IP-PGN-14 Part of NTW(O)05 Incident Policy

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "IP-PGN-14 Part of NTW(O)05 Incident Policy"

Transcription

1 Incident Policy Practice Guidance Note Information Governance Incident Reporting Management V01 Date Issued Planned Review PGN No: Issue 1 October 2014 October 2017 IP-PGN-14 Part of NTW(O)05 Incident Policy Author / Designation Responsible Officer / Designation Information Governance Risk and Compliance Manager Executive Director of Performance and Assurance Contents Section Description Page No. 1 Introduction 1 2 Identifying Information Governance Incidents 1 3 Flowchart showing Information Governance Incident Reporting and Review Process during Normal Working 2 Hours 4 Reporting of Information Governance Incidents 3 5 Information Governance Incidents where further Investigation is required 4 6 Incident Management Group 6 7 Rating of Information Governance Serious Incidents 7 8 Information Governance Incidents rated Level 2 and above 8 9 Information Governance incidents rated Level 1 and below 8 Appendices listed separate to PGN Appendix 1 Appendix 2 Appendix 3 Appendix 4 Appendix 5 Appendix 6 Appendix 7 Serious Incidents Requiring Investigation Breach Types Defined Guidance Notes for Completing IR1 Form Template for Non-clinical Incidents Serious Incident Review Report Proforma Template for Assessing the Severity of IG Incidents Serious Incident Review Action Plan Template Table 1 Template Level 2 IG SIRI s Annual Report Table 2 Template Level 1 IG SIRI s Annual Report

2 1 Introduction 1.1 All Health, Public Health and Adult Social Care services must ensure that all Information Governance Serious Incidents Requiring Investigation (IG SIRI s) are reported and handled effectively. 1.2 From 1st June, 2013 the organisations which process health and adult social care personal data are required to grade all IG SIRI s using the criteria implemented by the HSCIC. All IG SIRI s graded Level 2 and above must be reported through the IG Toolkit Incident Reporting Tool. This information will then be accessed by Department of Health, Information Commissioners Office (ICO) and other regulators. 1.3 To assist and support organisations with this process, guidance has been issued by the Health and Social Care Information Centre (HSCIC). 1.4 The content of this Practice Guidance Note reflects the guidance issued by the HSCIC and the purpose of this Practice Guidance Note is to inform Trust staff on how all Information Governance Incidents should be reported and handled within the new framework. 2 Identifying Information Governance Incidents 2.1 There is no simple definition of an Information Governance (IG) Incident. IG Incidents will involve service user / carer / staff or third party information held on various media such as paper, computers, digital recordings and images. Serious IG Incidents may clearly be identifiable from the outset because of the type of breach, but the severity of some incidents may not be fully established until further investigation work has been carried out. 2.2 As a guide, an IG Incident can be: Any incident which involves actual or potential failure to meet the requirements of the Data Protection Act 1998 and / or the Common Law of Confidentiality; This includes an unlawful disclosure or misuse of confidential data, recording or sharing of inaccurate data, information security breaches and inappropriate invasion of people s privacy; Such personal data breaches which could lead to identity fraud or have other significant impact on individuals; Applies irrespective of the media involved and includes both electronic media and paper records. 2.3 A full list of breach types and examples can be found as Appendix 1 in this Practice Guidance Note. If staff need any assistance in identifying a IG breach they should contact the IG or the Caldicott Teams for advice. 2.4 However if a breach occurs and there is uncertainty that it is an IG Incident, the service should contact the IG Team / Caldicott and Legal Affairs Team for advice and support. 1

3 3 The following Flowchart shows the Reporting and Review Process for Information Governance Incidents during Normal Working Hours Reporting of Information Governance Incidents. 4 Reporting of Information Governance Incidents 4.1 Once an incident has occurred and the situation stabilised, the incident should be reported in line with the IP-PGN-01 Incident Reporting and Management by the Service where it occurred. The Service / Directorate 2

