Information Sharing Policy

Size: px
Start display at page:

Download "Information Sharing Policy"

Transcription

1 Information Sharing Policy REFERENCE NUMBER IG 010 / 0v3 February 2013 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive Committee REVIEW DUE DATE February 2016

2 West Lancashire CCG is committed to ensuring that, as far as it is reasonably practicable, the way we provide services to the public and the way we treat our staff reflects their individual needs and does not discriminate against individuals or groups on the basis of their age, disability, gender, race, religion/belief or sexual orientation. Should a member of staff or any other person require access to this policy in another language or format (such as Braille or large print) they can do so by contacting the West Lancashire CCG who will do its utmost to support and develop equitable access to all policies. Senior managers within the CCG have a responsibility for ensuring that a system is in place for their area of responsibility that keeps staff up to date with new policy changes. It is the responsibility of all staff employed directly or indirectly by the CCG to make themselves aware of the policies and procedures of that CCG. 2

3 CONTENTS PAGE 1 PURPOSE 4 2 SCOPE 4 3 GUIDANCE Information and Data Sharing Tier Zero Information Sharing Agreements Tier Zero Tier One Tier Two 6 4 REFERENCES AND BIBLIOGRAPHY 7 5 ASSOCIATED DOCUMENTS Other Associated Documents 8 6 APPENDICES 9 Appendix 1 Data Protection/Caldicott Principles 9 Appendix 2 Tier 2 Checklist 10 Appendix 3 Tier 2 Template 15 3

4 1.0 PURPOSE The purpose of this policy is to define clear rules (and associated authorisation governance processes) about what information (data) may and may not be shared, with whom, and for what purposes. There are also explicit requirements around data handling that ensures data is handled in a secure and confidential manner. This document seeks to provide all NHS West Lancashire Clinical Commissioning Group (CCG) personnel who use patient data with guidance to safeguard the confidentiality of the patient when the data is used for purposes other than direct patient healthcare. This policy is concerned with the security of patient information when used for purposes other than direct patient care. This policy is in line with the NHS Operating Framework and the Information Commissioner s statutory Code of Practice. 2.0 SCOPE This policy applies to all staff employed by or working on behalf of NHS West Lancashire CCG including contracted, non-contracted, temporary, honorary, secondments, bank, agency, students, volunteers or locums. 3.0 GUIDANCE 3.1 INFORMATION AND DATA SHARING Information sharing is essential to support patient care and to facilitate operational processes. Before developing an information sharing agreement it is recommended that a Privacy Impact Assessment is completed. This will provide a guide to ensuring that all aspects of privacy have been addressed and considered. Contact your Information Governance lead for a copy of the Privacy Impact template and to register your Privacy Impact Assessment. When sharing information it is important to remember that where possible anonomysed information should be used. Sharing information should comply with the Data Protection Act 1998, which breaks down the requirements into eight Principles to make it easier to follow. The principles are listed in Appendix 1 at the rear of this document. In addition the Caldicott Principles must also be considered to ensure that the information being used is done so in best interests of the patients. The Caldicott 4

5 Principles can be found in Appendix 1 of this document. The following points define the NHS West Lancashire CCG approach for the sharing of information and data: Information / data use and sharing will meet legal requirements All patient identifiable data flows to NHS West Lancashire CCG will be securely managed via the New Safe Haven (as required under pseudonymisation) Patient identifiable data will only be used for authorised primary use (direct patient care related) purposes. For secondary use purposes, national pseudonymisation rules will be implemented. Access to patient identifiable data will be: - To use the minimum amount of information required. - On a need to know basis. - Within a secure system (technical and organisational). Person identifiable data will not be shared or otherwise released unless appropriately authorised. All information sharing must have agreed processes for authorising the use of patient identifiable data. Where there is no approved process already in place, the Caldicott Guardian holds responsibility for authorising (or not) the release of patient identifiable data. Any patient level data sharing with other organisations outside NHS West Lancashire CCG will be documented and reflected in authorised data sharing agreements and processes. Individual consent to sharing information will be sought where appropriate/possible (for example within approved Research Projects). Transfer of data will be via approved secure processes (technical and organisational) to prevent loss or unauthorised access. Publication rules will be adopted to ensure confidentiality issues, data sources, data quality; audit trails are sufficiently addressed / documented in published information. Aggregate data will usually be available to the public unless falling under Freedom of Information Act exemptions. 5

