North West Core Skills Programme. Information Governance Implications

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "North West Core Skills Programme. Information Governance Implications"

Transcription

1 North West Core Skills Programme Information Governance Implications Version number: 0.3 Author: Mike Farrell, North West Core Skills Programme Effective from: October 2012 Due for review on: October 2013

2 1. Purpose of Paper This paper considers the potential Information Governance issues and management implications generated by the implementation of the North West Core Skills Framework. 2. Background Healthcare organisations as part of their statutory and compliance responsibilities need to ensure that their staff have received training in core areas such as fire awareness, health and safety and conflict management. Typically, delivery of this type of training is undertaken on commencement of employment, with the need for organisations to also ensure arrangements for providing training updates on these subjects. The induction of new staff, including healthcare students on clinical and work placements, represents a significant organisational investment in terms of staff time (salary), logistics and resources. Given the movement of staff and students within the NHS and wider healthcare sector, evidence suggests that there is frequent duplication of learning and considerable variance in induction and updating arrangements, this has an adverse cost for organisations and impairs learner impact (PASA 2009). There is widespread interest in exploring how such training could be rationalised and from a learning perspective more effective. If this is achieved it is envisaged that a significant cost-benefit will also be realised. One of the ways these issues are being addressed is through the development of an agreed Core Skills Framework. There is a programme of work to implement such a framework across the North West which sets out guidelines in relation to expected learning outcomes and standards for delivery of a defined range of statutory and mandatory subjects. Details about the programme of work can be found at If the expected benefits of the Core Skills framework are to be realised there is a specific need to ensure that particular data related to a learners record of Core Skills Training, including elements of personal identifiable data, is collected and processed. To assist in collecting, managing and enable the appropriate sharing of learner data by authorised organisations/persons in relation to the use of the Core Skills framework across the North West a database tool called the Core Skills Register will be used. It is envisaged that those organisations involved in developing the healthcare workforce, such as education providers, post graduate deaneries and healthcare organisations involved in the delivery of mandatory training will utilise the Core Skills Register to submit, update or review learner data. It is anticipated that the use of the Core Skills Register will have potential Information Governance implications and this paper seeks to identify these implications and indicate how these will be managed.

3 3. Information Governance Implications 3.1 Why is the Core Skills Register needed? Many organisations can contribute to the delivery of Core Skills type training, however for some key groups of learners, most particularly healthcare students and doctors in training, they can be required to undertake and duplicate Core Skills training across a number of healthcare organisations. While these learner groups will be required to undertake such training as part of local organisational compliance needs, the lack of a centrally accessed record of learning in relation to Core Skills prevents the system-wide ability to know and recognise what Core Skills have been undertaken and achieved and when they need to be updated. Therefore, with the prime aim of preventing duplication of learning for both the benefit of learners and organisations involved in the delivery of Core Skills training, the Core Skills Register seeks to and enable easy, sufficient but robust recording of the Core Skills learning undertaken for the identified key learner groups. enable healthcare organisations to use the data to focus on planning training developments. For example, a healthcare student leaving university on completion of their healthcare programme may have undertaken all elements of the Core Skills framework and if this is captured and a record of this is then shared with their prospective employer, it is anticipated that the receiving organisation will accept this as evidence and adjust their induction programme so that they can avoid any duplication of learning. It is also envisaged that this record would also indicate when refresher training is required and thus aid logistical organisational planning and reporting. 3.2 How is Core Skills Training Information currently collected and shared? Currently, there is no standard way in which Core Skills type training is recorded. In part this is because of a lack of a consistent collecting and naming conventions for the recording of this type of learning activity. NHS organisations will collect Core Skills training type information and record this on their training management data systems. For most organisations, the Electronic Staff Record- Oracle Learning Management functionality will be used for this purpose. However, this information will only be collected for those staff directly employed by the NHS organisation. Education Providers are involved in supporting the delivery of some types of Core Skills training as part of their requirements to prepare learners undertaking healthcare programmes for safe clinical practice. Education Providers will record evidence of Core Skills type learning for students in a variety of ways, for example, through activity recorded on Learning Management Systems and attendance registers. This information may then be

