? Credit Points : 10  ? SCQF Level : 11  ? Acronym : MED-P-P02842

To introduce Information Security legislation, guidance and processes required in health and social care organisations.

? This course is not available to visting students.

? Pre-requisites : None other than programme entry requirements

? Co-requisites : This is a compulsory course for all candidates on the Cert/Dip/MSc in Health Information Governance programme.

? Special Arrangements for Entry : The course will be delivered using RCSEd’s VLE with appropriate links to the University’s systems. Students will be expected to use a range of flexible learning methods including participation in discussion forums and wikis and accessing resources in a range of formats e.g.
pdf files, video clips, and audio files. In addition to the course materials and resources provided, candidates will be expected to use internet and published resources during self directed study and research.

Home subject area

Health Information, (Medicine, Schedule R)

? Normal year taken : Postgraduate

? Delivery Period : To be arranged/Unknown

? Additional Class Information : The student will be expected to spend approximately 10 hours per week reading the course materials and additional/supplementary online and published resources; participating in online discussions and submitting required assignments.

a. Describe the legislation and guidance surrounding information security including:
• BS 7799/ISO 17799
• Data Protection Act 1998
• NHSnet Code of Conduct
• Computer Misuse Act 1990
b. Examine the role of information security management within the NHS.
c. Discuss the relationship between information security management and confidentiality
d. Examine the effects of information security management in an information sharing environment
e. Critically analyse the role of information security management and data quality.
f. Explain the contingency procedures and processes that are needed for effective information security management.
g. Give evidence-based advice to individuals or organisations regarding the effects and management of information security factors in a variety of clinical and management contexts.
h. Explain the procedures used to assess the risks in relation to information security management and incident investigation procedures.
i. Critically analyse the role of information security management in relation to new development in information systems in the NHS
j. Audit, identify and manage information security risk
k. Advise on the information security needs of the organisation

Course assessments will relate to the learning outcomes. The summative work will be approximately 3000 words in total and be approved by the Programme Committee, on the
recommendation of the Course Convenor. Combined with formative components, it may incorporate one or more of the following:
• Essay style analysis or commentary
• Scenario analysis
• Critical/Significant incident analysis
• Reflective practice accounts
• Individual presentations
• Multiple Choice Questions
• Other relevant assessments

The Course Secretary should be the first point of contact for all enquiries.

Course Secretary

Miss Ashley Stevenson
Tel : (0131) 527 3410
Email : asteve10@staffmail.ed.ac.uk

Course Organiser

Dr Claudia Pagliari
Email : Claudia.Pagliari@ed.ac.uk

School Website : http://www.mvm.ed.ac.uk/

College Website : http://www.mvm.ed.ac.uk/