6 Methods of transferring data will be secure and encrypted. Nhs.net to nhs.net using the Secure File Transfer is the preferred NHS West Lancashire CCG method of transferring data electronically. 3.2 Tier Zero Information Sharing Agreements When information cannot be shared in an anonomysed format with partner agencies, it becomes necessary that personal identifiable data needs to be shared between partners. In order to ensure the information being supplied is restricted to being within necessary bounds an Information Sharing Framework needs to be used. NHS West Lancashire CCG along with many other NHS and local authorities have signed the Tier Zero Information Sharing process in order to produce clarity and transparency, in addition to simplifying information sharing for staff and partner organisations Tier Zero The Tier Zero is a simple two page overarching agreement signed once by the accountable officer of each partner organsiation. Once signed this document is held by the agreed custodian and added to the matrix of partners, which should be displayed on NHS West Lancashire CCG s internet for transparency. A copy of Tier Zero can be obtained from the Information Governance Lead Tier One Tier One is the legislative part and the guidance that staff must follow which has been assimilated into one document to support the writing and compliance of the actual information sharing document. A copy of the agreed Tier One is available from the information governance team at the commissioning support unit (CSU). This document is reviewed every two years or when new or additional legislation is introduced Tier Two The Tier Two part of the information sharing agreement to the actual mechanics of: The reason for sharing information What information, is to be shared By who To whom In what format What frequency 6

7 How it will be transferred Security arrangements Retention arrangements To this end a checklist to completing the Tier Two has been completed and can be found at Appendix 2. Tier Two documents should be completed and agreed by the practitioners involved using the Tier Two document, which can be found at Appendix 2 and 3. Once agreed the Tier Two should be signed by the Caldicott Guardian once they are satisfied that the arrangements are suitable and guidance has been followed. A copy of a fully signed Tier Two should be given to all parties for safe keeping. 4.0 REFERENCES AND BIBLIOGRAPHY There are several acts and national guidance by which Information Governance abides. These include but are not limited to: Data Protection Act 1998 available from Access to Health Records Act 1990 available from Human Rights Act 1998 available from Freedom of Information available from Record Management available from: Common Law of Confidentiality NHS Confidentiality- code of Practice available from: nspolicyandguidance/dh_ Caldicott Report available from: althservicecirculars/dh_ NHS For the Record available from: cordsmanagement/index.htm The Abortion Regulations Act 1991 available from: The Computer Misuse Act 1990 available from: The Census (Confidentiality) Act 1991: The Civil Evidence Act 1995: The Electronic Communications Act 2000: 7

8 The Public Interest Disclosure Act 1998: Crime and Disorder Act 1998: NHS For the Record available from: cordsmanagement/index.htm NHS Retention of Records available from: nspolicyandguidance/dh_ ASSOCIATED DOCUMENTS Report on the review of patient-identifiable information (the Caldicott report) Dame Fiona Caldicott Provided a set of rules and regulations concerning the use of patient data by the NHS. (http://www.dh.gov.uk/en/publicationsandstatistics/publications/publicatio nspolicyandguidance/dh_ )data Protection Act 1998 Legislation governing the use of information about living individuals. (http://www.opsi.gov.uk/acts/acts1998/ukpga_ _en_1) NHS Connecting for Health guidance on information mapping and data flows of Personal Identifiable Data (PID). (https://www.igt.connectingforhealth.nhs.uk/whatsnewdocuments/inform ation%20mapping%20guidance%20document%2007%2001%200 8.doc) 5.1 0THER ASSOCIATED DOCUMENTS Document Title Information Governance Policy And Internet Usage Policy Pseudonymisation Policy Information Security Policy 8

9 6.0 APPENDICES 6.1 Appendix 1 Data Protection/Caldicott Principles DATA PROTECTION ACT 1998 PRINCIPLES AND PRACTICES TO ENSURE COMPLIANCE Principle 1: Personal data shall be processed fairly and lawfully Principle 2: Personal data shall be obtained for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes Principle 3: Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed Principle 4: Personal data shall be accurate and, where necessary, kept up to date Principle 5: Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes Principle 6: Personal data shall be processed in accordance with the rights of data subjects under this Act Principle 7: Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data Principle 8: Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data CALDICOTT PRINCIPLES for handling patient-identifiable information Principle 1: Justify the purpose(s) Principle 2: Don t use patient identifiable information unless absolutely necessary Principle 3: Use the minimum necessary patient identifiable information Principle 4: Access to patient identifiable information should be on a need to know basis Principle 5: Everyone should be aware of their responsibilities Principle 6: Understand and comply with the law 9

10 6.2 APPENDIX 2 Tier Two Checklist Paragraph Question number 3a Who are the organisations who are party to the agreement? Answer 3b Why do you want to share? What is the Purpose of Information Sharing? Does the purpose comply with the Data Protection Act and other key legislation listed in Tier 1 3c What will the benefits of sharing be? 3e Are there Statutory duties to share this information? Is it a partnership as a direct result of legislation or a government initiative? Are there any restrictions on sharing this information? Legal, commercial. 3f What information do you need to share? Is confidential or sensitive information to be shared? List specifically what data is intended to be shared 3g Are there any alternatives to sharing personal information?

