Personal Data Handling and Sharing Policy

Size: px
Start display at page:

Download "Personal Data Handling and Sharing Policy"

Transcription

1 Personal Data Handling and Sharing Policy Originator Richard Gibson Date 20 June 2012 Verifier Lynda Oliver Date 20 June 2012 Reviewed Richard Gibson, Lynda Oliver Date July 2013

2 Contents Page 1. Introduction 2. Purpose of the Policy 3. Responsibilities 4. Data Gathering 5. Use of Data 6. Patient Rights 7. Sharing of Data 8. Scope 9. Procedures 10. Approval

3 Personal Data Handling and Sharing Policy 1. Introduction The Outside Clinic has an obligation to define the requirements for how we process data and how it is handled within the organisation structure. 2. Purpose of the Policy The purpose of this Policy is to define why data is collected, how it is used and how data is kept confidential. It also sets out the parameters for all employees of The Outside Clinic who are involved in how to share patient identifiable/sensitive information outside the organisation. 3. Responsibilities The Data Controller is responsible for keeping patient information confidential. The Data Controller is the Head Of Operations. 4. Data Gathering The Outside Clinic keeps records about patient s health and any treatment and care that is provided. These records help to ensure that we deliver the best possible care. The records may be written down (manual records) or held on computer. These records may include: Basic details about the patient such as address, date of birth. Contact we have had with the patient such as eye and hearing examinations. Notes and reports of the patient s health. Details and records about the patient s treatment and care. Some of this information will be held centrally to be used for statistical purposes. In these instances we take strict measures to ensure that individual patients cannot be identified. The information will only be used with their consent, unless the law requires us to pass on this information. 5. Use of Data Patient records are stored so that they can be used to guide and administer the care that is provided to them. Our medical professionals involved in their care has accurate and up-to-date information to assess their health and decide on the most appropriate care for them. Patient concerns will be fully investigated if a complaint is raised. The Outside Clinic will ensure that the appropriate information is available if the patient attends another medical professional or they are referred to a specialist, their GP or another part of the NHS or similar organisation. 6. Patient Rights Patients have a right of access to the information that we hold about them. The information can be provided by the patient making a request in writing to the Data Controller. We are required to respond within 40 days. The patient will need to give The Outside Clinic adequate information to ensure that the patient s identity can be verified.

4 7. Sharing of Data It is the Policy of The Outside Clinic to share patient information appropriately in order to ensure seamless and appropriate care for patients. Every member of staff has a contractual obligation to pass on or share patient identifiable information safely and securely. The Outside Clinic acknowledges that patients have a right to be aware when their data is being shared. If the sharing does not contribute to, or support the delivery of their care, then it may be that their written consent will be required. The sharing will be carried out in a safe environment and within the constraints of the Data Protection Act 1998, the Data Protection Principles and the Caldicott Principles. 8. Scope This Policy applies to all patient identifiable or The Outside Clinic sensitive information, be it manual or electronic, that is being shared or is planned to be shared with another organisation or individual. 9. Procedures Postal Security Envelopes should be securely sealed, clearly addressed to a known contact and marked confidential and addressee only. A return to sender address should also be marked on the envelope Telephone Security Telephone validation or callback procedures should be followed before disclosing information to someone you do not know to confirm their identity and authorisation. Fax Machine Security All fax machines, which could receive patient information when unsupervised, must be in an area that could be locked so that unauthorised staff or the general public cannot gain access to them. Confidential information should only be sent by fax where absolutely necessary. If you do send information that identifies a patient, always send a cover sheet with the fax, which contains a statement This fax is confidential and is intended for the person whom it is addressed. When faxing patient information, steps must be taken to minimise the risk of miss dialling. Pre-programmed dialling is recommended and you should never dial from memory. Never send a fax to an unsupervised machine, unless it is designated safe haven or secure. Make sure that an appropriate person is available to receive that fax. It is good practice to make sure after sending the fax that the right person has received it. Confidential information sent via fax should be accompanied by a phone call to the recipient. Coded numbers should be used instead of names/address wherever possible. The data should be anonymised where possible and kept to a minimum. Security ing patient confidential information is only permitted if it is encrypted or where system-to-system networks are known to be secure or by use of an NHS net address.

5 Using Anonymised or Pseudonymised Information Anonymising data means to remove factors that would enable an individual to be identified and is the method to be used for the sharing of bulk data. Pseudonymisation is the process of applying a pseudonym to replace person identifiable information and can be used with certain IT programs when transferring information concerning individuals. Encryption All portable media etc (laptops, data sticks) that are to be used for the downloading of patient identifiable/sensitive information must be: o o Manager. Supplied by The Outside Clinic. Encrypted. Any enquiries about encryption should be addressed to the Hardware and Network Data Sharing Examples of data sharing are: Patient data returns to the NHS England and Health Authorities. Communications with GP Practices. Copies of records being supplied to other hospitals taking over the care of the patient because, for example, the patient has moved. Outsourcing initiatives. Clinical audit or research. Patient information being shared with other health care agencies. Staff and Training Reference to Data Sharing is part of Information Governance training that takes place at induction and at mandatory updates. 10. Approval This policy has been approved by the undersigned and will be reviewed on an annual basis. Originator: Richard Gibson Date: 20 June 2012 Verifier: Lynda Oliver Date: 20 June 2012 Authoriser: Richard Gibson Date: 20 June 2012

Safe Haven Procedure. Final. Date Issued March 2009 Review Date March 2010 NHS East Midland Employees. Safe Haven Procedure: v1.

