Information Governance and Data Protection Policy

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Information Governance and Data Protection Policy"

Transcription

1 Information Governance and Data Protection Policy Page 1 of 21

2 Document Control Sheet Name of document: Version: Owner: File location / Filename: Information Governance and Data Protection Policy Final Head of Corporate Affairs NNCCG/DC/Policy Date of this version: December 2013 Produced by: Synopsis and outcomes of consultation undertaken: Synopsis and outcomes of Equality and Diversity Impact Assessment: Approved by (Committee): Head of Corporate Affairs This policy has been reviewed and updated from the Cluster s policy in this regard and follows national legislation and guidance No adverse impact identified Executive Team Date ratified: 14 th January 2014 Copyholders: Next review due: December 2015 Enquiries to: Revision History Head of Corporate Affairs, Corporate Affairs Officer Head of Corporate Affairs Revision Date Summary of changes Author(s) Version Number 31/12/13 Addition of Information Governance Framework and reference to the responsibilities of the Audit Committee, Caldicott Guardian and Senior Information Risk Owner (SIRO) Chrissy Jackson V1.1 Approvals This document requires the following approvals either individual(s), group(s) or board. Name Title Date of Issue Version Number Audit Committee 14/01/2014 V1.1 Page 2 of 21

3 Contents 1. Introduction Scope Data Protection Act Information Governance Management Framework Monitoring Appendix 1 Job Description: Senior Information Risk Owner (SIRO) Appendix 2 Job Description: Caldicott Guardian Appendix 3 Audit Committee Terms of Reference Appendix 4 Information Governance Framework

4 1. Introduction 1.1 Information is a vital asset and needs to be managed securely by NHS organisations. Appropriate policies, guidance, accountability and structures must be in place to support the governance and confidentiality of information in order to support the organisation s strategic business aims. 1.2 Information Governance is defined as a framework for handling information in a confidential and secure manner to appropriate ethical and quality standards in a modern health service (Information Security Management: NHS code of Practice, 2007). 1.3 For the purposes of this policy; Information is defined as personal-identifiable (patient and staff), sensitive and commercially sensitive information. Personal-identifiable data is any information relating to an identified or identifiable person (the data subject). An identified or identifiable person is one who can be identified, directly or indirectly, by reference to an identification number (NHS number) or one or more factors specific to their physical, physiological, mental, economic, cultural or social identity. 2. Scope 2.1 This policy outlines the principles of information governance and Data Protection that are applied to North Norfolk Clinical Commissioning Group (NNCCG / the Group) and its member practices. 2.2 The policy applies to both manual and electronic records and incorporates the development of a robust information governance framework for the effective management and protection of organisational and personal information and the CCG s strategic objective towards the management of information risk. 2.3 The CCG s information governance objectives are: To hold information securely and confidentially in accordance with the Confidentiality NHS Code of Practice 2003 and Common Law duty of confidentiality; To obtain information fairly and efficiently in accordance with the Data Protection Act 1998; To record information accurately and ethically in accordance with the Record Management NHS Code of Practice 2006; and To share information appropriately and lawfully in accordance with the NHS Health and Social Care Act 2012 and Access to Health Records Act This policy applies to all staff who work for NNCCG including contractors and members of the Governing Body. 3. Data Protection Act 3.1 NNCCG is committed to compliance with the requirements of the Data Protection Act 1998 ( the Act ) and will ensure that all employees, contractors, agents, consultants and partners who have access to any personal data held by or on behalf of the Group are fully aware of and abide by their duties and responsibilities under the Act. In order to 4

5 operate efficiently, the Group has to collect and use information about people with whom it works, including patients, members of the public, employees (current, past and prospective), clients and customers, and suppliers. In addition, it may be required by law to collect and use information in order to comply with the requirements of the Department of Health. This personal information must be handled and managed appropriately, however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by any other means. 3.2 The Data Protection Act 1998 governs how we collect, store, process and share data. The Act dictates that information should only be disclosed on a need to know basis. Printouts and paper records must be treated carefully and disposed of in a secure manner. Staff must not disclose information outside their line of duty. 3.3 The Group will register its data holdings with the Information Commissioners Office (ICO) with effect from 1 st April 2013 in its capacity as a Data Controller, identifying the purposes for holding the data, how it is used and to whom it may be disclosed. Therefore all applications/databases must be registered in compliance with this policy and the 8 Data Protection Principles. The Head of Corporate Affairs will act as Data Protection officer for the Group and manage the validity of its registration. The Data Protection Act 1998 requires every data controller who is processing personal information in an automated form to register with the ICO, unless they are exempt. Failure to notify is a criminal offence. Register entries have to be renewed annually. Failure to renew a registration is a criminal offence. 3.4 Data controller means a person who [either alone or jointly or in common with other persons] determines the purpose for which, and the manner in which any personal data is, or will be, processed. A data controller must be a person recognised in law, that is to say: individuals; organisations; and other corporate and unincorporated bodies of persons. Data controllers will usually be organisations, but can be individuals, for example selfemployed consultants. Even if an individual is given responsibility for data protection in an organisation, they will be acting on behalf of the organisation, which will be the data controller. In relation to data controllers, the term jointly is used where two or more persons (usually organisations) act together to decide the purpose and manner of any data processing. The term in common applies where two or more persons share a pool of personal data that they process independently of each other. Data controllers must ensure that any processing of personal data for which they are responsible complies with the Act. Failure to do so risks enforcement action, even prosecution, and compensation claims from individuals. 3.5 Data Subject means an individual who is the subject of personal data. In other words, the data subject is the individual whom particular personal data is about. The Act does 5