11 Can the information be anonymised? 3h What are the consequences of not sharing information? 3i Who will be affected by the agreement? e.g. Children, older people, people living in a particular area, specific groups What are the risks in sharing the information? Is any individual likely to be damaged or harmed by information being shared? Is any individual likely to object? 3j What new processes or procedures will be required to enable information to be shared? Will new or changed authentication checks be required that could be intrusive? i.e. How will the information be obtained, who will access, when access necessary, audit trails, physical security and system security. How will staff be trained in using the new process/procedure? The procedures could be attached to the completed Tier 2 9

12 document or reference made to where they will be held. 3k Are outside contractors to be used? Contracts need to include confidentiality clause re Information Governance Security requirements. 4 How will the public be informed that their information will be shared? The public need to be told: a b c d e f g h What information will be shared? Who with, which staff/organisation will see it? When will information be shared? Is a Fair Processing Notice required? How will you distribute the fair processing information? Do the public know who to contact for enquiries? How will consent be obtained to share the information? What procedures will be in place to allow sharing without consent? Include risk assessments, documentation of decision 10

13 5a b c d e 6a b c d e f What quality assurance checks are in place to ensure recorded information is of an acceptable quality? When will information be recorded, who will record the information? Is the information collected relevant? Will all the information be needed? How will the quality of the information be reviewed? Who will be the data controller? What retention period has been agreed for the information? What is the review period for the retention policy? What are the legal requirements to retain or delete information? Will the information be archived or deleted when no longer required? How will this be done? Who will be responsible for holding the information? (The Information Asset Owner for the information) Who will be responsible for ensuring each organisation complies with the agreed retention policy and how will this be done? 11

14 7 a b c d Who will be responsible for security of the system holding the information? Who will monitor access to the system and report breaches/incidents? What process is in place to deal with incidents/breaches or staff non compliance with procedures? Who will be responsible for technical security? (user access issue of passwords, system restrictions, backup procedures for system) Is there organisational security in place to prevent access to offices, fax machines, computers or areas where personal information may be seen by the public? Who is the data controller for the information? Need to agree responsibilities of each organisation and document. 8 Who will process Subject Access Requests and how will this be done? Subject Access Request = where service users have requested to see their personal information i.e. Which organisation will process Subject Access Requests? 12

15 Do the public know how they can access their information? 9 What review period has been agreed for the Information Sharing protocol? Need to check that the sharing of information is still achieving its objectives, still appropriate and the safeguards still meet the risks. Who will undertake the review? 10 What is the process for dealing with complaints from service users? Who will process them? How will they be reported to partner organisations? 11 Detail process for resolution of a dispute between partner organisations. Nominated officers for dealing with dispute, Investigations, findings, remedial action, consequences, notification of affected service users and organisation. 12 Include a list of lead officers involved in agreeing this Information Sharing Protocol. Obtain signatures from lead officers when they have agreed and ensure copies of signed Information Sharing Protocol 13

16 given to all parties including the Information Governance Team for the organisation. 14

17 6.3 APPENDIX 3 Tier 2 Template NORTH WEST AND PARTNERS INFORMATION SHARING CODE OF PRACTICE Template for Information Sharing Code of Practice Operational Guidance for Staff (Tier 2) 2011

18 1. Tiered Framework of the Information Sharing Code of Practice This Overarching Standard for Information Sharing is designed to be used in conjunction with a set of documents within a Tiered Structure. The structure is designed to provide a framework for the secure and confidential sharing of information between the partner organisations that contribute to the wellbeing of residents and ensuring disclosure is in line with statutory requirements. Information may be stored in many different formats such as, physical, electronic, audio or video. There are 3 main tiers to the structure.- Tier Zero- This is a document signed by a Chief Executive of an organisation agreeing in principle to share information responsibly. The names of all agencies in agreement are listed and can be added to as more agencies became involved. Organisations should, if possible, place copies of tier 0 and tier 1, and a list of partner organisations, on their internet sites to reassure the public of their commitment to sharing responsibly. If not this Tier 0 document, a document similar to a Tier 0 document must be signed by the Chief Executive of all organisations wishing to take part. Only one Tier 0 document need be signed by the Chief Executive for any number of Tier 2 documents agreed beneath it. Tier One- This is an overarching standard outlining the agreed procedures for sharing information. It is this document which sets the standards for obtaining, recording, holding, using and sharing of information. - Outlines the supporting legislation, guidelines and documents which govern information sharing between partner organisations Tier Two- This gives guidance to operational practitioners on the production of a protocol for the safe sharing of information. These protocols should show what information should be shared and how and under what circumstances and by whom, and should be tailored to individual partnerships. This document will require authorisation of the participating partnership organisations. A copy of this document should be lodged with the Information Governance section. Guidance would suggest that the following are included - o Fair processing notices, o Consent leaflets, o Social Care Record Guarantee, o Confidentiality statement, o Subject access o Privacy Impact Assessment This Code of Practice is designed to simplify and strengthen the sharing of information between partner organisations in the North West, along with other partners which border the geographical area and with whom we may share information. 16

