that you can quickly get to the information and solutions you need without stepping through a complex and unwieldy report.
You can get started straight away by clicking on the Homepage. Each relevant section is hyperlinked – and further links should take you to the information you need.
For information on the scope of this Toolkit click here.
For any questions or to suggest updates, contact [email protected]
3
1. Improving interactions between agencies that can be easily streamlined Improving links between existing secure email and contact directories,
including Health and Local Government Extending information sharing solutions to encompass other organisations,
including Schools, Care Homes and other Third Party Providers
2. Deploying collaboration tools that save time and promote joint working Between Local Authorities and within Local and Regional Partnerships
LAs Health Schools 3rd sector Cent Gov Police CJ
LAs Primary focusHealth
Secondary focusSchools
3rd sector
Cent Gov
Out of scopePoliceCJ
Toolkit scope
4
Identifying key information flows
Breakdown of High Risk flows in example London Borough
Service area Category Type of info Partners Flows
Children & families Looked after children, child protection, children’s social care
Child protection register, case information and assessments
Met police, PCT, YOT, schools, probation, voluntary sector, courts, housing
40%
Housing & Community care
Adult social care, housing, temp accomm and homeless assessment
Case information, personal data including rent deposits, security issues
Multi-agency teams inc police, probation, PCT, MHT, + housing associations, hostels, external OOH team, removals companies
40%
Corporate services (e.g. Legal, finance)
HR data, adoptions and fostering
HR data, meeting agendas
External suppliers, Audit Commission, various inc parents
10%
Environment & culture
Health, safety and licensing
Licensee info and enforcement info
Police, central gov agencies 10%
5
Home org
Partner organisations
Local Authority
HealthCentral
GovPolice
Criminal Justice
Schools
Private / 3rd
sector / citizens
Local Authority
Example interactions
Housing – temp acc
Hospital discharge
Benefits - DWP
Child protection
Youth Justice
Looked after children
Care homes
Case transfers (children)
Child protection
Trading Standards
Form 78 – CTN report
Probation CAF External solicitors
Guidance and recommended solutions
General guidance - sharing sensitive information
Secure transfer across government networks Secure transfer outside government networks
Sharing contacts & availability – London Shared Directory
Collaboration Toolkit – Homepage
6
Information uploaded to
NOTIFY website
Alert sent to relevant
neighbouring borough contact
Contact is able to log
on to NOTIFY and view
information
LA - LA: Housing and temp accommodation
7
File printed and faxed to
secure location
Received by second
authority
Scanned and uploaded to
case management
solution
LA - LA: Case transfers (children & families)
8
PCT sends names and
NHS numbers as
an attachment
Section 2 or 5 forms
handwritten and sent as
fax
LA team receives and enters into
relevant system
LA - Health: Hospital discharge
9
Print out excel
spreadsheet
Fax or courier to hospital
Manual input into local systems
LA - Health: Child protection plan
10
Sent using DWP’s secure encryption server DTA (Data
Transfer Appliance)
LA – Central Gov: Benefits and DWP
orSent using GCmail (service owned by
DWP)
11
Staff register for separate
GSI addresses
Staff log on to GSI
accounts and send
information
Info received securely by
HMRC
LA – Central Gov: Trading Standards
12
Social worker finds
colleague with CJSM
account
Info sent to named
contact at Met
using .pnn address
Info received at Met
Info sent by fax or other
meansor
LA - Police: Child protection
13
Merlin generates
fax or secure email using
CJSM
Borough staff receive
via CJSM
LA - Police: Merlin form 78s
14
YOT exports info from local case
management system
Sent as an attachment using CJSM
Assessment info entered
into local systems
Received by YJB
LA – Criminal Justice: Youth Justice Board
15
LA – Criminal Justice: Probation
Social worker logs into CJSM or
GCmail or asks
colleague
Info sent to named
contact in probation
Info received at probation
Info sent by fax or other
meansor
16
Teacher requests LA
webmail account
Signs protocol and
usage doc
Teacher sends report
as attachment using LA webmail
LA helpdesk sets up
account and adds users
LA - Schools: Looked After Children
17
Practitioner faxes
securely
Double sealed in envelope
Received / decrypted by
recipient
Compressed using WinZipor or
LA – Schools: CAF
18
Social worker
phones all care homes individually
Tries to anonymise
data and send via standard
Care home receives and responds on availability
LA - Private / 3rd Sector: Care homes
or
19
Sent using standard
Uploaded to shared
webspace (e.g. Huddle)
Solicitors receive or download
Send by recorded mail or courier
or or
LA – Private / 3rd Sector: Solicitors
20
Summary of issues with current practice
21
The seventh principle of the Data Protection Act states:-
“Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data”
There are therefore two equally important aspects to sharing sensitive data:-.
