ABSTRACT
'Security incidents' is an important element of a good and wide-ranging security policy. Security of information is achieved by ensuring that the following three components are guaranteed: Confidentiality, Integrity, and Availability. A security incident in any event that resulted or had the potential to result in a violation of any of the three components. The severity of the impact depends upon the adverse impact the incident might have, i.e. the risk of harm to the patient's safety or confidentiality/privacy and integrity; a penalty or the lack of the fulfilment of legal obligations; an economic impact; and embarrassment to the profession or healthcare provider. High-risk security incidents that involve IT system security or NHS net should also be reported to the Caldicott Guardian or Clinical Governance Lead in the PCO/PCT. It is imperative to ensure absolute protection and confidentiality for the reporting party.