19 Tier 2 Information Sharing Code of Practice Guidance 2. Introduction The Government understands that it is most important that people remain confident that their personal information is kept safe and secure and that practitioners maintain the privacy of the individual, whilst sharing information to deliver better services. It is therefore important that practitioners can share information appropriately as part of their day-to-day practice and do so confidently. The Data Protection Act 1998 is not a barrier to sharing information but provides a framework to ensure that personal information is shared appropriately. SOLACE (Society of Local Authority Chief Executives) advise: Keep information safe and accurate - prevent leakages, respect the citizen's preferences for how it is used and retain sound and appropriate records. Share and exploit information - exploit for better services, adopt new practices, share information with partners, gain value for money and continuous improvements against targets. This template contains general guidance and descriptions of what an Information Sharing Protocol needs to contain. There are 10 areas which need to be covered. You can either cover each topic individually or you may find that with your particular document you are able to cover more than one topic in each section. You may also find that there are issues which you want to include but are not specified in this document, in which case you should go ahead and include anything which you feel is relevant and lawful. Some examples of suitable text are given although it is not possible to do this for the major part of the document as each new protocol is individual and specific to the project. It is advised that you look at the other tiers in the framework before embarking on the creation of your Information Sharing Protocol as a substantial amount of information is included in the other documents and time can be saved by not repeating any the text but by referring to the other tiers. Prior to implementing any joint working arrangement it may be appropriate to perform a short Privacy Impact Assessment (PIA). If you need further information regarding this you can find information from your Information Governance Group. 17

20 Your Information Sharing Tier 2 Document should relate to the following:- 3. Introduction You should begin your Tier 2 document with a general explanation of why you need to share information for your specific purpose / project. This explanation should include: a. Who are the organisations who are party to the agreement? b. Why do you want to share? Purpose of Information Sharing c. What will the benefits of sharing? d. What information do you need to share? e. Statutory duties to share, restrictions on sharing - is this partnership as a direct result of legislation or government initiative? f. Whether confidential or sensitive information is to be shared list specifically what data is intended to be shared g. Alternatives to sharing personal information h. What are the consequences of not sharing information i. You should include who will be affected by the agreement. Will it be children, older people, people living in a particular area, people with specific needs etc? j. Processes and procedures relating to the practicalities of the particular project can be included in this section of the document or can be added as an appendix. Alternatively the document can refer to a training document or specific available guidance. k. Are outside contractors to be used? Contracts need to include confidentiality clause re Information Governance Security requirements. 4. Fairness and transparency The protocol should say what steps will be taken to tell the public: a. what type of information about them may be shared, b. who it may be shared with and c. the likely consequences of sharing. This can be done by: d. Drafting fair processing notices e. Distribute fair processing information you will need to decide how you are going to do this and ensure that you provide informative, up to date notices (samples available in Appendices to Framework) f. Providing further information/dealing with enquiries g. How will consent be obtained to share the information? h. Providing details regarding circumstances when it may be necessary to share without peoples knowledge or consent Example of suitable text to use 4. Commitments to the public given through the Code of Practice The Code of Practice is a sign of commitment and a demonstration to the public about how information is used. When at all possible the public will be informed at first contact of the purpose of collecting information and how it will be stored, used and shared. Consent to share should also be gained at the first suitable opportunity. 18

21 The partnership organisations will: Ask for permission to collect and share the public's information. Explain why they are using the public s information, and will only use it for those purposes. Explain who will see it and limit access to the citizen s information only to persons who need it. Collect minimum personal and sensitive information to meet the identified needs of the citizen and not ask for information which is not relevant. Record and share citizen's needs with partner organisations as appropriate. Keep information about the citizens as accurate and up-to-date as possible with the citizen s help. Respect citizen s rights under the Data Protection Act 1998 including the citizen s right to see the information which has been recorded about them. Protect citizen s information with the highest standards of security and confidentiality. Tell citizens how they can get more information, including: How they safeguard their personal information; How citizens can check and correct any information they hold; How to raise a query or a complaint. Only keep the information for as long as needed or as required by statute. There may be occasions when information is shared without consent. In these cases the Data Protection Act 1998 will apply. The protocol should document how you intend to inform the service users at first contact - leaflets how often the information should be given to them etc. You may also want to include procedures to be followed should it be decided to share information without consent risk assessments, documentation of decision etc. 5. Information Standards It is important that a partnership makes a commitment to maintaining quality information. The following should be considered when producing your protocol:- a. Information Quality Quality assurance checks b. Recording Information where, under what circumstances, by whom c. Relevance d. Reviewing information quality e. Who will be the data controller 6. Retention of shared information The Data Protection Act 1998 states that information should only be kept for as long as necessary so the following will need to be considered and documented:- a. Retention periods b. Reviewing a retention policy c. Legal requirements to retain or delete d. Deletion and archiving e. Retaining information supplied by another organisation f. Compliance with each individual organisation's policies 19