4 maintained at faculty/programme level and/or included as part of any system used by the education provider to record overall details of student learning activity. Educational providers are asked to verify that students have undertaken any required core skill type training before commencing their clinical placements. However, given different Educational Provider processes and methods the way in which this information is shared with and received by healthcare organisations can be variable. This then impairs consistent monitoring. Key staff within healthcare organisations might then have to instigate their own data collection methods and systems in order to capture this type of activity. This creates the risk for further additional data collection activities which might then not be needed and which can then be inconsistent in terms of transparency and quality. The Deaneries within the North West collect data related to junior doctors learning activity in respect of Core Skills type training activity. This data, which typically reflects induction training undertaken by e-learning, is captured in the Deaneries learning management systems. Given that both Deaneries in the North West have a learning infrastructure in place to support doctors in training, some medical education support staff based in healthcare organisations can review and report on the data held in these learning management systems. Currently, the ways in which Core Skills type learning is recorded and shared between stakeholders who need to be aware and know what training has been undertaken is inconsistent and inefficient. Utilising a data collection system which captures and enables sharing of learning activity undertaken by key target groups and presents this information in a consistent way should have organisational and learner benefits in terms of promoting quality and consistency of information. This should also aid efficiency and data transparency. The following sections identify particular information governance issues 4. Data Collection 4.1 Who are the Key Data Target Groups? These will be those learners undertaking healthcare education/training programmes commissioned by NHS North West (and its successor bodies), where as part of any programme of study these learners will need to undertake any of the Core Skills training identified in the North West Core Skills Framework (and/or any national framework to which the North West Core Skills Framework is aligned). 4.2 What information will be captured? Learner Identifiable Data. Appendix 1 identifies the data items to be collected. Much of this information will already be collected and processed by the bodies identified in section 3.2.

5 4.3 Does it include any Person Identifiable Data? Personal Identifiable data, including Date of Birth, related to the learner will need to be collected. No patient identifiable information is needed or will be collected. Only the required data to ensure the correct identity of the learner will be collected. 4.4 Will it include contact information? Contact information will be collected however this will be collected for purpose of aiding identity rather than as a means for maintaining contact with learners (and sharing contact details with third parties). This contact information will include the: Learners full name and address Learners place of work or place of education study if undertaking a healthcare programme. 4.5 Will it include clinical / medical information (E.g. symptoms, medications)? The Core Skills Register will not contain any clinical or personal medical information. In addition no other sensitive personal information (i.e. Ethnicity, political opinions, religious beliefs, trade union membership, physical or mental health etc.) will be collected or shared. 4.5 How is the information submitted? To a secure database system, called the Core Skills Register, which will be managed through a website internet interface. 4.6 How will it be stored, kept up to date and disposed of when no longer required? The data will be electronically stored on a secure database. The data will be retained in line with training retention periods as identified in the NHS Records of Management - Code of Practice. 5. Information System Security 5.1 Who is responsible for data security? Skills for Health as the provider for the database functionality. 5.2 Is it through a log-in?

6 Access to the Core Skills Register database will only be allowed once an authenticated login identity has been established. 5.3 Is there an active audit log of access or access attempts? All Core Skills Register database connection attempts and all network accesses will be logged and retained for a fixed period of time. NHS North West have the ability to complete an audit report on all elements of the system (this has been recently added to the register at TGs request) 5.4 How are user identity details transmitted (encrypted?) and stored (encrypted, secure etc.)? SSL encryption will be used between browser and server and between servers in the data centre. User data in the database will be encrypted. 5.5 How will the information be stored? Learner data will be stored in a Moodle learning management system which has been engineered to utilise only the database functionality that this platform offers. The Moodle based database will be held on a dedicated server. 5.6 Are the servers physically secure (i.e. locked room etc.)? Physical servers upon which the Core Skills Register will be held are located in a purpose built data centre with controlled physical access. The data centre is ISO27001 certified. 5.7 Is the information encrypted? Data on the file system will be encrypted at the block level and decrypted when the server is booted. Data in the database is strongly encrypted using a shared key stored on the web server. 5.8 Is the information backed up (and are back-up media stored securely)? Learner data on the file system and encrypted data in the database will be backed up over an encrypted network tunnel, stored at a secure site, every 24 hours. 5.9 Are the servers subject to routine penetration testing?

7 The server and the application will be subject to penetration testing via a 3rd party, using tools such as Web Application Attack and Audit Framework Are the servers dedicated/separate or used to store other datasets? The virtual machines are dedicated to their respective purposes however they may reside on a physical server which hosts other services. 6. Access and usage of the Data 6.1 Who could access the data? Technical support staff from Skills for Health who will be hosting the database will be able to access the data as part of their role of responding to any technical issues related to data management or providing a support service to users of the database i.e. nominated users. Authorised persons, in roles supporting the development of the workforce and who will need to access the database to either update or review training data, will be able to access the data. Dependent upon their role and the type of organisation that they undertake work for persons will be able to access, review and update data based upon the following role profiles NHS North West System Administrator Healthcare Organisation Administrator Deanery Administrator/Medical Education Administrator Education Provider Administrator Reviewer 6.2 What vetting / written agreements & policies are in place for personnel who could access the data? Only nominated staff identified by the organisations involved in and supporting the delivery of the Core Skills Framework will be allocated the relevant database user profile permission. Those nominated staff will be issued with guidelines which will set out the purpose and expected responsibilities that they will need to maintain to ensure appropriate, secure and effective use of the database. These nominated staff will need to complete a confidentiality agreement. To ensure that organisations supporting the use of the Core Skills Register are aware of the purpose, scope and implementation implications of the Core Skills Register they will be given an action plan and asked to sign off on agreeing to and understanding the Information