4 Manager should contact the Information Governance (IG) Team or the Caldicott and Legal Affairs Team for advice and support. 4.2 The Service / Directorate Manager should complete an IR1 Form and submit it to the Safety Team for inputting into the Safeguard Risk Management System. The IR1 should contain all following information: Details of the person affected; Nature of the incident; Nature of information involved. (i.e. Clinical appointment letter etc.); Number of persons potentially affected. (i.e. Service Users / carers / Staff, etc.); What remedial action has been taken?; If a document / letter has been sent to the incorrect recipient what steps have been taken to retrieve it? 4.3 The IR1 should also describe what remedial action was taken to reduce the impact of the breach and what action will be taken to ensure it does not occur again. The IR1 should contain all following information: Steps taken to notify persons potentially affected. (i.e. Apology given); Details of any after action review whether informal or formal; What procedures have been put in place to ensure type of incident does not reoccur; How has this action been communicated to the relevant people?; Is there an HR process being instigated / implemented?, 4.4 It is of vital importance that the correct information is completed on the IR1 Form as it is the basis of the investigation work carried out by the IG Team and may impact on the rating of the incident under the HSCIC Guidance. Please refer to Appendix 2, Guidance for the Completion of the IR1 Form. 4.5 If the breach has resulted in person identifiable information being sent to the wrong individual, then all efforts must be taken by the Service / Directorate to ensure that the information is retrieved. 4.6 In all incidents where personal information has been breached then the person affected, should be contacted by the Service / Directorate, informing them of the breach, an apology given and provided with details of how to make a complaint through the Trust s complaints process. 3

5 4.7 If, however, the disclosure of the breach would have an adverse effect on the person concerned, then a clinical decision to withhold the information may be taken. However, this should be documented clearly in the patient s records and clear justification must be given for the patient not being informed. 4.8 Once the incident has been reported it is assigned an incident number from the Safeguard Risk Management System and any further information collected should be entered onto that system. The incident will then appear on the Information Governance Weekly Report Open Cases and the Information Governance Detailed Daily Report. 4.9 The IG Team will go into the Safeguard Risk Management System and add in any additional information about the incident they have collected. Based on the information provided, the Team will then provide an initial grading of the impact of the incident following the rating process identified in the HSCIC Guidance to the IG Incident Management Group. (Under Section 7). 5 Information Governance (IG) Incidents where further Investigation is required 5.1 All IG Incidents will be categorised depending on their severity on what level of investigation is required. 5.2 The categories of investigation are as follows: Full Serious Incident Investigation; Formal After Action Review; Team After Action Review. 5.3 All IG Incidents should have either an informal (Team / Department) or formal review of the circumstances around the issue and what steps should be taken to reduce the risk of reoccurrence. 5.4 Some reviews will take the format of an after action review (AAR) and others will have the corrective actions recorded on the IR1. This depends on the severity of the IG Incident. The process entails discussing an IG Incident and recording what actions should be taken by looking at the following: What happened?; Why did it happen?; What went well?; What needs improvement?; What lessons can be learned from the experience. 4

6 5.5 Full Serious Incident Investigation. (Information Governance Incidents) Where a serious IG Incident has occurred then the process for serious incidents should be followed. There are differences to the documents completed due to the nature of IG Incidents but overall the process is the same The Medical Director (Caldicott) and the Executive Director of Performance and Assurance (SIRO) will assign an Investigating Officer to look into the circumstances around the IG Incident. The Investigating Officer should ensure that the investigation is completed within 30 working days The Investigating Officer will also be responsible for collecting witness statements, facilitating the After Action Review (within 10 days) and summarising all the information received into the final Report. The template for the Report is attached as Appendix The completed Serious Incident Review Report should be forwarded to the Directorate Manager and Safety Team for quality checking and signature prior to submission to Incident and Claims Department for the Incident Review Panel. An electronic copy of all the information gathered should be forwarded to the Incident and Claims Department to be attached to the Electronic Incident Record. If this is not possible, Incident and Claims will scan the documents, when they receive them from the Investigating Officer The Incident and Claims Department will construct a Serious Incident Investigation Electronic File for the office and send an electronic pack to the appointed Investigating Officer and relevant people involved in the investigation. The Investigating Officer will be notified of the date of the Serious Incident Review Panel and when papers are due with Incident and Claims The Incident and Claims Department will report the incident on the Strategic Executive Information System (STEIS) to inform the Commissioners / Clinical Commissioning Groups. 5.6 Serious Incident Review Panel In the case of Serious Incidents (SI s) Review Panel for an IG Incident the panel should include members with an Information Governance background as well as clinical and operational representation Therefore the Panel should contain at least three members of the IG Incident Management Group The Panel will consider the Investigating Officers Report and ask questions where issues need clarification. The Panel will also agree the actions recommended by the Investigating Officer on their Report and if necessary add additional actions. 5