22 Specify how long data will be retained. Explain that if joint records are being created using the shared information, the retention period must be the longer of the retention periods as required by legislation governing each agency. If individual organisations already have retention and destruction policies mention them 7. Security of shared Information It should be made clear that all party organisations should have sufficient levels of security in place and the following should be considered:- a. All levels of security, monitoring access to records b. Technical security arrangements passwords, system restrictions c. Organisational security arrangements making sure public do not have access to fax machines, cannot see notice boards, confidentiality standards, CRB checks d. You should consider who is the data controller and associated responsibilities Security standards are covered in the Tier 1 document which can be referred to in this section. 8. Access to personal Information People should be informed how they can gain access to their information; your protocol should state how you are going to do this. Consideration should be given to:- a. Helping people get access to their information b. Other ways of giving access c. Providing all the information who will be responsible for editing and providing this? Example of suitable text 8. Data Subjects are entitled to know what information we hold about them. If any of their details are wrong, they should tell us and we will correct them. If data subjects would like access to their information they should apply in writing. Applications should be sent to: The Data Protection Officer (Please insert your own lead) PO Box 100 County Hall Preston PR1 0LD The relevant organisation is obliged to reply to the request within 40 days. 9. Review Outline arrangements for who will review the document and how regularly the document should be reviewed should be included in the protocol. Example of suitable text "9. Review and Monitoring of the Tier 2 document 20

23 The Parties will formally review the Information Sharing Protocol Tier 2 document 3 months, 6 months and 12 months after the commencement of this protocol, and thereafter at least once a year or earlier if requested in writing by either party. A template for listing lead officers can be found in the Appendices to the Tiered framework 10. Complaints There should be guidance on how each organisation is to handle complaints which may be against members of a partner agency. There should be a standard approach to handling such complaints. Named contacts for complaints advice in each agency should be included in this section. Example of suitable text "Each Partner Organisation will deal with the complaints in accordance with their own procedures which will ensure that: service users are aware that they can complain and of how to go about it; Complaints are resolved at first contact if possible; complaints are acknowledged promptly in writing; the complaint is investigated fairly and thoroughly; service-users are given an appropriate written response; if appropriate the appeals procedures are explained to the service-user. 11. Non Compliance and Partner Disagreement In the rare event that a dispute arises it should be clear what action should be taken. Example of suitable text "In the event of a suspected failure within their organisation to comply with this Agreement, Partner Organisations will ensure that an adequate investigation is carried out and recorded. If the Partner Organisation finds there has been a failure it will ensure that: necessary remedial action is taken promptly; service-users affected by the failure are notified of it, the likely consequences, and any remedial action; Partner Organisations affected by the failure are notified of it, the likely consequences, and any remedial action. If one Partner Organisation believes another has failed to comply with this Agreement it should notify the other Partner Organisation in writing giving full details. The other Partner Organisation should then investigate the alleged failure. If it finds there was a failure, it should take the steps set out above. If it finds there was no failure it should notify the first Partner Organisation in writing giving its reasons. Partner Organisations will make every effort to resolve disagreements between them about personal information use and sharing. When doing so 21

24 they should refer to the Tiered Agreements and Associated Documents. However, they recognise that ultimately each organisation must exercise its own discretion in interpreting and applying this Agreement in line with guidance from the Information Commissioner.. Nominated representatives should ensure they are notified at an early stage of any suspected or alleged failures in compliance or partner disagreements relating to their Partner Organisation." 12. Appendices A list of lead officers involved in agreeing this protocol should be included. 13. Signatures Explain that by signing this partners are signing to the whole of the Information Sharing Protocol, including the other tiers, and must agree to the principles. Example of suitable text Signed for and on behalf of Organisation a (this should be the Information Governance Lead).. Name Position Date.. Signed for and on behalf of Organisation b.. Name Position Date.. 22

25 23

Information Governance Policy

Information Governance Policy Information Governance Policy REFERENCE NUMBER IG 101 / 0v3 May 2012 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive 4.9.12 REVIEW DUE DATE May 2015 West Lancashire CCG is committed to ensuring

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy

More information

Information Governance Policy

Information Governance Policy Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version

More information

Information Governance Policy

Information Governance Policy Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

Information Governance Policy

Information Governance Policy Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its

More information

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY Moorland is committed to ensuring that, as far as it is reasonably practicable, the way we provide services to the public and the way we treat

More information

SUBJECT ACCESS REQUEST PROCEDURE

SUBJECT ACCESS REQUEST PROCEDURE SUBJECT ACCESS REQUEST PROCEDURE Document History Document Reference: Document Purpose: IG31 This procedure sets out the responsibility for staff when receiving requests for information provided under