8 Governance implications as offered here. They will also be required to agree to and support a data sharing protocol. 6.3 With whom is the information intended to be shared? Learners Healthcare organisations (Learning and Development/ Student Support services). Education Providers There is no expectation that information collected will be shared outside the European Economic Area. 6.4 Who owns the data? The organisations generating the data (Education Providers/ Healthcare Organisations) will be the owners of the information. 6.5 Who control the data? The Core Skills Register will be developed as a tool to support the delivery of the North West Core Skills Programme. This programme of work is overseen by a management board which comprises representatives from NHS North West Healthcare Organisations Education Providers North West Deaneries As the system manager, the data will be controlled by NHS North West (and or its successor body). 6.5 Who has authority to share it? The data owners will be asked to share the data for entry to the Core Skills register. It will be the role of the Data Controller to then enable sharing of data between stakeholders. Sharing of any data will be directed through the use of data sharing protocol. 6.6 Who is responsible for its accuracy? The data owners and those submitting entries to the Core Skills Register will need to ensure the accuracy of the data.

9 7. Fair Collection and Privacy Notice Given that most of the information identified in section 4.2 will already be collected by the bodies identified and for existing purpose it is envisaged that amendment of the bodies Fair Collection/Privacy notice should be sufficient to indicate that sharing of the learners data will also be allowed for the purpose of Core Skills. Those supporting learners in practice should ensure that details of the Fair Collection Notice related to the Core Skills Register are included in any handbooks or induction information and are shared with subjects whose details might be shared through the Core Skills Register. Appendix 1 identifies the suggested Fair Collection/Privacy Notice.

10 North West Core Skills Training Privacy Notice This notice has been developed to tell you about the need to share personal information about training you have undertaken with healthcare organisations who might be involved in supporting your training programme. Why is information about a specific aspect of my training being collected and shared? Healthcare organisations have to ensure that their staff and those undertaking training, work placements receive periodic mandatory training in order to ensure compliance with national quality and risk management standards. This type of training covers topics such as Health and Safety, Fire safety etc. Presently, there is significant duplication of mandatory training due to the rotational training systems in place, where a junior doctor and other healthcare students move for a training placement from one healthcare to another, may have to repeat training undertaken. One of the ways this issue is being addressed is through the development of an agreed Skills Framework, called the Core Skills Framework which is part of The North West Core Skills Programme. This programme of work is being supported by NHS North West which is one of the bodies responsible for the commissioning of healthcare training programmes. The aim through the use of the Core Skills Framework by healthcare organisations and Education Providers delivering healthcare training programmes is to prevent the duplication of mandatory training. This will be achieved by standardising the content of mandatory training and indicating expected refresher periods. Healthcare organisations and Education Providers within the North West are presently adopting the North West Core Skills Programme by ensuring their mandatory training is delivered to the standards defined in the Core Skills Framework. Further information regarding the programme please visit our website:- What and how will my information be shared? In order to prevent duplication there is a need to ensure training records related to those Core Skills training subjects that you have undertaken are accessible across healthcare Organisations. One of the ways this is being supported is through the development of a secured web-based application called the Core Skills Register. The Core Skills Register is designed to store records of Core Skills training undertaken and contains a small amount of personal identifiable information. This information will include, first name, surname, date of birth, , Registration Number (i.e. Student number, GMC/NMC Number), course name completion date. This type of data is required to ensure that the correct identity of individuals The ability to share your Core Skills training record and the agreed small amount of personal identifiable information will enable healthcare organisations/ education providers to review your mandatory training experience and have confidence you are trained to the appropriate level prior to a new placement and/or identify any specific updates that you might need. Only authorised personnel will be allowed to access these applications and view your record. The sharing of data between healthcare organisation/education providers will promote the efficient organisation and management of induction training, but also improve your own experience by not needlessly repeating mandatory training. A data sharing agreement/protocol has been developed that provides further information about the duties of those organisations involved. This is available from How can I get a copy of the record/information held? You will be able to obtain a copy of your record and information held via the authorised administrator within your employing healthcare organisation or education provider. What if I do not want my Core Skills Training Record to be shared?