7 5.6.4 The Action Plan should be finalised at the Serious Incident Review Meeting and timescales set against the actions for completion. The template for the Action Plan is attached as Appendix 4. 6 Information Governance (IG) Incident Management Group 6.1 The IG Incident Management Group Members include but are not limited to the following: Executive Director of Performance and Assurance (Chair); Director of Informatics; Head of Safety / Patient Experience; Caldicott and Legal Affairs Lead; IG Risk and Compliance Manager; Representative from Human Resources. 6.2 The Information Governance Incident Management Group meets on a fortnightly basis to look at all IG Incidents and update on what actions have been taken to resolve those incidents. 6.3 The Group will also discuss Action Plans from Serious Incident Reviews and map progress of open actions. Clinical Group IG Incident Action Plans will be signed off by the clinical Q and P Group. IG Incidents which do not report to a Q and P Group will be signed off by the appropriate Senior Manager. (For example, Medical, Finance, Performance, Workforce). 6

8 6.4 Once an action has been completed the Incidents and Claims Department will update the Action Plan. Once all actions have been completed it will be signed off by the appropriate group / Senior Manager and the IG Incident will be closed by the IG Incident Management Group. 6.5 The Group receive a weekly report which shows the IG Incidents which have occurred and are still open. Each Incident is discussed and where necessary a Case Manager is assigned from the Group to investigate further the circumstances surrounding the IG Incident. 6.6 The Case Manager will feedback any further information in relation to the IG Incident to the Group. The Group will then decide if any further action needs to be taken or to close the incident. 6.7 The Incident Group will also use the above information provided by the Case Manager to re-evaluate the rating of each IG Incident initially scored by the IG Team. (Under 4.9). 6.8 Once the final ratings of the IG Incidents has been agreed by the Incident Management Group, it will be then sent to the next Senior Management Team (SMT) Meeting for approval. 6.9 Further information in relation to IG Incidents rated Level 2 and above will be provided to SMT for approval prior to submission on the Information Governance Toolkit by the IG Team Once the final ratings have been ratified by the SMT, the Level 2 and above Incidents will be uploaded onto the Information Governance Toolkit under the Incident Reporting Tool by the IG Team All IG incidents rated Level 1 will be reported in the Trust s Annual Report. 7 Rating of Information Governance Serious Incidents Requiring Investigation (IG SIRI) 7.1 The IG SIRI category is determined by the context, scale and sensitivity of the Incident. Every Incident can be categorised as: Level 1 Confirmed IG SIRI but no need to report to ICO, DH and other central bodies; Level 2 Confirmed IG SIRI that must be reported to ICO, DH and other central bodies. 7.2 A further category of IG SIRI is also possible and should be used in Incident Closure where it is determined that it was a near miss or the Incident is found to have been mistakenly reported: Level 0 Near miss / non-event. 7.3 Where an IG SIRI has found not to have occurred or severity is reduced due to fortunate events which were not part of pre-planned controls this 7

9 should be recorded as a near miss to enable lessons learned activities to take place and appropriate recording of the event. 7.4 The initial grading of the incident may change once all the facts of the incident have been established. 7.5 The Checklist Template to produce the appropriate rating for each incident is attached to this document as Appendix Guidance on how complete the grading can be found by clicking on the following link: g%20tool%20publication%20statement_final_v2%200.pdf 8 Information Governance Incidents (IG SIRI) rated Level 2 and above 8.1 Once an IG SIRI rating has been assessed and approved as level 2 or above by the Senior Management Team, the IG team will then upload the information on to the IG Incident Reporting Tool through the IG Toolkit. 8.2 Guidance on how to upload the information on to the IG Incident Reporting tool can be found by clicking on the following link: ool%20user%20guide.pdf 8.3 Detailed definitions and examples of breach types are attached as Appendix The HSCIC guidance also states that Incidents classified at an IG SIRI severity Level 2 need to be detailed individually in the annual report in the format provided as Table 1 attached as Appendix All reported incidents relating to the period in question should be reported, whether they are open or closed incidents. 9 Information Governance Incidents (IG SIRI) rated Level 1 and below 9.1 If an IG SIRI rating has been assessed and approved as Level 1 or below, this does not have to be reported through the IG Toolkit. 9.2 IG SIRI s rated Level 1 and below would be reported using Table 2 in Appendix 7 within the Trust s Annual Report. 8

Standard Operating Procedure for the Management of Information Governance Serious Incidents Requiring Investigation (IG SIRI)

Standard Operating Procedure for the Management of Information Governance Serious Incidents Requiring Investigation (IG SIRI) Standard Operating Procedure for the Management of Information Governance Serious Incidents Requiring Investigation (IG SIRI) DOCUMENT CONTROL: Version: V1 Ratified by: Risk Management Sub Group Date ratified:

More information

Information Incident Management and Reporting Procedures

Information Incident Management and Reporting Procedures ` Information Incident Management and Reporting Procedures Compliance with all CCG policies, procedures, protocols, guidelines, guidance and standards is a condition of employment. Breach of policy may