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups

More information

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September

More information

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection

More information

Email Policy. Version: 1.1. Date ratified: February 2014 Name of originator /author (s): Responsible Committee / individual:

Email Policy. Version: 1.1. Date ratified: February 2014 Name of originator /author (s): Responsible Committee / individual: Version: 1.1 Ratified by: NHS Bury CCG IM&T Steering Group Date ratified: February 2014 Name of originator /author (s): Responsible Committee / individual: Greater Manchester CSU - IT Department NHS Bury

More information

NHS Waltham Forest Clinical Commissioning Group Information Governance Policy

NHS Waltham Forest Clinical Commissioning Group Information Governance Policy NHS Waltham Forest Clinical Commissioning Group Information Governance Policy Author: Zeb Alam & David Pearce Version 3.0 Amendments to Version 2.1 Updates made in line with National Guidance and Legislation

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY ENFIELD CLINICAL COMMISSIONING GROUP INFORMATION GOVERNANCE POLICY PLEASE DESTROY ALL PREVIOUS VERSIONS OF THIS DOCUMENT Enfield CCG Information Governance Policy Information Governance Policy (Policy

More information

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff. Information Governance Policy 1 SUMMARY This policy is intended to ensure that staff are fully aware of their Information Governance (IG) responsibilities, so that they can effectively manage and best

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3

More information

Data Protection Policy

Data Protection Policy Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

Trust Informatics Policy. Information Governance. Information Governance Policy

Trust Informatics Policy. Information Governance. Information Governance Policy Trust Informatics Policy Information Governance Policy Reference: TIP/IG/IGP I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/ - 1 Document Control Policy Title Author/Contact Document Reference

More information

Information Governance Policy and Management Framework

Information Governance Policy and Management Framework Information Governance Policy and Management Framework Policy Number: IG01 Version: 3.0 Ratified by: Governing Body Date ratified: February 2016 Name of originator/author: Louise Chatwyn Information Governance

More information

CCG: IG06: Records Management Policy and Strategy

CCG: IG06: Records Management Policy and Strategy Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Version: V1 Ratified by: Operational Management Executive Committee Date ratified: 26 September 2013 Name and Title of originator/author(s): Chris Brady, FOI, Data Protection and

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading

More information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and

More information

DATA PROTECTION AND DATA STORAGE POLICY

DATA PROTECTION AND DATA STORAGE POLICY DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting

More information

Claim Management Policy

Claim Management Policy Claim Management Policy REFERENCE NUMBER Claim management policy VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive Committee REVIEW DUE DATE May 2018 1 West Lancashire CCG is committed to ensuring

More information

USE OF PERSONAL MOBILE DEVICES POLICY

USE OF PERSONAL MOBILE DEVICES POLICY Policies and Procedures USE OF PERSONAL MOBILE DEVICES POLICY Date Approved by Information Strategy Group Version Issue Date Review Date Executive Lead Information Asset Owner Author 15.04.2014 1.0 01/08/2014

More information

Safe Haven Policy. Equality & Diversity Statement:

Safe Haven Policy. Equality & Diversity Statement: Title: Safe Haven Policy Reference No: 010/IT Owner: Deputy Chief Officer Author Information Governance Lead First Issued On: November 2012 Latest Issue Date: March 2015 Operational Date: March 2015 Review

More information

Information Sharing Protocol

Information Sharing Protocol Information Sharing Protocol South Central PCTs, General Practices and Tribal Consulting Limited Commissioning Enablement Service (Analytics) Document Control Date Version Author Comment 08/02/10 0.1 A.

More information

Information Governance Framework. June 2015

Information Governance Framework. June 2015 Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review

More information

Human Resources and Data Protection

Human Resources and Data Protection Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council

More information

JOB DESCRIPTION. Information Governance Manager

JOB DESCRIPTION. Information Governance Manager JOB DESCRIPTION POST TITLE: Information Governance Manager DIRECTORATE: ACCOUNTABLE TO: BAND: LOCATION: CSS Head of Information Governance 8a CSS Job Purpose The Information Governance Manager will ensure

More information

Non ASPH Trust Staff - DATA ACCESS REQUEST Page 1/3

Non ASPH Trust Staff - DATA ACCESS REQUEST Page 1/3 Paper 9 Non ASPH Trust Staff - DATA ACCESS REQUEST Page 1/3 Please ensure that all THREE pages of this contract are returned to: Information Governance Manager, Health Informatics, Chertsey House, St Peter

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control Information Title Data Protection Policy Version V1.0 Author Diana Watt Date Approved 21 February 2013 Review Date Annually, on the anniversary

More information

INFORMATION GOVERNANCE HANDBOOK

INFORMATION GOVERNANCE HANDBOOK INFORMATION GOVERNANCE HANDBOOK SECTION ONE Author Tracey Burrows Role Information Governance Manager (CSCSU) Date / Version February 2015 Version FINAL V1.0 Approved by IM&T Board Date 27 February 2015