6 not count as a data subject an individual who has died or who cannot be identified or distinguished from others. 3.6 Data processor, in relation to personal data, means any person [other than an employee of the data controller] who processes the data on behalf of the data controller Data Protection principles Personal data shall be processed fairly and lawfully; Personal data shall be obtained for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes; Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed; Personal data shall be accurate and, where necessary, kept up to date; Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes; Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act 1998; Appropriate technical and organisational measures shall be taken against unauthorised and unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data; and Personal data shall not be transferred to a county or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal. 3.8 Data Subject Access The Data Protection Act gives rights to a copy of the information held about a person. This is known as a subject access request An individual can request access to information regardless of the media in which it may be held Data Retention schedules are detailed in the DOH Records Management: NHS Code of Practice NNCCG will ensure that the general public, staff, including volunteers, locums, temporary employees and patients are aware of why the NHS needs information about them, how this is used and to whom it may be disclosed by the use of leaflets, its website and the websites of member practices. Statements about Data Protection will be included on all forms requesting personal identifiable information. 3.9 Information Sharing There are Acts of Parliament that govern the disclosure/sharing of personal patient information - some make it a legal requirement to disclose and others describe information that cannot be disclosed. NNCCG is a signatory to the Norfolk-wide Information Sharing Protocol and the associated supporting 6

7 agreements with a wide range of third parties to demonstrate the organisation s commitment to appropriate information sharing. The document is managed and held by Norfolk County Council, which holds a current list of signatories. 4. Information Governance Management Framework 4.1 The IG Management Framework provides an overview of how NNCCG will manage the IG agenda. IG Management Framework Senior roles Together, the Senior Information Risk Owner (SIRO), Caldicott Guardian and IG Lead are accountable for: ensuring effective management, accountability, compliance and assurance for all aspects of IG; ensuring there is top level awareness and support for IG; providing direction in formulating, establishing and promoting IG policies; ensuring assessment and audit of IG policies; reporting regularly to the Audit Committee on IG; ensuring the approach to IG is communicated to all staff; ensuring appropriate training is made available to staff in line with the NHS Operating Framework 2010/11; ensuring compliance with law and national guidance; promoting risk assessment and mitigation of IG risks, using Information Risk Management processes and escalating to the Assurance Framework as required; providing advice to staff on using, maintaining, transferring and sharing sensitive information; and act as the conscience of the organisation in relation to the handling and sharing of patient identifiable information and advising on lawful and ethical processing of information. The role of the SIRO, as referred to in Appendix 1 is to: oversee the development of an Information Risk Management Policy, and a Strategy for implementing the policy within the Information Governance Framework; take ownership of the risk assessment process for information risk, including review of the annual information risk assessment to support and inform the Statement of Internal Control; review and agree an action plan in respect of identified information risks; ensure that the Group s approach to information risk is effective in terms of resource commitment; provide a focal point for the resolution and/or discussion of information 7

8 risk issues; and ensure the Governing Body is adequately briefed on information risk issues. The role of the Caldicott Guardian, as referred to in Appendix 2 is to: champion confidentiality issues at Governing Body/Executive Team level and act as both the conscience of the organisation and as an enabler for appropriate information sharing; and ensure that confidentiality issues are appropriately reflected in organisational strategies, policies and working procedures. Key Policies The following policies have been established and adopted by NNCCG as the foundation of the IG Management Framework: Norfolk Overarching Information Sharing Protocol Information Lifecycle and Records Management Policy Information Risk Policy Freedom of Information Act 2000 and Environmental Information Regulations 2004, Managing Requests for Information and Publication Scheme Information Governance Serious Incident Requiring Investigation Policy Privacy Impact Assessment Policy Risk Management Strategy and Assurance Framework Disciplinary Policy Staff Leavers Policy NNCCG will observe the following policies in respect of services commissioned under SLA from the Commissioning Support Unit (CSU) Information and IT Security Policy Registration Authority Policy Mobile and Homeworking Policy Key Governance Bodies Resources The Audit Committee oversees the IG agenda and is the main steering group for IG/Information Security. The Audit Committee reports to the Governing Body which reports to the Council of Members. Key staff (responsibilities highlighted in Job Descriptions):- Head of Corporate Affairs: Data Protection Officer, maintaining the Data Protection registration with the Information Commissioner; IG Facilitator; Corporate Records Manager; Corporate Affairs Officer: responsible for the delivery of the CCG s IG 8

9 agenda; oversees complaints and delivery of Freedom of Information requests commissioned under SLA from the Commissioning Support Unit (CSU) Head of Business Intelligence: responsible for Data Quality IT Security Manager: commissioned under SLA from the Commissioning Support Unit (CSU) Chief Information Officer: commissioned under SLA from the Commissioning Support Unit (CSU) Registration Authority Manager: commissioned under SLA from the Commissioning Support Unit (CSU) Information Asset Owners (IAOs) and Administrators (IAAs) Governance Framework Information Asset Owners (IAOs) will be identified, provided with training and support and will carry out risk assessments on the information assets they are responsible for, to protect against unauthorised access or disclosure and to support the SIRO IAOs will ensure the integrity of information within their area; they will understand what information is held, what is added and what is removed, and who has access and why. As a result they will understand and address risks to the information. Information Asset Administrators are tasked with ensuring all Information Assets are recorded, mapped and risk assessed within their area. All third party contracts will be clear with regard to IG expectations. All managers and staff will have key IG responsibilities as part of their job descriptions and contracts. They will be familiar with the relevant policies, have attended appropriate training, support the IAOs and ensure that all patient/personal identifiable information is accurate, relevant, upto-date and used appropriately, both in electronic and manual form, and kept secure. The Disciplinary policy will clearly outline the procedures for managing breaches with contracts and policies. A failure to adhere to this policy and its associated procedures may result in disciplinary action. The Data Protection Work Programme, managed by the CSU, will ensure compliance with all aspects of the Data Protection Act and related provisions. It will promote awareness throughout the organisation and ensure service users are provided with information on their rights under data protection legislation Freedom of Information, The CCG will make available, upon request, non-confidential information about the organisation and the services it commissions through a variety of media and in accordance with the Freedom of Information Act The CCG will commission under SAL with the Commissioning Support Unity (CSU) annual assessments and audits of its FOI responsibilities. Training & Guidance IG Mandatory e-learning training for all staff using the DH IG Training Tool (IGTT) available at 9