More information

Information Incident Management and Reporting Procedures

Information Incident Management and Reporting Procedures Information Incident Management and Reporting Procedures Compliance with all policies, procedures, protocols, guidelines, guidance and standards is a condition of employment. Breach of policy may result

More information

Policy: IG01. Information Governance Incident Reporting Policy. n/a. Date ratified: 16 th April 2014

Policy: IG01. Information Governance Incident Reporting Policy. n/a. Date ratified: 16 th April 2014 Policy: IG01 Information Governance Incident Reporting Policy Version: IG01/01 Ratified by: Trust Management Team Date ratified: 16 th April 2014 Title of Author: Head of Governance Title of responsible

More information

Information Incident Management. and Reporting Policy

Information Incident Management. and Reporting Policy Information Incident Management and Reporting Policy Policy ID IG10 Version: 1 Date ratified by Governing Body 21/3/2014 Author South CSU Date issued: 21/3/2014 Last review date: N/A Next review date:

More information

Information Governance Serious Incident Requiring Investigation Policy and Procedure

Information Governance Serious Incident Requiring Investigation Policy and Procedure Information Governance Serious Incident Requiring Investigation Policy and Procedure Document Control Sheet Name of document: Information Governance Serious Incident Requiring Investigation (SIRI) Policy

More information

Data Protection Breach Reporting Procedure

Data Protection Breach Reporting Procedure Central Bedfordshire Council www.centralbedfordshire.gov.uk Data Protection Breach Reporting Procedure October 2015 Security Classification: Not Protected 1 Approval History Version No Approved by Approval

More information

Checklist Guidance for Reporting, Managing and Investigating Information Governance and Cyber Security Serious Incidents Requiring Investigation

Checklist Guidance for Reporting, Managing and Investigating Information Governance and Cyber Security Serious Incidents Requiring Investigation Checklist Guidance for Reporting, Managing and Investigating Information Governance and Cyber Security Serious Incidents Requiring Investigation Applicable to all organisations processing Health, Public

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date

More information

NHS Waltham Forest Clinical Commissioning Group Information Governance Strategy

NHS Waltham Forest Clinical Commissioning Group Information Governance Strategy NHS Waltham Forest Clinical Commissioning Group Governance Strategy Author: Zeb Alam, CCG IG Lead, (NELCSU) David Pearce, Head of Governance, WFCCG Version 3.0 Amendments to Version 2.1 Annual Review Reference

More information

Checklist Guidance for Reporting, Managing and Investigating Information Governance Serious Incidents Requiring Investigation (IG SIRI)

Checklist Guidance for Reporting, Managing and Investigating Information Governance Serious Incidents Requiring Investigation (IG SIRI) Checklist Guidance for Reporting, Managing and Investigating Information Governance Serious Incidents Requiring Investigation (IG SIRI) Applicable to all organisations processing Health, Public Health

More information

PCT Incident Reporting and Management Policy

PCT Incident Reporting and Management Policy Corporate CCG CO08 Incident Reporting and Management Policy Version Number Date Issued Review Date V2: 03/02/2015 25/03/2015 01/04/2018 Prepared By: Julie Rutherford, Senior Governance Officer, NECS Consultation

More information

Policy Name. Completed

Policy Name. Completed ` Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CO07: INCIDENT REPORTING AND MANAGEMENT POLICY Status Committee approved by Approved Management

More information

CCG C008 Incident Management Policy

CCG C008 Incident Management Policy CCG C008 Incident Management Policy Ratified March 2015 This is a corporate policy which outlines the Incident Reporting and Management Framework for Status Hartlepool and Stockton-On-Tees CCG. Issued

More information

Process for reporting and learning from serious incidents requiring investigation

Process for reporting and learning from serious incidents requiring investigation Process for reporting and learning from serious incidents requiring investigation Date: 9 March 2012 NHS South of England Process for reporting and learning from serious incidents requiring investigation

More information

PCT Incident Reporting and Management Policy

PCT Incident Reporting and Management Policy Corporate Incident Reporting and Management Policy Version Number Date Issued Review Date V2 10/02//2015 10/02/2016 Prepared By: Consultation Process: Julie Rutherford Governance Team, NECs Clinical Quality

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying

More information

Policy: D9 Data Quality Policy

Policy: D9 Data Quality Policy Policy: D9 Data Quality Policy Version: D9/02 Ratified by: Trust Management Team Date ratified: 16 th October 2013 Title of Author: Head of Knowledge Management Title of responsible Director Director of

More information

Further to reports to EAG in February and March 2014, the purpose of this report is to;