More information

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE GUIDANCE 1 TITLE: INFORMATION GOVERNANCE FRAMEWORK 2 POLICY AREA: INFORMATION GOVERNANCE 3 ACCOUNTABLE DIRECTOR FOR POLICY AREA: DIRECTOR OF QUALITY AND GOVERNANCE 4 GUIDANCE DRAFTED BY: INTEGRATED GOVERNANCE

More information

INFORMATION SHARING AGREEMENT. Multi-Disciplinary Team (MDT): Service Information Sharing

INFORMATION SHARING AGREEMENT. Multi-Disciplinary Team (MDT): Service Information Sharing INFORMATION SHARING AGREEMENT Multi-Disciplinary Team (MDT): Service Information Sharing SCOPE NAME OF LEAD Multi-Disciplinary Team (MDT) for high risk people: this agreement is for the patient and management

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1 Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19 Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility

More information

Final Version 1.0 December 2015

Final Version 1.0 December 2015 Final Version 1.0 December 2015 Contents Page 1 Introduction...2 2 Charter Principles...2 3 Scope...2 4 Partner Commitment...3 5 Governance...4 6 The Lawful basis and Legal Requirements...5 7 Personal

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version

More information

National Standards for Safer Better Healthcare

National Standards for Safer Better Healthcare National Standards for Safer Better Healthcare June 2012 About the Health Information and Quality Authority The (HIQA) is the independent Authority established to drive continuous improvement in Ireland

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review

More information

RD SOP17 Research data management and security

RD SOP17 Research data management and security RD SOP17 Research data management and security Version Number: V2 Name of originator/author: Dr Andy Mee, R&I Manager Name of responsible committee: R&I Committee Name of executive lead: Medical Director

More information

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY Report to the Trust Board 22 September 2015 Sponsoring Director: Author: Purpose of the report: Key Issues and Recommendations: Director

More information

Data Sharing Protocol

Data Sharing Protocol Data Sharing Protocol Agreement for Sharing Data Between Partners of the South Dublin Childrens Services Committee Version 0.4 Final Draft June 2009 Contents 1 Preface...3 2 Introduction & Overview...3

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information

More information

Complaints Policy and Procedure

Complaints Policy and Procedure Complaints Policy and Procedure REFERENCE NUMBER DraftAug2012V1MH APPROVING COMMITTEE(S) AND DATE THIS DOCUMENT REPLACES REVIEW DUE DATE March 2014 RATIFICATION DATE/DRAFT No NHS West Lancashire Clinical

More information

Barnet Partnership Information Sharing Protocol

Barnet Partnership Information Sharing Protocol Barnet Partnership Information Sharing Protocol Information Sharing Protocol V1_0C - FINAL Page 1 of 52 Version 1.0 (FINAL) Contents 1 Background... 4 1.1 The need to share information... 4 2 Scope...

More information

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE.

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE. Title: Information Governance Policy Date Approved: Approved by: Date of review: Policy Ref: Issue: January 2015 Information Governance Group Division/Department: January 2016 Policy Category: ISP-04 5

More information

INFORMATION GOVERNANCE STRATEGY NO.CG02

INFORMATION GOVERNANCE STRATEGY NO.CG02 INFORMATION GOVERNANCE STRATEGY NO.CG02 Applies to: All NHS LA employees, Non-Executive Directors, secondees and consultants, and/or any other parties who will carry out duties on behalf of the NHS LA.

More information

Information Governance Plan

Information Governance Plan Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.

More information

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy. Title: Reference No: NHSNYYIG - 007 Owner: Author: INFORMATION GOVERNANCE POLICY Director of Standards First Issued On: September 2010 Latest Issue Date: February 2012 Operational Date: February 2012 Review

More information

Information Governance policy

Information Governance policy Information Governance policy Key Points Information is a vital asset, both in terms of the clinical management of individual patients and the efficient management of services and resources throughout

More information

NHS Waltham Forest Clinical Commissioning Group Information Governance Strategy

NHS Waltham Forest Clinical Commissioning Group Information Governance Strategy NHS Waltham Forest Clinical Commissioning Group Governance Strategy Author: Zeb Alam, CCG IG Lead, (NELCSU) David Pearce, Head of Governance, WFCCG Version 3.0 Amendments to Version 2.1 Annual Review Reference

More information

Information Governance. and what it means for you

Information Governance. and what it means for you Information Governance and what it means for you 1 Content Introduction 3 Who are we? 4 What is Information Governance? 4 Purpose of Holding Information 5 Confidentiality and Security 5 Accuracy of Information

More information

Information Governance Strategy :

Information Governance Strategy : Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update

More information

A Question of Balance

A Question of Balance A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What

More information

DATA PROTECTION CORPORATE POLICY

DATA PROTECTION CORPORATE POLICY DATA PROTECTION CORPORATE POLICY Information Management V1.1 03 July 2012 Not protectively marked This policy must be complied with fully by all Members, Officers Agents and Contractors of Plymouth City

More information

INFORMATION GOVERNANCE POLICY & FRAMEWORK

INFORMATION GOVERNANCE POLICY & FRAMEWORK INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger

More information

The Manitowoc Company, Inc.

