Back

Data and Security —
Training activity: 3

Training activity information

Details

Implement data protection and cyber security measures to mitigate risks identified for a clinical system

Type

Developmental training activity (DTA)

Evidence requirements

Evidence the activity has been undertaken by the trainee​.

Reflection on the activity at one or more time points after the event including learning from the activity and/or areas of the trainees practice for development.

An action plan to implement learning and/or to address skills or knowledge gaps identified.

Considerations

  • Change control
  • Co-ordination and logistical issues
  • Cost, procurement and contracts
  • Limitations to implementation
  • Manufacturer and local settings and configurations
  • Down times and system service issues, roll back processes
  • Risk assessments

Reflective practice guidance

The guidance below is provided to support reflection at different time points, providing you with questions to aid you to reflect for this training activity. They are provided for guidance and should not be considered as a mandatory checklist. Trainees should not be expected to provide answers to each of the guidance questions listed.

Before action

  • What do you need to know before embarking on this implementation? This could include specific technical skills related to the identified measures, access protocols, and change management procedures.
  • What do you anticipate you will learn from this experience? Consider the practical application of security measures, the impact of these measures on the clinical system, and any challenges in the implementation process. Reflect on your existing technical skills and knowledge of data protection and cyber security.
  • What actions will you take in preparation for this experience? Will you review implementation guides or protocols? Will you discuss the implementation plan with relevant colleagues or your training officer? Consider potential difficulties during implementation (e.g., system downtime, user impact) and how you might handle them. Identify how you feel about embarking on this training activity.

In action

  • As you implement the security measures, what specific actions are you taking? Why are you choosing this particular method of implementation?
  • What decisions are you making about the configuration and testing of these measures?
  • Which steps of the implementation process feel routine, and where do you need to pay close attention to detail or troubleshoot?
  • How effectively do you believe the implementation is addressing the identified risks? What technical or logistical challenges are you encountering?
  • What practical lessons are you learning about deploying security controls in a clinical environment? How does this compare to theoretical knowledge you have?
  • If you encounter difficulties during implementation, what alternative approaches could you try? Do you need to seek technical support or further guidance at this point? Are the actions you are taking in line with documented procedures and your level of authorisation?

On action

  • Describe the data protection and cyber security measures you implemented, the system they were applied to, and any challenges encountered during implementation.
  • What practical skills did you gain in implementing data protection and cyber security measures? What did you learn about the effectiveness and feasibility of the chosen mitigation strategies? Did you need to adapt your implementation approach based on real-time feedback or challenges?
  • What aspects of implementation do you feel confident in, and what areas require further development? How will you apply this practical experience to future implementation tasks? What are your next steps in consolidating your knowledge of data protection and cyber security implementation? Do you require any further resources or hands-on experience with specific security tools or techniques?

Beyond action

  • Have you revisited the specific measures you implemented? Were they effective? What challenges did you encounter during implementation, and how has that experience informed your understanding of practical security implementation?
  • How has this hands-on experience influenced your ability to contribute to discussions about data protection and cyber security in your current practice? Has it highlighted the importance of planning and testing security measures?
  • What transferable skills, such as problem-solving and technical implementation, did you develop? What clear actions can you take to further develop your practical security skills?

Relevant learning outcomes

# Outcome
# 2 Outcome

Review and identify data protection and cyber security risks for clinical information systems and develop and implement appropriate mitigation strategies.
# 3 Outcome

Apply the principles of “data protection by design” to new and existing clinical information systems.
Top