11 Employer organisations and other bodies are required to carry out duties that may necessitate the sharing of your core skill training record. The rationale and agreement to share this data is set out in a data sharing protocol/agreement that is available online at If you do not wish to have your Core Skills Training Information shared via the Core Skills Register please notify Further Information about the Core Skills Framework For further information regarding the Core Skills programme please contact

Scottish Rowing Data Protection Policy

Scottish Rowing Data Protection Policy Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this

More information

JOB DESCRIPTION & PERSON SPECIFICATION. Based in Blackrock Hospice 1.0WTE Indefinite Duration Assistant Director of Nursing & Operations

JOB DESCRIPTION & PERSON SPECIFICATION. Based in Blackrock Hospice 1.0WTE Indefinite Duration Assistant Director of Nursing & Operations JOB DESCRIPTION & PERSON SPECIFICATION Based in Blackrock Hospice 1.0WTE Indefinite Duration Assistant Director of Nursing & Operations JOB DESCRIPTION TITLE: Assistant Director of Nursing & Operations

More information

HSCIC Audit of Data Sharing Activities:

HSCIC Audit of Data Sharing Activities: Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 21/09/2015 HSCIC Audit of Data Sharing

More information

Bespoke Statutory and Mandatory Training Packages

Bespoke Statutory and Mandatory Training Packages Bespoke Statutory and Mandatory Training Packages From the UK s leading e-learning provider Create your own Complete Statutory and Mandatory online training package Training at its Best The statutory and

More information

Standard 1. Governance for Safety and Quality in Health Service Organisations. Safety and Quality Improvement Guide

Standard 1. Governance for Safety and Quality in Health Service Organisations. Safety and Quality Improvement Guide Standard 1 Governance for Safety and Quality in Health Service Organisations Safety and Quality Improvement Guide 1 1 1October 1 2012 ISBN: Print: 978-1-921983-27-6 Electronic: 978-1-921983-28-3 Suggested

More information

Equality and Diversity Policy. Deputy Director of HR Version Number: V.2.00 Date: 27/01/11

Equality and Diversity Policy. Deputy Director of HR Version Number: V.2.00 Date: 27/01/11 Equality and Diversity Policy Author: Deputy Director of HR Version Number: V.2.00 Date: 27/01/11 Approval and Authorisation Completion of the following signature blocks signifies the review and approval

More information

Business Continuity Policy and Business Continuity Management System

Business Continuity Policy and Business Continuity Management System Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain

More information

Access Control Policy

Access Control Policy Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:

More information

PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE

PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE ADOPTED ON 9 th January 2008 TABLE OF CONTENTS Page No. 1 Introduction...3 2 Glossary...3 3 Types of Personal Data held by Us...3 4 Obligations

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY ENFIELD CLINICAL COMMISSIONING GROUP INFORMATION GOVERNANCE POLICY PLEASE DESTROY ALL PREVIOUS VERSIONS OF THIS DOCUMENT Enfield CCG Information Governance Policy Information Governance Policy (Policy

More information

Gatekeeper PKI Framework. February 2009. Registration Authority Operations Manual Review Criteria

Gatekeeper PKI Framework. February 2009. Registration Authority Operations Manual Review Criteria Gatekeeper PKI Framework ISBN 1 921182 24 5 Department of Finance and Deregulation Australian Government Information Management Office Commonwealth of Australia 2009 This work is copyright. Apart from

More information

Research Governance Standard Operating Procedure

Research Governance Standard Operating Procedure Research Governance Standard Operating Procedure The Management and Use of Research Participant Data for Secondary Research Purposes SOP Reference: Version Number: 01 Date: 28/02/2014 Effective Date: Review

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

THE OBLIGATIONS INTERCEPTION OF COMMUNICATIONS CODE OF PRACTICE

THE OBLIGATIONS INTERCEPTION OF COMMUNICATIONS CODE OF PRACTICE THE OBLIGATIONS INTERCEPTION OF COMMUNICATIONS CODE OF PRACTICE If you ve been served with a Technical Capability Notice, here are some of things that will be required of you. v 8.3 The obligations the

More information

NHS Commissioning Board: Information governance policy

NHS Commissioning Board: Information governance policy NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION

More information

NHS Waltham Forest Clinical Commissioning Group Information Governance Policy

NHS Waltham Forest Clinical Commissioning Group Information Governance Policy NHS Waltham Forest Clinical Commissioning Group Information Governance Policy Author: Zeb Alam & David Pearce Version 3.0 Amendments to Version 2.1 Updates made in line with National Guidance and Legislation

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route

More information

Information Governance Strategy & Policy

Information Governance Strategy & Policy Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information

More information

HSCIC Audit of Data Sharing Activities:

HSCIC Audit of Data Sharing Activities: Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 26/10/2015 HSCIC Audit of Data Sharing

More information

JOB DESCRIPTION. Tatchbury Mount base and other Southern Health Sites as required

JOB DESCRIPTION. Tatchbury Mount base and other Southern Health Sites as required JOB DESCRIPTION Job Title: Band: Hours: Location: Accountable to: Lead Manager for Workforce Planning & Resourcing 8a 37.5 per week Tatchbury Mount base and other Southern Health Sites as required Deputy