The Manitowoc Company, Inc. The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:

More information

Data Protection Policy

Data Protection Policy 1. Introduction 1.1 The College needs to keep certain information about its employees, students and other stakeholders, for example to allow it to monitor performance, achievements and health and safety.

More information

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South

More information

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs NOTE: This is a CONTROLLED Document. Any documents appearing in paper

More information

Data Subject Access Request Procedure

Data Subject Access Request Procedure Data Subject Access Request Procedure Policy ID IG07 Version: 2.0 Ratified by: Executive Committee Name of originator/author: Justin Dix, Governing Body Secretary Name of responsible committee/individual:

More information

Islington Data Protection Policy. A council-wide information policy Version 1.1 June 2014

Islington Data Protection Policy. A council-wide information policy Version 1.1 June 2014 A council-wide information policy Version 1.1 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document is distributed under the Creative Commons Attribution 2.5 license.

More information

Secure Transfer of Information Guidance for staff

Secure Transfer of Information Guidance for staff Secure Transfer of Information Guidance for staff Document number CCG.GOV.013.1.1 Version: 1.1 Ratified by: NHS Bury CCG Quality and Risk Committee Date ratified: 8 th January 2014 Name of originator /author

More information

Data Protection Policy

Data Protection Policy Internal Ref: NELC 16.60 Review date December 2016 Version No. V04 Data Protection Policy 1 Data Protection Statement Data Protection Policy 1.1 North East Lincolnshire Council recognises that in order

More information

Information Governance Strategy. Version No 2.0

Information Governance Strategy. Version No 2.0 Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent

More information

DATA PROTECTION ACT 1998 COUNCIL POLICY

DATA PROTECTION ACT 1998 COUNCIL POLICY DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations

More information

Data Protection for the Guidance Counsellor. Issues To Plan For

Data Protection for the Guidance Counsellor. Issues To Plan For Data Protection for the Guidance Counsellor Issues To Plan For Author: Hugh Jones Data Protection Specialist Longstone Management Ltd. Published by the National Centre for Guidance in Education (NCGE)

More information

SOCIAL MEDIA POLICY. Senior Governance Officer, NHS North of England Commissioning Support Unit Reference No

SOCIAL MEDIA POLICY. Senior Governance Officer, NHS North of England Commissioning Support Unit Reference No SOCIAL MEDIA POLICY Ratified Governance & Risk Committee 08/2015 Status Final Issued August 2015 Approved By Governance and Risk Committee Consultation Governance and Risk Committee Equality Impact Assessment

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy

More information

Privacy Impact Assessment and Information Governance Checklist

Privacy Impact Assessment and Information Governance Checklist Privacy Impact Assessment and Information Governance Checklist Review and Amendment Log / Control Sheet Responsible Officer: Clinical Chief Officer Clinical Lead: Author: Dr. Dave Mitchell Medical Director/Caldicott

More information

Information Governance

Information Governance Information Governance Staff Handbook Page 1 of 30 Information Governance Staff Handbook for: Name: Address: Contact Tel No: Mobile No: This handbook has been produced by the NHS Lancashire Cluster Information

More information

Responsibilities of Custodians and Health Information Act Administration Checklist

Responsibilities of Custodians and Health Information Act Administration Checklist Responsibilities of Custodians and Administration Checklist APPENDIX 3 Responsibilities of Custodians in Administering the Each custodian under the Act must establish internal processes and procedures

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version Version 1 Ratified By Date Ratified PROPOSED FOR APPROVAL 15/11/12 Author(s) Responsible Committee / Officers Date Issue November 2012 Review Date November 2013 Intended

More information

Information Governance and Data Protection Policy

Information Governance and Data Protection Policy Information Governance and Data Protection Policy Page 1 of 21 Document Control Sheet Name of document: Version: Owner: File location / Filename: Information Governance and Data Protection Policy Final

More information

CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY. December 2014

CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY. December 2014 CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY December 2014 DOCUMENT INFORMATION Author: Barbara Sansom Information Governance Manager Equality Impact Assessment Consultation & Approval

More information

HOW WE USE YOUR PERSONAL INFORMATION

HOW WE USE YOUR PERSONAL INFORMATION HOW WE USE YOUR PERSONAL INFORMATION Information Leaflet Your Health. Our Priority. Page 2 of 9 Introduction This Leaflet explains why the NHS collects information about you and how it is used, your right

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data

More information

NHS Commissioning Board: Information governance policy

NHS Commissioning Board: Information governance policy NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION

More information

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet

More information