10 learning.connectingforhealth.nhs.uk/igte/index.cfm Training is role-specific. Specialised IG and Data Protection Act training is available according to Training Needs analysis from annual appraisal and PDPs, including the Caldicott Guardian, SIRO and Information Asset Owners (IAOs) Newsletters and support will be provided to staff and member practices for all aspects of information governance and completion of their IG toolkits Responsibility of Users Users of information registered as a data holding of the CCG, in their capacity as a Data Controller, will: Be aware of their responsibilities, both legal and contractual; Comply with policies and procedures used by the CCG; and Work within the principles outlined in the Information Governance Framework Incident Management The Information Governance Serious Incident Requiring Investigation Policy outlines NNCCG s approach to reporting and investigating all incidents, including actual and potential breaches of confidential and person identifiable information, IT security issues, and RA incidents (including loss of Smartcards) in line with the guidance provided within the Health and Social Care Information Centre (HSCIC) Checklist Guidance for Reporting, Managing and Investigating Information Governance Serious Incidents Requirement Investigation (IG SIRI). Lessons learned will be shared across the organisation and member practices. Information Risk Management Data security loss and confidentiality breach incidents will be reported in the Governance Statement in the Annual Report, in accordance with SIRO guidance, Gateway 9571 and IG toolkit requirement 349. The CSU will ensure an up to date business continuity plan for the organisation, including specific plans for IT and information systems, is maintained. The core principle of information risk assessment and management requires the identification and quantification of information security risks in terms of the perceived value of the asset, severity of impact and the likelihood of occurrence. Once identified, information security risks will be managed on a formal basis. They will be recorded within the Risk Register and managed in accordance with the CCG s Risk Management Assurance Framework. The risk register and all associated actions will be reviewed at regular intervals. Any implemented information security arrangements will also be regularly reviewed feature of NNCCG s risk management programme. These reviews will help identify areas of continuing best practice and possible weakness, as well as potential risks that may have arisen since the last review was completed. 10

11 5 Monitoring 5.1 Appendix 4 depicts the reporting infrastructure that supports the Information Governance Framework. 5.2 The Audit Committee will formally monitor the implementation and performance of this policy by: reviewing progress against the IG Toolkit; considering IG risk mitigation plans; ensuring a programme of internal/external audit reviews (including audit of the IG toolkit self-assessment); and monitoring the implementation of audit recommendations. 5.3 The Governing Body will sign off the IG Toolkit submission. 5.4 Breaches of data and information security, and of this policy, must be reported using the Incident Reporting system and/or Serious Incident Policy (depending on severity). Incident trend reports will be regularly reviewed by the Audit Committee. 5.5 The Chief Finance officer, as SIRO, will receive an annual review of information risk to support their written advice to the Chief Officer, as detailed in the Governance Statement. 5.6 Business continuity plans for IT and information systems will be regularly tested by the CSU and reported to the Audit Committee. 5.7 The Group will use the complaints system to respond effectively to complaints in connection with the Data Protection Act and information governance. If the complainant is dissatisfied with the response, they will be referred to the Information Commissioner and Health Service Ombudsman. 5.8 Training data will be reviewed by the Executive Team. 11

12 Appendix 1 J O B D E S C R I P T I O N JOB TITLE: ACCOUNTABLE TO: SENIOR INFORMATION RISK OFFICER (SIRO) CHIEF OFFICER JOB SUMMARY The Senior Information Risk Owner (SIRO) will be a Senior Management Governing Body Member who will take overall ownership of the Organisation s Information Risk Management Policy, act as champion for information risk on the Governing Body and provide written advice to the Chief Officer on the content of the CCG s Annual Governance Statement with regard to information risk. The SIRO is expected to understand how the strategic business goals of the CCG and how other NHS organisations business goals may be impacted by information risks, and how those risks may be managed. The SIRO will implement and lead the NHS Information Governance (IG) risk assessment and management processes within the CCG and advise the Governing Body on the effectiveness of information risk management. The SIRO will receive training as necessary to ensure they remain effective in their role as Senior Information Risk Officer. KEY RELATIONSHIPS Within the CCG: Chief Officer and other Governing Body members Head of Corporate Affairs (IG Lead) Information Asset Owners Information Security Manager Programme Managers Caldicott Guardian, although ownership of the Information Risk Management Policy and risk assessment processes will remain with the SIRO. Regularly has contact with: Chief Executives, other Senior Information Risk Owners, Caldicott Guardians and Information Governance Leads of Department of Health and other NHS Organisations KEY RESPONSIBILITIES 1. Policy and process Oversee the development of an Information Risk Management Policy. This should include a Strategy for implementing the policy within the existing Information 12