Further to reports to EAG in February and March 2014, the purpose of this report is to; Report to: Trust Board of Directors Date of Meeting: 29 May 2014 Report Title: Annual Information Governance Report 13/14 Status: Mark relevant box with X Prepared by: Executive Sponsor (presenting): Appendices

More information

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT 9.7 Date of the meeting 15/07/2015 Author Sponsoring Clinician Purpose of Report Recommendation J Green - Head

More information

Information Governance Strategy. Version No 2.1

Information Governance Strategy. Version No 2.1 Livewell Southwest Information Governance Strategy Version No 2.1 Notice to staff using a paper copy of this guidance. The policies and procedures page of LSW Intranet holds the most recent version of

More information

Information Governance and Data Protection Policy

Information Governance and Data Protection Policy Information Governance and Data Protection Policy Page 1 of 21 Document Control Sheet Name of document: Version: Owner: File location / Filename: Information Governance and Data Protection Policy Final

More information

Information Governance Policy and Management Framework

Information Governance Policy and Management Framework Information Governance Policy and Management Framework Policy Number: IG01 Version: 3.0 Ratified by: Governing Body Date ratified: February 2016 Name of originator/author: Louise Chatwyn Information Governance

More information

Information Governance Standards in Relation to Third Party Suppliers and Contractors

Information Governance Standards in Relation to Third Party Suppliers and Contractors Information Governance Standards in Relation to Third Party Suppliers and Contractors Document Summary Ensure staff members are aware of the standards that should be in place when considering engaging

More information

POLICY & PROCEDURE FOR THE MANAGEMENT OF SERIOUS INCIDENTS

POLICY & PROCEDURE FOR THE MANAGEMENT OF SERIOUS INCIDENTS POLICY & PROCEDURE FOR THE MANAGEMENT OF SERIOUS INCIDENTS APPROVED BY: South Gloucestershire Clinical Commissioning Group Quality and Governance Committee DATE August 2015 Date of Issue: August 2015 Version

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Page 1 of 46 Policy Title: Executive Summary: Information Governance Policy This policy seeks to identify the actions required to ensure that information is appropriately

More information

Information Governance Strategy. Version No 2.0

Information Governance Strategy. Version No 2.0 Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

This Policy supersedes the following Policy, which must now be destroyed :

This Policy supersedes the following Policy, which must now be destroyed : Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Removable Media: Data Encryption Policy NTW(O)30 Lisa Quinn Executive Director of Performance and Assurance Sue

More information

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy

More information

Date: 30 th May 2013. Agenda Item: 5.5. Ian Mackenzie Director of Information and Estates REPORT AUTHOR:

Date: 30 th May 2013. Agenda Item: 5.5. Ian Mackenzie Director of Information and Estates REPORT AUTHOR: TRUST BOARD IN PUBLIC Date: 30 th May 2013 Agenda Item: 5.5 REPORT TITLE: Information Governance Annual Report EXECUTIVE SPONSOR: Ian Mackenzie Director of Information and Estates REPORT AUTHOR: Sarah

More information

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety

More information

INFORMATION RISK MANAGEMENT POLICY

INFORMATION RISK MANAGEMENT POLICY INFORMATION RISK MANAGEMENT POLICY DOCUMENT CONTROL: Version: 1 Ratified by: Steering Group / Risk Management Sub Group Date ratified: 21 November 2012 Name of originator/author: Manager Name of responsible

More information

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing

More information

NEWLY CREATED / REVISED POSTS JOB MATCHING POLICY AND PROCEDURE

NEWLY CREATED / REVISED POSTS JOB MATCHING POLICY AND PROCEDURE YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST NEWLY CREATED / REVISED POSTS JOB MATCHING POLICY AND PROCEDURE Author Director of Human Resources Equality impact

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:

More information

Information Governance Strategy 2015/16

Information Governance Strategy 2015/16 Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal

More information

INFORMATION GOVERNANCE HANDBOOK

INFORMATION GOVERNANCE HANDBOOK INFORMATION GOVERNANCE HANDBOOK SECTION ONE Author Tracey Burrows Role Information Governance Manager (CSCSU) Date / Version February 2015 Version FINAL V1.0 Approved by IM&T Board Date 27 February 2015

More information

Information Governance Policy

Information Governance Policy Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version

More information

Information Governance Strategy Includes Information risk & incident management methodology

Information Governance Strategy Includes Information risk & incident management methodology Version 2.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality & Governance Committee Ratification date: May 2014 Review date: May