1)Finding the right technical solution and ensuring it is fit for purpose for enabling:-
a) Secure transfer across government networksb) Secure transfer outside government networks
2)Ensuring organisational awareness – via communications and training for staff and partner organisations
Sharing sensitive information
22
Five step plan1
Audit information
flows
2Confirm benefits with services &
partners
3Draft or update corporate policy
4Source partner
specific material
5Plan and conduct
training
Communications and training: staff and partner organisations
23
Communications and training: staff and partner organisations
1 Audit information flows
Produce or update your list of high risk information flows
2 Check benefits with services & partners
Ensure all parties understand how training and increased info security will benefit customers
3 Draft or update corporate policy
See key content items on next page – and ensure it is updated for any new systems – e.g. Gcmail
4 Source partner specific material
For example local intranet or internet resources - e.g. https://protectinginfo.nationalschool.gov.uk/
5 Plan and conduct training
Usually no more than an hour – and should also include partner orgs
Five step plan (continued)
24
Communications and training: staff and partner organisations
3) Draft or update corporate policy and guidance
There are no common guidelines laid down but ICO advice recommends a security policy is in place to cover risk of loss of sensitive information. Also, documents such as the ‘Pan-London Information Sharing Principles of Good Practice and Proforma’ or the ‘North East London Information Sharing Protocol’ all emphasise the need to specify how sensitive information will be securely exchanged.
Having a corporate policy makes it much easier for practitioners to comply with local agreements. Key points covered by London boroughs within corporate guidance include:-
Assess the risk if info goes astray
Mitigate risks as far as possible
Only send encrypted docs
Don’t send more info than you need
Ask for receipt from recipient
Keep a record of what you send
Don’t use fax if you can avoid it
Encrypt memory sticks or CDs
Treat non-secure mail as ‘post card’
Encrypt memory sticks or CDs
In doubt? Consider risk of not sharing
Consider using group mailboxes
25
Communications and training: staff and partner organisations
4) Source partner specific material
Some organisations make their own e-learning material available more widely – e.g. Schools at https://protectinginfo.nationalschool.gov.uk/
You may also find it useful to pinpoint information for partner staff to reference. For example the Met’s internal guidance at:-
http://intranet.aware.mps/DoI/DoI/Productsandservices/Access_to_Information/IS_Policy.htm
: Or the NHSmail help pages whichexplain which domainsare secure
26
Sharing sensitive information - SolutionsSecure transfer across government networks
1 GCmail Clearly branded local government solution
2 CJSM Low cost and wide usage but CJ focused
3 Partner e-mail system Option to apply for accounts on partner systems – e.g. NHSmail, GSI
If available, the first choice should always be a jointly accessible online application or database (e.g. Case management tools, ContactPoint).
In order of preference the next best options for local authority staff looking to transfer info to health, central gov, police, criminal justice or other local authorities are:-
Click here for diagram showing government network connections
Note: for large files (>10Mb), you will need to follow local guidelines on encryption and use of memory sticks / DVD / CD
27
Sharing sensitive information - SolutionsSecure transfer across government networks
Diagram
courtesy of Gov C
onnect
28
Sharing sensitive information - SolutionsSecure transfer across government networks
1) GCmail
This is the mail service provided by the Government Connect secure network for all local authorities in England. Similar to the GSI as used by central government, it allows local authority staff to have a secure ‘@mycouncil.gcsx.gov.uk’ address separate to their usual email.
PROS CONS
Clear local government identity New service – limited take up at present and partners may not be familiar
Simple email address Depending on your email system – there may be a licence charge for additional mailboxes
Support from central GC team Must undergo training before use
Click here for Implementation Options
29
Sharing sensitive information - SolutionsSecure transfer across government networks
2) CJSM – Criminal Justice Secure eMail
CJSM has been used by Youth Offending Teams for the last 3-4 years, and has recently seen take up increase in other service areas – especially child protection where the Metropolitan police recently introduced new guidelines on data security. Staff will either have an ‘@mycouncil.cjsm.net’ address or ‘@mycouncil.gov.uk.cjsm.net’ address depending on the local implementation.
PROS CONS
Already in use and understood by many partners – especially police
Criminal Justice branding off putting if not using for related reason
Server solution can enable anyone in authority to be mailed by adding ‘cjsm.net’ to address
Additional users may incur a cost long term from OCJR
Can be difficult to understand concept of adding ‘cjsm.net’ to existing addresses.