13 Governance Assurance Framework and be compliant with NHS IG policy, standards and methods. Take ownership of the assessment processes for information risk, including prioritisation of risks and review of the annual information risk assessment to support and inform the Annual Governance Statement. Ensure that the Governing Body and the Chief Officer are kept up to date and briefed on all information risk issues affecting the organisation and its business partners. Review and agree actions in respect of identified information risks. Ensure that the CCG s approach to information risk is effective in terms of resource, commitment and execution, being appropriately communicated to all staff. Provide a focal point for the escalation, resolution and/or discussion of information risk issues. Ensure that an effective infrastructure is in place to support the role by developing a simple Information Assurance governance structure, with clear lines of Information Asset ownership and reporting with well-defined roles and responsibilities 2. Incident Management Ensure that identified information threats and vulnerabilities are followed up for risk mitigation, and that perceived or actual information incidents are managed in accordance with NHS IG Serious Incidents Requiring Investigation (IG SIRI) procedures. To ensure that there are effective mechanisms in place for reporting and managing IG SIRIs relating to the information of the CCG. These mechanisms should accommodate technical, operational or procedural improvements arising from lessons learnt. 3. Leadership TRAINING Provide leadership for Information Asset Owners (IAOs) of the CCG through effective networking structures, sharing of relevant experience, provision of training and creation of information risk reporting structures. Advise the Governing Body on the level of Information Risk Management performance within the CCG, including potential cost reductions and process improvements arising etc. The SIRO will be required to undertake information risk management training at least annually to be able to demonstrate their skills and capabilities are up to date and relevant to the needs of the organisation. Signed:... Print Name:... Dated:... 13

14 Appendix 2 J O B D E S C R I P T I O N JOB TITLE: ACCOUNTABLE TO: CALDICOTT GUARDIAN CHIEF OFFICER JOB SUMMARY: The appointment of a Caldicott Guardian was one of the recommendations of the Caldicott Report published in December The role of the guardian is to safeguard and govern uses made of patient information within the CCG s, as well as data flows to other NHS and non-nhs organisations. Caldicott Guardianship is a key component of broader information governance. The Guardian is responsible for the establishment of procedures governing access to, and the use of, person-identifiable patient information and, where appropriate, the transfer of that information to other bodies. In addition to the principles developed in the Caldicott Report, the Guardian must also take account of the codes of conduct provided by professional bodies, and guidance on the Protection and Use of Patient Information and on IM&T security disseminated by the Department of Health, including the NHS Confidentiality Code of Practice WORKING RELATIONSHIPS The Caldicott Guardian will be expected to liaise and work with Service Managers and the Governing Body in the course of promoting Caldicott principles, which will include attendance at various meetings as appropriate. The Caldicott Guardian will work closely with records management, HR and IM&T. Through an established network of NHS and Social Services representatives, the Caldicott Guardian also contributes to the peer review and interpretation of local or national confidentiality issues and the development of standards throughout the local health and social care community and partner organisations. The Caldicott Guardian is supported by the IG Lead. TIME COMMITMENT The amount of time spent on Caldicott work will vary from week to week depending on scheduling of meetings and ad hoc demands etc.; however it is estimated that on average the time commitment will equate to one clinical session per week (1 SPA). 14

15 KEY TASKS 1. PRODUCTION OF PROCEDURES, GUIDELINES AND PROTOCOLS 1.1 To oversee development and implementation of procedures that ensure that all routine uses of person-identifiable patient information are identified, agreed as being justified and documented. 1.2 To oversee development and implementation of criteria and a process for dealing with ad hoc requests for person-identifiable patient information for non-clinical purposes. 1.3 To ensure standard procedures and protocols are in place to govern access to personidentifiable patient information. 1.4 Ensure protocols for releasing information for research and audit are in line with applicable information governance standards. 1.5 To understand and apply the principles of confidentiality and data protection as set out in the DH publication Confidentiality: NHS Code of Practice, and, where current practice falls short of that required, to agree challenging and achievable improvement plans. 2 INFORMATION FOR STAFF 2.1 To ensure standard information governance procedures and protocols are in an understandable format and available to staff. 2.2 To ensure raised awareness, through training and education, of the standards of good information governance practice and Caldicott principles, and that they are understood and adhered to. 3 INFORMATION SHARING TO SUPPORT CARE 3.1 To work with other care providers and linked agencies to facilitate better sharing of relevant information about patients, in a manner that facilitates joined-up care across institutional boundaries while ensuring that patients legal rights and Caldicott Principles are maintained. 3.2 To that end, ensure establishment of Information Sharing Protocols, in line with guidance provided by the Department of Health, to govern the use and sharing of patient-identifiable information between organisations both within and outside the NHS. 3.3 In collaboration with the IG Lead to draw to the attention of all staff through raising general awareness ( bulletins, Team Brief, and any other suitable means identified) correct practices in relation to person identifiable patient information, following specific incidents where procedures, guidelines and protocols have been breached by staff. 4 STRATEGIC 4.1 To ensure that the CCG, in its development of strategy and process to implement the various elements of Connecting for Health, especially the National Care Record Service (NCRS), maintains its compliance with Caldicott Principles and other relevant legislation. 4.2 Specifically this will include, but not be limited to: Advising on staff registration and authentication processes 15

16 Assignment of appropriate role profiles to staff Advising on workgroup construction for access control purposes Ensuring that confidentiality alerts and audit trail monitoring are effectively managed 4.3 To keep abreast of developments within Connecting for Health, and in particular the opportunities for safeguarding patient information through promoting use of anonymised or coded data obtained via the Secondary Uses Service (SUS). 5 REPORTING 5.1 In collaboration with the IG Lead, to draw to the attention of the relevant manager any occasion where the appropriate procedures, guidelines and protocols may have not been followed. 5.2 To raise concerns about any inappropriate uses made of patient information with the Chief Officer where necessary. 5.3 On an annual basis, to participate in the Information Governance Toolkit Assessment (adherence to the standards are included in the CCG s performance ratings). 5.4 Also on an annual basis, to formally report to the Governing Body the CCG s performance against the whole IG agenda, making recommendations for further improvement where appropriate. Signed:... Print Name:... Dated:... 16

