We need to collect information from NHS trusts as part of our maternity investigations.
This information includes (but is not limited to):
- patient notes (electronic or scanned)
- equipment memory downloads printouts from all equipment where possible, for example delivery suite, theatres, recovery room
- CTG printouts
- consent forms.
- staff rotas.
- trust policy documents
- local operational procedures and manuals.
Our investigators may also request:
- To take photographs (for example of the delivery suite or theatre layout, equipment screens and equipment switch positions). Any photos taken by the Maternity and Newborn Safety Investigations (MNSI) programme are agreed with the trust.
- CCTV recordings (for example covering the ward, theatres, recovery rooms and drug cupboard videos). In the cases where ambulance trust staff are involved this may also include body worn video if used.
- Any photographs, video or voice recordings already taken by or on behalf of the family, staff or trust.
- ID access records.
- Switchboard records.
How to share information
All information should be collected by the trust as soon as possible after the patient safety incident is identified as meeting the MNSI criteria.
It is expected that information we request is shared and uploaded to our investigation management system (known as HIMS).
We cannot use individual trust-based systems for information collection.
New users are set up with HIMS access by our maternity investigation teams, as required.
Data protection
We take our data protection responsibility very seriously and use the following measures to keep data in HIMS secure:
- Two factor authentication for all external users.
- Logical security segregation is enforced at a group level.
- A least privilege architecture is deployed to the group structure, meaning users only access data and records of relevance to their job role.
- Access requests are only actioned with relevant approvals granted.
- All access requests are logged centrally.
- To ensure all accounts are live and valid, and all other accounts are removed, account auditing is performed on a routine basis.
- HIMS is proactively monitored for security events.
- All suspicious events are investigated in line with our information security reporting procedures.
- HIMS is designed and delivered from the Amazon Web Services (AWS) cloud infrastructure. All data is held securely in UK data centres.
- The HIMS user interface is presented as a web portal. There is no direct interaction with any NHS trust systems, only end user browser sessions.
- HIMS uses 256-bit AES encryption for both transport layer data and data at rest.