More information

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room MAXIMUM DATA SECURITY with ideals TM Virtual Data Room WWW.IDEALSCORP.COM ISO 27001 Certified Account Settings and Controls Administrators control users settings and can easily configure privileges for

More information

The Manchester College

The Manchester College The Manchester College The Manchester College Produced by TMC Prin DataProtect pol v1 11/2010 All rights reserved; no part of this publication may be photocopied, recorded or otherwise reproduced, stored

More information

CCG: IG06: Records Management Policy and Strategy

CCG: IG06: Records Management Policy and Strategy Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching

More information

Information Governance Strategy. Version No 2.0

Information Governance Strategy. Version No 2.0 Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent

More information

Information Governance Policy

Information Governance Policy Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version

More information

LIFT MANAGEMENT. Version 01 / November 2015 Page 1 of 9 Approved by Health & Safety Committee

LIFT MANAGEMENT. Version 01 / November 2015 Page 1 of 9 Approved by Health & Safety Committee LIFT MANAGEMENT Version 01 / November 2015 Page 1 of 9 Approved by Health & Safety Committee This is a controlled document. It should not be altered in any way without the express permission of the author

More information

Accreditation standards for training providers

Accreditation standards for training providers PREVOCATIONAL MEDICAL TRAINING FOR DOCTORS IN NEW ZEALAND Accreditation standards for training providers Introduction Prevocational medical training (the intern training programme) spans the two years

More information

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY RECORDS MANAGEMENT POLICY Version 8.0 Purpose: For use by: This document is compliant with /supports compliance with: To outline the lifecycle of a record and to provide guidance on retention and disposal

More information

JOB TITLE: Data Quality/IT Manager

JOB TITLE: Data Quality/IT Manager JOB DESCRIPTION JOB TITLE: Data Quality/IT Manager RESPONSIBLE TO: PRACTICE MANAGER PARTNERS SALARY: Starting From 25000 HOURS: 35 Hours The post-holder will need to become familiar with all functions

More information

Personal data - Personal data identify an individual. For example, name, address, contact details, date of birth, NHS number.

Personal data - Personal data identify an individual. For example, name, address, contact details, date of birth, NHS number. Background The Data Protection Act 1998 i came into force in March 2000 and is followed by all NHS employed staff via their policies and procedures. The act applies to all personal, identifiable information

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version

More information

An Approach to Records Management Audit

An Approach to Records Management Audit An Approach to Records Management Audit DOCUMENT CONTROL Reference Number Version 1.0 Amendments Document objectives: Guidance to help establish Records Management audits Date of Issue 7 May 2007 INTRODUCTION

More information

RD SOP17 Research data management and security

RD SOP17 Research data management and security RD SOP17 Research data management and security Version Number: V2 Name of originator/author: Dr Andy Mee, R&I Manager Name of responsible committee: R&I Committee Name of executive lead: Medical Director

More information

Data Transfer Service A Migration tool to replace current X.400 messaging between NHS workflow applications

Data Transfer Service A Migration tool to replace current X.400 messaging between NHS workflow applications Data Transfer Service A Migration tool to replace current X.400 messaging between NHS workflow applications Submitter: Richard Corbridge Sponsorship: Gwyn Thomas 1. Introduction 1.1 This paper proposes

More information

Public Records (Scotland) Act 2011. Fife NHS Board Assessment Report. The Keeper of the Records of Scotland. 27 September 2013.

Public Records (Scotland) Act 2011. Fife NHS Board Assessment Report. The Keeper of the Records of Scotland. 27 September 2013. Public Records (Scotland) Act 2011 Fife NHS Board Assessment Report The Keeper of the Records of Scotland 27 September 2013 Contents 1. Public Records (Scotland) Act 2011... 3 2. Executive Summary... 3

More information

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff. Information Governance Policy 1 SUMMARY This policy is intended to ensure that staff are fully aware of their Information Governance (IG) responsibilities, so that they can effectively manage and best

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

Information Governance Policy

Information Governance Policy Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:

More information

Lauren Hamill, Information Governance Officer. Version Release Author/Reviewer Date Changes (Please identify page no.) 1.0 L.