17 Appendix 3 AUDIT COMMITTEE TERMS OF REFERENCE 1 Introduction The audit committee (the committee) is established in accordance with North Norfolk Clinical Commissioning Group s constitution. These terms of reference set out the membership, remit, responsibilities and reporting arrangements of the committee and shall have effect as if incorporated into the constitution. The Committee will review its performance annually by undertaking a self-assessment; it will provide a report arising from its findings to the Governing Body entitled Effectiveness of the Audit Committee. 2 Membership The committee shall be appointed by the clinical commissioning group as set out in the clinical commissioning group s constitution and may include individuals who are not on the governing body. Members will include: the lay member on the governing body, with a lead role in overseeing key elements of governance; the lay member on the governing body, with a lead role in overseeing engagement; and a maximum of 3 of the elected managers from the clinical commissioning group s Member Practices. The lay member with a lead role in overseeing key elements of governance will chair the audit committee. In the event of the chair of the committee being unable to attend all or part of the meeting, he or she will nominate a replacement from within the membership to deputise for that meeting. 3 Quorum A quorum will comprise three members of the committee, including at least one lay member. 4 Attendance (in addition to the members of the committee) The Chief Finance Officer will attend meetings of the audit committee routinely along with representatives from appointed external and internal auditors. In addition: at least once a year the committee will meet privately with the external and internal auditors; representatives from NHS Protect will be invited to attend meetings and will normally attend at least one meeting each year; regardless of attendance, external audit, internal audit, local counter fraud and security management (NHS Protect) providers will have full and unrestricted rights of access to the audit committee; the Accountable Officer will be invited to attend and discuss, at least annually with the committee, the process for assurance that supports the Annual Governance Statement. He or she will also attend when the committee considers the draft internal audit plan and the annual accounts; senior officers may be invited to attend, particularly when the committee is discussing areas of risk or operation that are the responsibility of that person; the chair of the governing body will also be invited to attend one meeting each year in order to form a view on, and understanding of, the committee s operations. 17

18 5 Secretary The Head of Corporate Affairs is responsible for supporting the chair in the management of the committee s business and for drawing the committee s attention to best practice, national guidance and other relevant documents as appropriate. 6 Frequency and notice of meetings 6.1 The committee will meet on at least four occasions each year. 6.2 The agenda and supporting papers will be sent to members seven days in advance of the meeting. 6.3 The Chair may call a meeting of the group at any time. 6.4 External auditors or the Head of Internal Audit may request a meeting at any time if it is considered that one is necessary. 7 Remit and responsibilities of the committee 7.1 The committee shall critically review the clinical commissioning group s financial reporting and internal control principles and ensure an appropriate relationship with both internal and external auditors is maintained. 7.2 The committee shall review the establishment and maintenance of an effective system of integrated governance, risk management and internal control, across the whole of the clinical commissioning group s activities that support the achievement of the clinical commissioning group s objectives. 7.3 Its work will dovetail with that of the joint quality and patient safety committee to seek assurance that robust clinical quality is in place. 7.4 In particular, the committee will review the adequacy and effectiveness of: All risk and control-related disclosure statements (in particular the governance statement), together with any appropriate independent assurances, prior to endorsement by the clinical commissioning group; The underlying assurance processes that indicate the degree of achievement of clinical commissioning group objectives, the effectiveness of the management of principal risks and the appropriateness of the above disclosure statements; The policies for ensuring compliance with relevant regulatory, legal and code of conduct requirements and related reporting and self-certification; The policies and procedures for all work related to fraud and corruption as set out in Secretary of State Directions and as required by the NHS Counter Fraud and Security Management Service; 7.5 In carrying out this work the committee will primarily utilise the work of internal audit, external audit and other assurance functions, but will not be limited to these sources. It will also seek reports and assurances from managers as appropriate, concentrating on the over-arching systems of integrated governance, risk management and internal control, together with indicators of their effectiveness. This will be evidenced through the committee s use of an effective assurance framework to guide its work and that of the audit and assurance functions that report to it. 7.6 Internal audit The committee shall ensure that there is an effective internal audit function that meets mandatory NHS Internal Audit Standards and provides appropriate independent assurance to the audit committee, accountable officer and clinical commissioning group. This will be achieved by: 18