More information

Incident Reporting Procedure

Incident Reporting Procedure Incident Reporting Procedure Version: Version 1 Ratified by: HEE Board Date ratified: 20 March 2014 Name and Title of Mike Jones, Corporate Secretary originator/author(s): Name of responsible Director:

More information

Checklist Guidance for Reporting, Managing and Investigating Information Governance Serious Incidents Requiring Investigation

Checklist Guidance for Reporting, Managing and Investigating Information Governance Serious Incidents Requiring Investigation Checklist Guidance for Reporting, Managing and Investigating Information Governance Serious Incidents Requiring Investigation 1 st June 2013 Version 2.0 Revision History Version Date Summary of Changes

More information

Policies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1

Policies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1 Policies for: Information Governance Information Quality Information Management Information Security Approved by: None this version Date approved: Name of originator/author: Ade Oduntan, Mike Hellier,

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: Revised: Consultation: Ratified by: 1.0 Information Governance Committee Governance Committee Date ratified: 19 March 2008 Name of originator/author: David McGrath

More information

A Question of Balance

A Question of Balance A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What

More information

Information Governance Strategy Includes Information risk & incident management methodology

Information Governance Strategy Includes Information risk & incident management methodology Version 3.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality Assurance Group Ratification date: March 2015 Review date: March 2016

More information

Incident Management Policy and Guidance

Incident Management Policy and Guidance This document is uncontrolled once printed. Please check on the intranet for the most up to date version. Incident Management Policy and Guidance Includes Serious Incident Management Our Mission is to

More information

JOB DESCRIPTION. Information Governance Manager

JOB DESCRIPTION. Information Governance Manager JOB DESCRIPTION POST TITLE: Information Governance Manager DIRECTORATE: ACCOUNTABLE TO: BAND: LOCATION: CSS Head of Information Governance 8a CSS Job Purpose The Information Governance Manager will ensure

More information

Information Governance Management Framework

Information Governance Management Framework Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date

More information

Corporate Governance, Assurance & Risk Manager. Governance and Assurance Committee. Three yearly, unless guidance or circumstances change.

Corporate Governance, Assurance & Risk Manager. Governance and Assurance Committee. Three yearly, unless guidance or circumstances change. Document reference code: Title: Developed by: Document type: Policy library: Sub Section: Document status: Date of ratification: Ratified By: Date to be reviewed: Incident Management policy Corporate Governance,

More information

Patient Online Services in Primary Care

Patient Online Services in Primary Care Patient Online Services in Primary Care Good Practice Guidance on Identity Verification NHS England INFORMATION READER BOX Directorate Medical Commissioning Operations Patients and Information Nursing

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):

More information

Making Experiences Count Procedure

Making Experiences Count Procedure Making Experiences Count Procedure When a mistake happens, it is important to acknowledge it, put things right quickly and learn from the experience. Listening, Responding, Improving A guide to better

More information

Incident reporting procedure

Incident reporting procedure Incident reporting procedure Number: THCCGCG0045 Version: V0d1 Executive Summary All incidents must be reported. This should be done as soon as practicable after the incident has been identified to ensure

More information

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Final No impact Document Ratified/Approved By Hartlepool

More information

INFORMATION GOVERNANCE POLICY (INCORPORATING INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK)

INFORMATION GOVERNANCE POLICY (INCORPORATING INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK) Ref No: IN-101 INFORMATION GOVERNANCE POLICY (INCORPORATING INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK) AREA: POLICY SPONSOR: Trust Wide Director of Finance IMPLEMENTED: October 2009 REVISED: June 2011

More information

RISK MANAGEMENT STRATEGY 2014-17

RISK MANAGEMENT STRATEGY 2014-17 RISK MANAGEMENT STRATEGY 2014-17 DOCUMENT NO: Lead author/initiator(s): Contact email address: Developed by: Approved by: DN128 Head of Quality Performance Julia.sirett@ccs.nhs.uk Quality Performance Team

More information

Incident Reporting and Management Policy

Incident Reporting and Management Policy Incident Reporting and Management Policy Ratified Governance & Risk Committee Status Final Issued 10/02/2015 Approved By Consultation Equality Impact Assessment Distribution All Staff Date Amended

More information

New v1.0 Date: November 2015 Sarah Hankey - Risk & Claims Manager. Liz Lockett - Associate Director of Quality & Risk

New v1.0 Date: November 2015 Sarah Hankey - Risk & Claims Manager. Liz Lockett - Associate Director of Quality & Risk Corporate Incident Reporting: Standard Operating Procedure Document Control Summary Status: Version: Author/Title: Owner/Title: Approved by: Ratified: Related Trust Strategy and/or Strategic Aims Implementation