Lauren Hamill, Information Governance Officer. Version Release Author/Reviewer Date Changes (Please identify page no.) 1.0 L. Document No: IG10d Version: 1.1 Name of Procedure: Third Party Due Diligence Assessment Author: Release Date: Review Date: Lauren Hamill, Information Governance Officer Version Control Version Release

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

NHS EDUCATION FOR SCOTLAND MEDICAL DIRECTORATE TRAINING PROGRAMME ASSISTANT. Training Programme Assistant

NHS EDUCATION FOR SCOTLAND MEDICAL DIRECTORATE TRAINING PROGRAMME ASSISTANT. Training Programme Assistant NHS EDUCATION FOR SCOTLAND MEDICAL DIRECTORATE TRAINING PROGRAMME ASSISTANT 1. JOB DETAILS JOB REFERENCE JOB TITLE DEPARTMENT AND LOCATION IMMEDIATE MANAGER S TITLE Training Programme Assistant Medical

More information

QUALITY ASSESSMENT & IMPROVEMENT. Workforce ACUTE HOSPITAL SERVICES. Supporting services to deliver quality healthcare JUNE 2013

QUALITY ASSESSMENT & IMPROVEMENT. Workforce ACUTE HOSPITAL SERVICES. Supporting services to deliver quality healthcare JUNE 2013 QUALITY ASSESSMENT & IMPROVEMENT ACUTE HOSPITAL SERVICES JUNE 2013 Workforce Supporting services to deliver quality healthcare Effective Care and Support Safe Care and Support Person Centred Care and

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

Compliance. Group Standard

Compliance. Group Standard Group Standard Compliance Serco is committed to good governance practices and the management of risks supported by a robust business compliance process SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

More information

Information Management for Medical Revalidation in England

Information Management for Medical Revalidation in England Information Management for Medical Revalidation in England www.revalidationsupport.nhs.uk Contents Page 1. Introduction 3 2. Information flows 4 The doctor 5 The appraiser 5 The responsible officer 6 New

More information

General Disposal Authority. For encrypted records created in online security processes

General Disposal Authority. For encrypted records created in online security processes General Disposal Authority For encrypted records created in online security processes May 2004 Commonwealth of Australia 2004 ISBN 1 920807 04 7 This work is copyright. Apart from any use as permitted

More information

Public Records (Scotland) Act 2011. Healthcare Improvement Scotland and Scottish Health Council Assessment Report

Public Records (Scotland) Act 2011. Healthcare Improvement Scotland and Scottish Health Council Assessment Report Public Records (Scotland) Act 2011 Healthcare Improvement Scotland and Scottish Health Council Assessment Report The Keeper of the Records of Scotland 30 October 2015 Contents 1. Public Records (Scotland)

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

BUSINESS CONTINUITY POLICY

BUSINESS CONTINUITY POLICY BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version Version 1 Ratified By Date Ratified PROPOSED FOR APPROVAL 15/11/12 Author(s) Responsible Committee / Officers Date Issue November 2012 Review Date November 2013 Intended

More information

HUMAN RESOURCE MANAGER IN ATTENDANCE MANAGEMENT JOB DESCRIPTION. Human Resource Manager Attendance Management

HUMAN RESOURCE MANAGER IN ATTENDANCE MANAGEMENT JOB DESCRIPTION. Human Resource Manager Attendance Management HUMAN RESOURCE MANAGER IN ATTENDANCE MANAGEMENT JOB DESCRIPTION Title of Post: Human Resource Manager Attendance Management Post Band: Band 7 Reports to: Responsible to: Human Resources Senior Manager

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September

More information

NHS LANARKSHIRE HEALTH RECORDS POLICY Management and Maintenance, Security, Storage, Distribution and Retention of Health Records

NHS LANARKSHIRE HEALTH RECORDS POLICY Management and Maintenance, Security, Storage, Distribution and Retention of Health Records NHS LANARKSHIRE HEALTH RECORDS POLICY Management and Maintenance, Security, Storage, Distribution and Retention of Health Records Author: Responsible Lead Executive Director: Endorsing Body: Governance

More information

De-identification of Data using Pseudonyms (Pseudonymisation) Policy

De-identification of Data using Pseudonyms (Pseudonymisation) Policy De-identification of Data using Pseudonyms (Pseudonymisation) Policy Version: 2.0 Page 1 of 7 Partners in Care This is a controlled document. It should not be altered in any way without the express permission

More information

Data Quality Policy SH NCP 2. Version: 5. Summary:

Data Quality Policy SH NCP 2. Version: 5. Summary: SH NCP 2 Summary: Keywords (minimum of 5): (To assist policy search engine) Target Audience: The Trust provides a framework to ensure all data that is recorded by the Trust is accurate and complies to

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact

More information

Network Address Translation (NAT) Good Practice Guideline

Network Address Translation (NAT) Good Practice Guideline Programme NPFIT Document Record ID Key Sub-Prog / Project Infrastructure Security NPFIT-FNT-TO-IG-GPG-0011.06 Prog. Director Chris Wilber Status Approved Owner James Wood Version 2.0 Author Mike Farrell

More information

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South

More information

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control

More information

Data Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana

Data Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act

More information

AGENDA ITEM: SUMMARY. Author/Responsible Officer: John Worts, ICT Team Leader

AGENDA ITEM: SUMMARY. Author/Responsible Officer: John Worts, ICT Team Leader AGENDA ITEM: SUMMARY Report for: Committee Date of meeting: 30 May 2012 PART: 1 If Part II, reason: Title of report: Contact: Purpose of report: Recommendations Corporate objectives: Implications: INFORMATION