19 Consideration of the provision of the internal audit service, the cost of the audit and any questions of resignation and dismissal; Review and approval of the internal audit strategy, operational plan and more detailed programme of work, ensuring that this is consistent with the audit needs of the organisation, as identified in the assurance framework; Considering the major findings of internal audit work (and management s response) and ensuring co-ordination between the internal and external auditors to optimise audit resources; Ensuring that the internal audit function is adequately resourced and has appropriate standing within the clinical commissioning group; An annual review of the effectiveness of internal audit. 7.7 External audit The committee shall review the work and findings of the external auditors and consider the implications and management s responses to their work. This will be achieved by: Consideration of the performance of the external auditors, as far as the rules governing the appointment permit; Discussion and agreement with the external auditors, before the audit commences, on the nature and scope of the audit as set out in the annual plan, and ensuring coordination, as appropriate, with other external auditors in the local health economy; Discussion with the external auditors of their local evaluation of audit risks and assessment of the clinical commissioning group and associated impact on the audit fee; Review of all external audit reports, including the report to those charged with governance, agreement of the annual audit letter before submission to the clinical commissioning group and any work undertaken outside the annual audit plan, together with the appropriateness of management responses. 7.8 Other assurance functions The audit committee shall review the findings of other significant assurance functions, both internal and external, and consider the implications for the governance of the clinical commissioning group. These will include, but will not be limited to: reviews by Department of Health arm s length bodies or regulators/inspectors (for example, the Care Quality Commission and NHS Litigation Authority); review by professional bodies with responsibility for the performance of staff or functions (for example, Royal Colleges and accreditation bodies); and the organisation s performance against such as the NHS Information Governance Toolkit. This last will be carried out by receipt of an Annual Report and Improvement Action Plan in this regard, the report to facilitate the committee s monitoring of compliance with training requirements. 7.9 Counter fraud The committee shall satisfy itself that the clinical commissioning group has adequate arrangements in place for countering fraud and shall review the outcomes of counter fraud work. It will also approve the counter fraud work programme Management The committee shall request and review reports and positive assurances from managers on the overall arrangements for governance, risk management and internal control. 19

20 The committee may also request specific reports from individual functions within the clinical commissioning group as they may be appropriate to the overall arrangements and may establish such sub-committees as may be necessary to assist the discharge of its responsibilities Financial reporting The audit committee shall monitor the integrity of the clinical commissioning group s financial statements and any formal announcements relating to the clinical commissioning group s financial performance. The committee shall ensure that the systems for financial reporting to the clinical commissioning group, including those of budgetary control, are subject to review as to completeness and accuracy of the information provided to the clinical commissioning group. The audit committee shall review the annual report and financial statements before submission to the governing body and the clinical commissioning group, focusing particularly on: The wording in the governance statement and other disclosures relevant to the terms of reference of the committee; Changes in, and compliance with, accounting policies, practices and estimation techniques; Unadjusted mis-statements in the financial statements; Significant judgements in preparing of the financial statements; Significant adjustments resulting from the audit; Letter of representation; and Qualitative aspects of financial reporting. 8 Relationship with the Governing Body The committee will provide copies of the minutes of its meetings to the next meeting in public of the Governing Body. Minutes will be accompanied by a formal report identifying key matters of activity, concern and interest. 9 Policy and best practice The committee has full authority to commission any reports or surveys it deems necessary to help it fulfil its obligations and will apply best practice in all decision-making processes. 10 Conduct of the committee The committee will conduct business in accordance with the clinical commissioning group s policy on Standards of Business Conduct which incorporates: The NHS Codes of Conduct and Accountability; Standards of Business Conduct for NHS Staff; and The Nolan Principles. The committee will review its performance, membership and terms of reference annually. Any proposed changes must be approved by the Governing Body. Date agreed: 19 th March

21 Confidentiality and Data Protection Delivery of the Information Governance Agenda Information Risk Management Appendix 4 Information Governance Reporting Framework Governing Body Chief Officer Caldicott Guardian Audit Committee Senior Information Risk Owner (SIRO) Information Asset Owner(s) (IAO) Information Asset Administrator(s) (IAA) Head of Corporate Affairs (IG Lead) / Corporate Affairs Officer 21

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

Information Governance Strategy :

Information Governance Strategy : Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update

More information

INFORMATION GOVERNANCE POLICY & FRAMEWORK

INFORMATION GOVERNANCE POLICY & FRAMEWORK INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger

More information

Information Governance Plan

Information Governance Plan Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):

More information

Information Governance Framework and Strategy. November 2014

Information Governance Framework and Strategy. November 2014 November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of

More information

Information Governance Strategy. Version No 2.0

Information Governance Strategy. Version No 2.0 Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs NOTE: This is a CONTROLLED Document. Any documents appearing in paper

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting

More information

NHS Waltham Forest Clinical Commissioning Group Information Governance Policy

NHS Waltham Forest Clinical Commissioning Group Information Governance Policy NHS Waltham Forest Clinical Commissioning Group Information Governance Policy Author: Zeb Alam & David Pearce Version 3.0 Amendments to Version 2.1 Updates made in line with National Guidance and Legislation

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Name of Policy Author: Name of Review/Development Body: Ratification Body: Ruth Drewett Information Governance Steering Group Committee Trust Board : April 2015 Review date:

More information

JOB DESCRIPTION. Information Governance Manager

JOB DESCRIPTION. Information Governance Manager JOB DESCRIPTION POST TITLE: Information Governance Manager DIRECTORATE: ACCOUNTABLE TO: BAND: LOCATION: CSS Head of Information Governance 8a CSS Job Purpose The Information Governance Manager will ensure

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:

More information

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff. Information Governance Policy 1 SUMMARY This policy is intended to ensure that staff are fully aware of their Information Governance (IG) responsibilities, so that they can effectively manage and best

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:

More information

Information Governance Strategy & Policy

Information Governance Strategy & Policy Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information

More information

Information Governance Policy

Information Governance Policy Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:

More information

NHS Commissioning Board: Information governance policy

NHS Commissioning Board: Information governance policy NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION

More information

Policy Checklist. Head of Information Governance

Policy Checklist. Head of Information Governance Policy Checklist Name of Policy: Information Governance Policy Purpose of Policy: To provide guidance to all staff on their responsibilities regarding information governance and to ensure that the Trust

More information

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety

More information

A Question of Balance

A Question of Balance A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What

More information

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2. Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments

More information

Information Governance Policy and Management Framework

Information Governance Policy and Management Framework Information Governance Policy and Management Framework Policy Number: IG01 Version: 3.0 Ratified by: Governing Body Date ratified: February 2016 Name of originator/author: Louise Chatwyn Information Governance