Click here for Implementation Options
30
Sharing sensitive information - SolutionsSecure transfer across government networks
3) Partner e-mail system – e.g. NHSmail, GSI
Several trading standards departments in local authorities have already set up GSI addresses to allow communication with central government departments, giving staff an ‘@mycouncil.gsi.gov.uk’ address.It is also possible for staff in social care to request NHSmail addresses – i.e. ‘@nhs.net’ and log on using webmail.
PROS CONS
Partners see you as if on same network Not a corporate solution – different departments will be registered for different external mail services
No set up or support cost for local authority
Relies on support from central government or NHS teams
With NHSmail, no brand identity for individual orgs – all ‘@nhs.net’
31
Sharing sensitive information - SolutionsSecure transfer across government networks
1) GCmail – Implementation options
There are two fundamentally different ways in which authorities have implemented Gcmail – with major differences for the end user – meaning that service areas must be involved in the decision making process:-
a)Completely separate service to standard email
The user logs onto a completely separate webmail service (usually Outlook based) in order to send and receive secure mail using their ‘gcsx.gov.uk’ address. This clearly differentiates secure mail and allays any fears about compliance with the GC Code of Connection. (e.g. LB Barking & Dagenham)
b)Integrated with standard email
Implemented as a separate mailbox within your current Outlook installation. As implemented in Torbay, with the support of the central GC team, when you go to send a mail, a pop up box appears asking whether you want to send it Unclassified or Secure. If Secure then it is sent from your ‘.gcsx.gov.uk’ address over the GCSX network.
32
2) CJSM – Implementation options
Every borough YOT has made a decision three years ago on how to implement CJSM, but there is still the option to change if circumstances require:-
a)Secure webmail service – separate from standard mail
Users log on to a secure internet based service and are blocked from sending messages to insecure recipients. Depending on local ICT support – Outlook on individual machines can be configured to check and send mail as a separate account. (e.g. Brent, Ealing)
b)Integrated with standard email
If the authority has installed a CJSM server, then you will be able to send and receive secure mail from your usual inbox – providing you use the ‘cjsm.net’ extension on outgoing mail – and senders do the same with your address (e.g. Havering, Newham)
Sharing sensitive information - SolutionsSecure transfer across government networks
33
Sharing sensitive information - SolutionsSecure transfer outside government networks
A Third party email encryption tools
Can encrypt both email content and attachments – partners can read and reply via a web interface
B Secure web spaces or extranets
Allows files or attachments to be uploaded securely and alerts sent to recipients to log on and respond
After extensive discussion and research, we have concluded that there are two equally valid practical options for communication with external partners:-
Note: despite widespread usage, we have not included WinZip or similar tools in this list. For security reasons, encrypted zip files are often blocked at firewalls and therefore not guaranteed to reach recipients. Along with issues over version incompatibility, we cannot recommend this as a preferred tool.
Click here for a quick comparison of solutions vs key requirements
34
Third party email encryption toolsSecure
webspaceSecure Zip
Local install Corporate install
Remote server
Remote Server
Local Server
Anyone can receive? Yes Yes Yes Yes No
Integrates with existing email?
Yes Yes No No No
Simple for senders and recipients?
Yes Yes Yes Yes No
Handles large files? No No No Yes No
Possible to expand as pan-London solution?
Yes Yes No Yes Yes
Files transfer freely without security issue?
Yes Yes Yes Yes No
Easy to send to large numbers of recipients?
Yes Yes Yes No No
Sharing sensitive information – RequirementsSecure transfer outside government networks
35
Sharing sensitive information - SolutionsSecure transfer outside government networks
A) Third party email encryption tools
It is only practical to send an encrypted email if the recipient organisation is able to read without any installing any additional local software. All of the products we have examined offer an web interface for external recipients to log on, and retrieve and reply to secure messages.