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

Records Management and Information Lifecycle Strategy

Records Management and Information Lifecycle Strategy LINCOLNSHIRE PARTNERSHIP NHS FOUNDATION TRUST Records Management and Information Lifecycle Strategy DOCUMENT VERSION CONTROL Document Type and Title: Strategy New or Replacing: Revised/Updated Version

More information

A Question of Balance

A Question of Balance A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What

More information

The NHS Foundation Trust Code of Governance

The NHS Foundation Trust Code of Governance The NHS Foundation Trust Code of Governance www.monitor-nhsft.gov.uk The NHS Foundation Trust Code of Governance 1 Contents 1 Introduction 4 1.1 Why is there a code of governance for NHS foundation trusts?

More information

Care service inspection report

Care service inspection report Care service inspection report Full inspection SSCN Social Care Housing Support Service Suite 3, Floor 2 ELS House 555 Gorgie Road Edinburgh Inspection completed on 03 May 2016 Service provided by: Support

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

National Workforce Data Definitions Inherited Information Standard. Human Behavioural Guidance Version 1.0

National Workforce Data Definitions Inherited Information Standard. Human Behavioural Guidance Version 1.0 Inherited Information Standard Human Behavioural Guidance Version 1.0 Purpose of this document The purpose of this document is to provide human behavioural guidance for the implementation and use of the

More information

Level 2 Certificate in Warehousing and Storage Skills (QCF)

Level 2 Certificate in Warehousing and Storage Skills (QCF) Level 2 Certificate in Warehousing and Storage Skills (QCF) Qualification Handbook www.cityandguilds.com September 2010 Version 1.1 Level 2 Certificate 1016-02 QAN 501/1082/2 About City & Guilds City &

More information

43: DATA SECURITY POLICY

43: DATA SECURITY POLICY 43: DATA SECURITY POLICY DATE OF POLICY: FEBRUARY 2013 STAFF RESPONSIBLE: HEAD/DEPUTY HEAD STATUS: STATUTORY LEGISLATION: THE DATA PROTECTION ACT 1998 REVIEWED BY GOVERNING BODY: FEBRUARY 2013 EDITED:

More information

The Manitowoc Company, Inc.

The Manitowoc Company, Inc. The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational

More information

Information Governance Framework

Information Governance Framework Information Governance Framework March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aim 2 3 Purpose, Values and Principles 2 4 Scope 3 5 Roles and Responsibilities 3 6 Review 5 Appendix 1 - Information

More information

Joint Audit Report for South Lakeland District Council. & Eden District Council

Joint Audit Report for South Lakeland District Council. & Eden District Council Joint Audit Report for South Lakeland District Council & Eden District Council Audit of IT Data Backup and Recovery Arrangements Audit of Development Management 22nd May 2015 11 th June 2015 0 Page 0 Audit

More information

PRIVACY POLICY Personal information and sensitive information Information we request from you

PRIVACY POLICY Personal information and sensitive information Information we request from you PRIVACY POLICY Business Chicks Pty Ltd A.C.N. 121 566 934 (we, us, our, or Business Chicks) recognises and values the protection of your privacy. We also understand that you want clarity about how we manage

More information

Project Acronym: CRM ACCORD Version: 2 Contact: Joanne Child, Doncaster College Date: 30 April 2010. JISC Final Report CRM ACCORD

Project Acronym: CRM ACCORD Version: 2 Contact: Joanne Child, Doncaster College Date: 30 April 2010. JISC Final Report CRM ACCORD Project Acronym: CRM ACCORD JISC Final Report CRM ACCORD Page 1 of 22 Document title: JISC Final Report Last updated: April 2007 Table of Contents Acknowledgements... 3 Executive Summary... 4 Background...

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

INFORMATION SHARING AGREEMENT. Multi-Disciplinary Team (MDT): Service Information Sharing

INFORMATION SHARING AGREEMENT. Multi-Disciplinary Team (MDT): Service Information Sharing INFORMATION SHARING AGREEMENT Multi-Disciplinary Team (MDT): Service Information Sharing SCOPE NAME OF LEAD Multi-Disciplinary Team (MDT) for high risk people: this agreement is for the patient and management

More information

Information Sharing Protocol

Information Sharing Protocol Information Sharing Protocol South Central PCTs, General Practices and Tribal Consulting Limited Commissioning Enablement Service (Analytics) Document Control Date Version Author Comment 08/02/10 0.1 A.