More information

BHR CCGs Procedure for Managing Information Governance/Information Security Related Incidents

BHR CCGs Procedure for Managing Information Governance/Information Security Related Incidents BHR CCGs Procedure for Managing Information Governance/Information Security Related Incidents Version Description of Change(s) Reason for Author Date Change 0.1 Draft Created Initial Draft R Lavender 30/09/2013

More information

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs NOTE: This is a CONTROLLED Document. Any documents appearing in paper

More information

Information Governance Strategy

Information Governance Strategy Policy No: IG01 Version: 3.0 Name of Policy: Information Governance Strategy Effective From: 02/06/2015 Date Ratified 06/05/2015 Ratified Health Informatics Assurance Group (HIAG) Review Date 01/05/2017

More information

Type of change. V02 Review Feb 13. V02.1 Update Jun 14 Section 6 NPSAS Alerts

Type of change. V02 Review Feb 13. V02.1 Update Jun 14 Section 6 NPSAS Alerts Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified By Central Alerting System (CAS) Policy NTW(O)17 Medical Director Tony Gray Head of Safety and Patient Experience

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

HOW TO; Report a Serious Incident Requiring Investigation (SIRI) or a Significant Event (SEA) to the Surrey and Sussex Area Team

HOW TO; Report a Serious Incident Requiring Investigation (SIRI) or a Significant Event (SEA) to the Surrey and Sussex Area Team HOW TO; Report a Serious Incident Requiring Investigation (SIRI) or a Significant Event (SEA) to the Surrey and Sussex Area Team Quality & Safety Team, Nursing Directorate. HOW TO. Report a serious incident

More information

Information security incident reporting procedure

Information security incident reporting procedure Information security incident reporting procedure Responsible Officer Author Date effective from 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Responsible Officer Author Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date effective from December 2008 Date last amended December 2012

More information

Data Security Breach Management Procedure

Data Security Breach Management Procedure Academic Services Data Security Breach Management Procedure Document Reference: Data Breach Procedure 1.1 Document Type: Document Status: Document Owner: Review Period: Procedure v1.0 Approved by ISSG

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route

More information

GUIDANCE FOR RESPONDING TO COMPLAINTS. Director of Nursing and Quality. Patient Experience and Customer Services Manager

GUIDANCE FOR RESPONDING TO COMPLAINTS. Director of Nursing and Quality. Patient Experience and Customer Services Manager REFERENCE NUMBER: IN-007 GUIDANCE FOR RESPONDING TO COMPLAINTS AREA: NAME OF RESPONSIBLE COMMITTEE / INDIVIDUAL NAME OF ORIGINATOR / AUTHOR Trust Wide Director of Nursing and Quality Patient Experience

More information

CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE

CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE This document is uncontrolled once printed. Please check on the CCG s Intranet site for the most up to date version CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE Document Title: Contracts

More information

UNIVERSITY HOSPITALS OF LEICESTER NHS TRUST

UNIVERSITY HOSPITALS OF LEICESTER NHS TRUST UNIVERSITY HOSPITALS OF LEICESTER NHS TRUST CLINICAL NEGLIGENCE, PERSONAL INJURY, AND PROPERTY CLAIMS HANDLING POLICY APPROVED BY: THE TRUST BOARD DATE: 6 TH JUNE 2002 REVIEW: ORIGINATOR: ANNUALLY MICHAEL

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Name of Policy Author: Name of Review/Development Body: Ratification Body: Ruth Drewett Information Governance Steering Group Committee Trust Board : April 2015 Review date:

More information

Trust Informatics Policy. Information Governance. Information Governance Policy

Trust Informatics Policy. Information Governance. Information Governance Policy Trust Informatics Policy Information Governance Policy Reference: TIP/IG/IGP I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/ - 1 Document Control Policy Title Author/Contact Document Reference

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version Version 1 Ratified By Date Ratified PROPOSED FOR APPROVAL 15/11/12 Author(s) Responsible Committee / Officers Date Issue November 2012 Review Date November 2013 Intended

More information

TERMS OF REFERENCE: REVIEW OF THE INFORMATION GOVERNANCE TOOLKIT

TERMS OF REFERENCE: REVIEW OF THE INFORMATION GOVERNANCE TOOLKIT TERMS OF REFERENCE: REVIEW OF THE INFORMATION GOVERNANCE TOOLKIT The Information Governance Professional Leadership Group hosted by the NHS Commissioning Board is committed to conducting a strategic review