We have not recommended any specific products – but have identified two key different delivery models, with many variations underneath:-
A1 Local install Installed on every machine – with email sent from the desktop over internet via link from Outlook (Software as a Service model)
A2 Corporate solution Installed on corporate server – with no need to set up on individual machines
36
Sharing sensitive information - SolutionsSecure transfer outside government networks
A1) Third party email encryption tools: Local install
Corp data
centre
Corp data
centre
Sender
Recipient
Org A
Org B
Provider
Secure web server
Effective path
Email and file
attachments
37
Sharing sensitive information - SolutionsSecure transfer outside government networks
A1) Third party email encryption tools: Local install
In a similar way to WinZip, you can install a piece of software on you local machine that allows you to encrypt local mail, and recipients to read your mail and any attachments by logging on to a secure website using their own chosen password. Products include: Voltage SecureMail, ZixCorp ZixMail, Websense Hosted Email
PROS CONS
No need to phone up and give password as with secure zip files
Like WinZip, needs to be installed corporately or on individual user machines
Unlike Winzip – your attachment does not run the risk of being blocked for security
Offers the possibility of discount via pan-London procurement and branding
No need for local web server at borough – or any software at recipient side
38
A2) Third party email encryption tools: Corporate solution
Corp data
centre
Sender
Recipient
Org A
Org B
Provider
Secure web server
Sharing sensitive information - SolutionsSecure transfer outside government networks
Locally hosted web
server
Effective path
Option 2
Option 1
39
A2) Third party email encryption tools: Corporate solution
Borough installs solution on local server and is able to automatically route email securely to particular recipients – for example by maintaining a local administered list of domains for preferred partners. Recipients log on to a server web server hosted remotely (Option 1) or on the borough premises (Option 2). Products include PGP Universal Gateway, ZixVPM, Voltage SecureMail Gateway, MessageLabs, Websense, IronMail
PROS CONS
No need to phone up and give password as with secure zip files
Admin involved in maintaining rules for routing mail securely
No need for local install Difficult to create shared London solution if hosted on individual servers
Invisible for borough end users
For thousands of users, usually works out cheaper than Local Install
Sharing sensitive information - SolutionsSecure transfer outside government networks
40
B) Secure webspaces or extranets
Sharing sensitive information - SolutionsSecure transfer outside government networks
Secure web server hosted by local authority (e.g. Sharepoint) or as a
remote service (e.g. Huddle)
Org A
Org B
Org C
Alert that file is available
File up/down loaded
securely
41
B) Secure webspaces or extranets
A potentially simple solution that has become more practical as it becomes easier to manage security. New tools allow users to allow particular users access to particular spaces, and send alerts when new files are uploaded. Increasingly used for collaboration between Central Government departments.
Sharing sensitive information - SolutionsSecure transfer outside government networks
PROS CONS
No need for any local installation – unless choosing to host your own webspace
Admin involved in managing user access
Able to use space to store calendars and other joint working information
Not a solution for encrypting info in day to day emails – only valid for files
Straightforward to create jointly branded London solution
Already in use by many authorities
42
ObjectiveCreate low cost London-wide shared
directory for health and local government that enables staff to share
up-to-date calendar and contact information
BenefitsMore efficient information sharing between health & local authority
organisations and more time spent serving patients and residents
ProblemProfessionals working in cross-sector partnerships have difficulty identifying the right contacts and arranging joint
meetings in order to share information
SolutionLondon Shared Directory – a database hosted by NHS Tower Hamlets that enables free/busy and contact info
to be shared on a daily basis over N3
Sharing contacts and availabilityLondon Shared Directory
43
Low cost of entry – two to three days work from external consultant and minimal local project management
Supported - until at least October 2010 – thanks to funding from Capital Ambition
Tried and trusted – five trusts and one local authority are already connected in the North East London Care Community
Unique solution – with no national or other regional alternative planned
Professionals need it – for existing users this has become an essential part of integrated working
London Shared Directory – Reasons to join
44
London Shared Directory - FAQ
Who can join? Health and local authorities including London Borough, PCTs, MHTs and acute trusts
Who is using it already?
NHS Tower Hamlets, LB Newham, Homerton NHS Trust, East London NHS Foundation Trust, NHS Newham Acute & PCT
How do I join?
The first step is to get in contact with the project team (see contact page). We can then advise further on the basic requirements and the process for connection. We recommend joining at the same time as other local partner organisations so you can share calendar and contact info from day one.
How much does it cost?
This depends on local expertise. In practice the key costs will be any local project resource and the cost of external configuration, estimated at 2-3 days work. There is no ongoing charge and central support is in place until October 2010
Are there plans for future collaboration?
There are plans for a project Phase 2 to enable further collaboration (e.g. Unified Comms or roaming profiles). We are not aware of any other plans for a similar shared directory on a regional or national basis
Who is the service provider?
The current service provider is Eurodata Systems – they provide ongoing support and can connect new joiners – depending on local skills and knowledge
45
London Shared Directory - Contacts
Nick Tjaardstra, Private Public LtdProject [email protected] 320461
Niall Canavan, NHS Tower HamletsSenior Responsible Owner, Board [email protected]
Brian Dunleavy, Eurodata SystemsLead Technical [email protected]