More information

South Norfolk Council Business Continuity Policy

South Norfolk Council Business Continuity Policy South Norfolk Council Business Continuity Policy 1 Title: Business Continuity Policy Date of Publication: TBC Version: 2 Published by: Emergency Planning Team Review date: April 2014 Document Owner: Document

More information

Information Governance Strategy :

Information Governance Strategy : Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update

More information

CORPORATE RECORDS MANAGEMENT POLICY

CORPORATE RECORDS MANAGEMENT POLICY 1.1 Introduction Derbyshire County Council is dependent on its records to operate efficiently and to account for its actions. This policy defines a structure for Derbyshire County Council to ensure that

More information

JOB DESCRIPTION & PERSON SPECIFICATION Senior Clinical/ Counselling Psychologist 0.5 WTE Permanent Contract - HSE Funded

JOB DESCRIPTION & PERSON SPECIFICATION Senior Clinical/ Counselling Psychologist 0.5 WTE Permanent Contract - HSE Funded JOB DESCRIPTION & PERSON SPECIFICATION Senior Clinical/ Counselling Psychologist 0.5 WTE Permanent Contract - HSE Funded JOB DESCRIPTION TITLE: REPORTING TO: ACCOUNTABLE TO: SALARY SCALE: HOLIDAYS: HEALTH:

More information

INFORMATION GOVERNANCE STRATEGY NO.CG02

INFORMATION GOVERNANCE STRATEGY NO.CG02 INFORMATION GOVERNANCE STRATEGY NO.CG02 Applies to: All NHS LA employees, Non-Executive Directors, secondees and consultants, and/or any other parties who will carry out duties on behalf of the NHS LA.

More information

16 Electronic health information management systems

16 Electronic health information management systems 16 Electronic health information management systems Section 16: Electronic information management systems The continued expansion and growth in global technologies is aiding the development of many new

More information

Data Security and Extranet

Data Security and Extranet Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:

More information

The HR module is at the heart of ESR because it contains all the core employee information used by other components of the system

The HR module is at the heart of ESR because it contains all the core employee information used by other components of the system Core HR The HR module is at the heart of ESR because it contains all the core employee information used by other components of the system Overview The HR module covers the three scenarios of HR Management:

More information

QUESTIONS AND ANSWERS HEALTHCARE IDENTIFIERS BILL 2010

QUESTIONS AND ANSWERS HEALTHCARE IDENTIFIERS BILL 2010 About Healthcare Identifiers QUESTIONS AND ANSWERS HEALTHCARE IDENTIFIERS BILL 2010 Q1. What is the Healthcare Identifiers Service? The Healthcare Identifiers (HI) Service will implement and maintain a

More information

Risk Management Plan 2012-2015

Risk Management Plan 2012-2015 Risk Management Plan 2012-2015 This controlled document shall not be copied in part or whole without the express permission of the author or the author s representative. Revision Date Previous Revision

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY MILNBANK HOUSING ASSOCIATION DATA PROTECTION POLICY LS/NOV.2011/REF.P14 1) INTRODUCTION Milnbank Housing Association recognises that the Data Protection Act 1998 is an important piece of legislation to

More information

Data Protection and Privacy Policy

Data Protection and Privacy Policy Data Protection and Privacy Policy 1. General This policy outlines Conciliation Resources commitments to respect the privacy of people s personal information and observe the relevant data protection legislation.

More information

Copyright Telerad Tech 2009. RADSpa. HIPAA Compliance

Copyright Telerad Tech 2009. RADSpa. HIPAA Compliance RADSpa HIPAA Compliance 1. Introduction 3 1.1. Scope and Field of Application 3 1.2. HIPAA 3 2. Security Architecture 4 2.1 Authentication 4 2.2 Authorization 4 2.3 Confidentiality 4 2.3.1 Secure Communication

More information

CHIS, Inc. Privacy General Guidelines

CHIS, Inc. Privacy General Guidelines CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified

More information

Standard 5. Patient Identification and Procedure Matching. Safety and Quality Improvement Guide

Standard 5. Patient Identification and Procedure Matching. Safety and Quality Improvement Guide Standard 5 Patient Identification and Procedure Matching Safety and Quality Improvement Guide 5 5 5October 5 2012 ISBN: Print: 978-1-921983-35-1 Electronic: 978-1-921983-36-8 Suggested citation: Australian

More information

Data Quality Arrangements in the Screening Division Public Health Wales NHS Trust. Issued: August 2012 Document reference: 348A2012

Data Quality Arrangements in the Screening Division Public Health Wales NHS Trust. Issued: August 2012 Document reference: 348A2012 Data Quality Arrangements in the Screening Division Public Health Wales NHS Trust Issued: August 2012 Document reference: 348A2012 Status of report This document has been prepared for the internal use

More information

Records Management plan

Records Management plan Records Management plan Prepared for 31 October 2013 Audit Scotland is a statutory body set up in April 2000 under the Finance and Accountability (Scotland) Act 2000. We help the Auditor General for Scotland

More information