More information

Security Incident Policy

Security Incident Policy Organisation Title Author Owner Protective Marking Somerset County Council Security Incident Policy Peter Grogan Information Governance Manager Unclassified POLICY ON A PAGE Somerset County Council will

More information

NHS Commissioning Board: Information governance policy

NHS Commissioning Board: Information governance policy NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION

More information

Document No: IG10f. Version: 1.0. Information Governance Contracts Guidance. Name of Procedure: Version Control

Document No: IG10f. Version: 1.0. Information Governance Contracts Guidance. Name of Procedure: Version Control Document No: IG10f Version: 1.0 Name of Procedure: Information Governance Contracts Guidance Author: Release Date: Review Date: Lauren Hamill, Information Governance Officer Version Control Version Release

More information

POLICY FOR THE REPORTING AND MANAGEMENT OF PATIENT COMPLAINTS

POLICY FOR THE REPORTING AND MANAGEMENT OF PATIENT COMPLAINTS Item 9 POLICY FOR THE REPORTING AND MANAGEMENT OF PATIENT COMPLAINTS Authorship: Chief Operating Officer Approved date: 20 September 2012 Approved Governing Body Review Date: April 2013 Equality Impact

More information

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE

More information

INFORMATION GOVERNANCE STRATEGY NO.CG02

INFORMATION GOVERNANCE STRATEGY NO.CG02 INFORMATION GOVERNANCE STRATEGY NO.CG02 Applies to: All NHS LA employees, Non-Executive Directors, secondees and consultants, and/or any other parties who will carry out duties on behalf of the NHS LA.

More information

COMPLAINTS POLICY AND PROCEDURE TWC7

COMPLAINTS POLICY AND PROCEDURE TWC7 COMPLAINTS POLICY AND PROCEDURE TWC7 Version: 3.0 Ratified by: Complaints Group Date ratified: July 2011 Name of originator/author: Name of responsible committee/ individual: Date issued: July 2011 Review

More information

NATIONAL INFORMATION BOARD

NATIONAL INFORMATION BOARD NATIONAL INFORMATION BOARD Paper Ref: NIB 0403-009 BOARD PAPER National Information Board Leadership Meeting MARCH 2015 Title: Work stream 4: Build and sustain public trust: Deliver roadmap to consent

More information

Information Governance Policy

Information Governance Policy Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:

More information

NIGB. Information Governance Untoward Incident Reporting and Management Advice for Local Authorities

NIGB. Information Governance Untoward Incident Reporting and Management Advice for Local Authorities Information Governance Untoward Incident Reporting and Management Advice for Local Authorities March 2013 Contents Page 1. The Role of the NIGB.....3 2. Introduction...4 3. Background Information...6 4.

More information

Information Governance Framework and Strategy. November 2014

Information Governance Framework and Strategy. November 2014 November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date

More information

Trust Board Report. Review of the effectiveness of the IM&T Committee

Trust Board Report. Review of the effectiveness of the IM&T Committee 1. Introduction Trust Board Report Review of the effectiveness of the The meets every eight weeks, with a specific responsibility for governance, strategic direction, approval and direction of developments

More information

POLICY CONTROL DOCUMENT - 2

POLICY CONTROL DOCUMENT - 2 POLICY CONTROL DOCUMENT - 2 NUMBER OF PAGES (EXCLUDING APPENDICES) 8 SUMMARY OF REVISIONS: 22 nd December 2011 Sections removed from policy and placed as Appendix which include the following: Responsibilities

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting

More information

Complaints Policy. Complaints Policy. Page 1

Complaints Policy. Complaints Policy. Page 1 Complaints Policy Page 1 Complaints Policy Policy ref no: CCG 006/14 Author (inc job Kat Tucker Complaints & FOI Manager title) Date Approved 25 November 2014 Approved by CCG Governing Body Date of next

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

Incident & Serious Incident Policy/Procedure

Incident & Serious Incident Policy/Procedure Incident & Serious Incident Policy/Procedure 1 SUMMARY This policy and procedure details the approved requirements for the identification, notification, investigation, action planning/ implementation,

More information

Schedule 13 Security Incident and Data Breach Policy. January 2015 v2.1

Schedule 13 Security Incident and Data Breach Policy. January 2015 v2.1 Schedule 13 Security Incident and Data Breach Policy January 2015 v2.1 Document History Purpose Document Purpose Document developed by Document Location To provide a corporate policy for the management

More information

Privacy and Electronic Communications Regulations

Privacy and Electronic Communications Regulations ICO lo Notification of PECR security breaches Privacy and Electronic Communications Regulations Contents Introduction... 2 Overview... 2 Relevant security breaches... 3 What is a service provider?... 3

More information