More information

INFORMATION RISK MANAGEMENT POLICY

INFORMATION RISK MANAGEMENT POLICY INFORMATION RISK MANAGEMENT POLICY DOCUMENT CONTROL: Version: 1 Ratified by: Steering Group / Risk Management Sub Group Date ratified: 21 November 2012 Name of originator/author: Manager Name of responsible

More information

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South

More information

Information Governance Management Framework

Information Governance Management Framework Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY ENFIELD CLINICAL COMMISSIONING GROUP INFORMATION GOVERNANCE POLICY PLEASE DESTROY ALL PREVIOUS VERSIONS OF THIS DOCUMENT Enfield CCG Information Governance Policy Information Governance Policy (Policy

More information

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE

More information

Information Governance Policy

Information Governance Policy Information Governance Policy REFERENCE NUMBER IG 101 / 0v3 May 2012 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive 4.9.12 REVIEW DUE DATE May 2015 West Lancashire CCG is committed to ensuring

More information

Policies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1

Policies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1 Policies for: Information Governance Information Quality Information Management Information Security Approved by: None this version Date approved: Name of originator/author: Ade Oduntan, Mike Hellier,

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching

More information

INFORMATION GOVERNANCE HANDBOOK

INFORMATION GOVERNANCE HANDBOOK INFORMATION GOVERNANCE HANDBOOK SECTION ONE Author Tracey Burrows Role Information Governance Manager (CSCSU) Date / Version February 2015 Version FINAL V1.0 Approved by IM&T Board Date 27 February 2015

More information

Information Governance Framework

Information Governance Framework Information Governance Framework Authorship: Chris Wallace, Information Governance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date: March

More information

Lancashire County Council Information Governance Framework

Lancashire County Council Information Governance Framework Appendix 'A' Lancashire County Council Information Governance Framework Introduction Information Governance provides a framework for bringing together all of the requirements, standards and best practice

More information

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy. Title: Reference No: NHSNYYIG - 007 Owner: Author: INFORMATION GOVERNANCE POLICY Director of Standards First Issued On: September 2010 Latest Issue Date: February 2012 Operational Date: February 2012 Review

More information

South East Coast Ambulance Service NHS Trust. Information Governance Working Group. Terms of Reference

South East Coast Ambulance Service NHS Trust. Information Governance Working Group. Terms of Reference South East Coast Ambulance Service NHS Trust Information Governance Working Group Terms of Reference 1. Constitution 1.1. The Board hereby resolves to establish a Working Group of the Risk Management &

More information

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing

More information

Information Governance Strategy. Version No 2.1

Information Governance Strategy. Version No 2.1 Livewell Southwest Information Governance Strategy Version No 2.1 Notice to staff using a paper copy of this guidance. The policies and procedures page of LSW Intranet holds the most recent version of

More information

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Final No impact Document Ratified/Approved By Hartlepool

More information

Information Governance Strategy 2015/16

Information Governance Strategy 2015/16 Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups

More information

Policy: D9 Data Quality Policy

Policy: D9 Data Quality Policy Policy: D9 Data Quality Policy Version: D9/02 Ratified by: Trust Management Team Date ratified: 16 th October 2013 Title of Author: Head of Knowledge Management Title of responsible Director Director of

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading

More information

Information Governance Strategic Management Framework 2015-2017

Information Governance Strategic Management Framework 2015-2017 Document Summary Information Governance Strategic Management Framework 2015-2017 This framework sets out the Cumbria Partnership NHS Foundation Trust (the organisation) Strategic Management Framework and

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:

More information

INFORMATION GOVERNANCE STRATEGY NO.CG02

INFORMATION GOVERNANCE STRATEGY NO.CG02 INFORMATION GOVERNANCE STRATEGY NO.CG02 Applies to: All NHS LA employees, Non-Executive Directors, secondees and consultants, and/or any other parties who will carry out duties on behalf of the NHS LA.

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version Version 1 Ratified By Date Ratified PROPOSED FOR APPROVAL 15/11/12 Author(s) Responsible Committee / Officers Date Issue November 2012 Review Date November 2013 Intended

More information

Information Sharing Policy

Information Sharing Policy Information Sharing Policy REFERENCE NUMBER IG 010 / 0v3 February 2013 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive Committee 5.2.13 REVIEW DUE DATE February 2016 West Lancashire CCG is committed

More information

Information Governance Framework

Information Governance Framework Information Governance Framework March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aim 2 3 Purpose, Values and Principles 2 4 Scope 3 5 Roles and Responsibilities 3 6 Review 5 Appendix 1 - Information

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

NHS Waltham Forest Clinical Commissioning Group Information Governance Strategy

NHS Waltham Forest Clinical Commissioning Group Information Governance Strategy NHS Waltham Forest Clinical Commissioning Group Governance Strategy Author: Zeb Alam, CCG IG Lead, (NELCSU) David Pearce, Head of Governance, WFCCG Version 3.0 Amendments to Version 2.1 Annual Review Reference

More information

Information Governance Policy

Information Governance Policy Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY

More information

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT 9.7 Date of the meeting 15/07/2015 Author Sponsoring Clinician Purpose of Report Recommendation J Green - Head

More information

Trust Informatics Policy. Information Governance. Information Governance Policy

Trust Informatics Policy. Information Governance. Information Governance Policy Trust Informatics Policy Information Governance Policy Reference: TIP/IG/IGP I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/ - 1 Document Control Policy Title Author/Contact Document Reference

More information

Information Governance Policy

Information Governance Policy Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version

More information

Caedmon College Whitby

Caedmon College Whitby Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be

More information

Information Incident Management and Reporting Procedures

Information Incident Management and Reporting Procedures Information Incident Management and Reporting Procedures Compliance with all policies, procedures, protocols, guidelines, guidance and standards is a condition of employment. Breach of policy may result

More information

Information Governance Strategy

Information Governance Strategy Policy No: IG01 Version: 3.0 Name of Policy: Information Governance Strategy Effective From: 02/06/2015 Date Ratified 06/05/2015 Ratified Health Informatics Assurance Group (HIAG) Review Date 01/05/2017

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: Revised: Consultation: Ratified by: 1.0 Information Governance Committee Governance Committee Date ratified: 19 March 2008 Name of originator/author: David McGrath

More information

INFORMATION GOVERNANCE POLICY (INCORPORATING INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK)

INFORMATION GOVERNANCE POLICY (INCORPORATING INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK) Ref No: IN-101 INFORMATION GOVERNANCE POLICY (INCORPORATING INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK) AREA: POLICY SPONSOR: Trust Wide Director of Finance IMPLEMENTED: October 2009 REVISED: June 2011

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY POLICY NO IM&T 011 DATE RATIFIED January 2012 NEXT REVIEW DATE January 2015 POLICY STATEMENT/KEY OBJECTIVE: To provide an overarching framework through which Information Governance

More information

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY Report to the Trust Board 22 September 2015 Sponsoring Director: Author: Purpose of the report: Key Issues and Recommendations: Director

More information

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY RECORDS MANAGEMENT POLICY Version 8.0 Purpose: For use by: This document is compliant with /supports compliance with: To outline the lifecycle of a record and to provide guidance on retention and disposal

More information

Information Governance Standards in Relation to Third Party Suppliers and Contractors

Information Governance Standards in Relation to Third Party Suppliers and Contractors Information Governance Standards in Relation to Third Party Suppliers and Contractors Document Summary Ensure staff members are aware of the standards that should be in place when considering engaging

More information

HERTSMERE BOROUGH COUNCIL

HERTSMERE BOROUGH COUNCIL HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act

More information

Information Incident Management and Reporting Procedures

Information Incident Management and Reporting Procedures ` Information Incident Management and Reporting Procedures Compliance with all CCG policies, procedures, protocols, guidelines, guidance and standards is a condition of employment. Breach of policy may

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection

More information

Information Governance Strategy Includes Information risk & incident management methodology

Information Governance Strategy Includes Information risk & incident management methodology Version 2.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality & Governance Committee Ratification date: May 2014 Review date: May

More information

Further to reports to EAG in February and March 2014, the purpose of this report is to;

Further to reports to EAG in February and March 2014, the purpose of this report is to; Report to: Trust Board of Directors Date of Meeting: 29 May 2014 Report Title: Annual Information Governance Report 13/14 Status: Mark relevant box with X Prepared by: Executive Sponsor (presenting): Appendices

More information

Information Governance Training Plan v13

Information Governance Training Plan v13 Information Governance Training Plan To meet requirements of IGT v13 Lincolnshire East Clinical Commissioning Group Page 1 of 17 Contents Introduction Page 3 Training Provision Page 4 Staff Induction Awareness

More information

AUDIT AND RISK MANAGEMENT COMMITTEE CHARTER

AUDIT AND RISK MANAGEMENT COMMITTEE CHARTER MASTERMYNE GROUP LIMITED AUDIT AND RISK MANAGEMENT COMMITTEE CHARTER Purpose of Charter 1. The Audit and Risk Management Committee Charter (Charter) governs the operations of the Audit and Risk Management

More information

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:

More information

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed

More information

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE.

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE. Title: Information Governance Policy Date Approved: Approved by: Date of review: Policy Ref: Issue: January 2015 Information Governance Group Division/Department: January 2016 Policy Category: ISP-04 5

More information

CCG: IG06: Records Management Policy and Strategy

CCG: IG06: Records Management Policy and Strategy Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Implementation date: 30 September 2014 Control schedule Approved by Corporate Policy and Strategy Committee Approval date 30 September 2014 Senior Responsible Officer Kirsty-Louise

More information

Information Incident Management. and Reporting Policy

Information Incident Management. and Reporting Policy Information Incident Management and Reporting Policy Policy ID IG10 Version: 1 Date ratified by Governing Body 21/3/2014 Author South CSU Date issued: 21/3/2014 Last review date: N/A Next review date:

More information

DATA PROTECTION ACT 1998 COUNCIL POLICY

DATA PROTECTION ACT 1998 COUNCIL POLICY DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations

More information

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose...

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose... IM&T Infrastructure Security Policy Board library reference Document author Assured by Review cycle P070 Information Security and Technical Assurance Manager Finance and Planning Committee 3 Years This

More information

Little Marlow Parish Council Registration Number for ICO Z3112320

Little Marlow Parish Council Registration Number for ICO Z3112320 Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with

More information

Trust Board Report. Review of the effectiveness of the IM&T Committee

Trust Board Report. Review of the effectiveness of the IM&T Committee 1. Introduction Trust Board Report Review of the effectiveness of the The meets every eight weeks, with a specific responsibility for governance, strategic direction, approval and direction of developments

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Page 1 of 46 Policy Title: Executive Summary: Information Governance Policy This policy seeks to identify the actions required to ensure that information is appropriately

More information

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013 Information Governance Policy Version 1.0 June 2013 Copyright Notification Copyright London Borough of Islington 2012 This document is distributed under the Creative Commons Attribution 2.5 license. This

More information