Safe Haven Procedure. Final. Date Issued March 2009 Review Date March 2010 NHS East Midland Employees. Safe Haven Procedure: v1. Safe Haven Procedure Final Version 1.0 (Final) Ratified By Executive Team Originator/Author Fabian Henderson Date Issued March 2009 Review Date March 2010 Target NHS East Midland Employees Safe Haven Procedure:

More information

The Leeds Teaching Hospitals NHS Trust. Research & Development Department DATA PROTECTION IN RESEARCH GUIDANCE NOTES FOR RESEARCHERS

The Leeds Teaching Hospitals NHS Trust. Research & Development Department DATA PROTECTION IN RESEARCH GUIDANCE NOTES FOR RESEARCHERS The Leeds Teaching Hospitals NHS Trust Research & Development Department DATA PROTECTION IN RESEARCH GUIDANCE NOTES FOR RESEARCHERS 1. Introduction The Research Governance Framework for Health & Social

More information

Non ASPH Trust Staff - DATA ACCESS REQUEST Page 1/3

Non ASPH Trust Staff - DATA ACCESS REQUEST Page 1/3 Paper 9 Non ASPH Trust Staff - DATA ACCESS REQUEST Page 1/3 Please ensure that all THREE pages of this contract are returned to: Information Governance Manager, Health Informatics, Chertsey House, St Peter

More information

Safe Haven Policy. Equality & Diversity Statement:

Safe Haven Policy. Equality & Diversity Statement: Title: Safe Haven Policy Reference No: 010/IT Owner: Deputy Chief Officer Author Information Governance Lead First Issued On: November 2012 Latest Issue Date: March 2015 Operational Date: March 2015 Review

More information

Personal data - Personal data identify an individual. For example, name, address, contact details, date of birth, NHS number.

Personal data - Personal data identify an individual. For example, name, address, contact details, date of birth, NHS number. Background The Data Protection Act 1998 i came into force in March 2000 and is followed by all NHS employed staff via their policies and procedures. The act applies to all personal, identifiable information

More information

Secure Transfer of Information Guidance for staff

Secure Transfer of Information Guidance for staff Secure Transfer of Information Guidance for staff Document number CCG.GOV.013.1.1 Version: 1.1 Ratified by: NHS Bury CCG Quality and Risk Committee Date ratified: 8 th January 2014 Name of originator /author

More information

Safe Haven Procedure for the Secure Transmission of Personally Identifiable Information

Safe Haven Procedure for the Secure Transmission of Personally Identifiable Information Safe Haven Procedure for the Secure Transmission of Personally Identifiable Information Im&t directorate\policies\approved ig policiesprocedures.1 Index 1. Purpose... 3 2. Introduction... 3 3. Scope...

More information

Secure Storage, Communication & Transportation of Personal Information Policy Disclaimer:

Secure Storage, Communication & Transportation of Personal Information Policy Disclaimer: Secure Storage, Communication & Transportation of Personal Information Policy Version No: 3.0 Prepared By: Information Governance, IT Security & Health Records Effective From: 20/12/2010 Review Date: 20/12/2011

More information

Hulme Hall Medical Group

Hulme Hall Medical Group Beacon Practice for Patient Online Hulme Hall Medical Group Fax and Emailing Handling Policy Written By: Joanne Revell Signed: Authorised by: Anna Webster Signed: Job Title: Practice Manager CQC Lead Effective

More information

Information Governance

Information Governance Information Governance Information for Patients Information Governance (IG) Contents: Identifying the IG Lead for the Practice. This identifies the main people responsible for Information Governance Policy.

More information

OxCCARE Information Governance Policy

OxCCARE Information Governance Policy OxCCARE Information Governance Policy Introduction: This document is intended to act as a practical guide to information governance (IG) for all research, audit, quality improvement and service evaluation

More information

A Framework for the Safe and Secure Use & Management of Community Pharmacy NHSmail email including Generic Mailboxes

A Framework for the Safe and Secure Use & Management of Community Pharmacy NHSmail email including Generic Mailboxes A Framework for the Safe and Secure Use & Management of Community Pharmacy NHSmail email including Generic Mailboxes Contents 1 Introduction 3 2 NHSmail Acceptable Use Policy 3 3 Objectives 4 4 General

More information

Information Governance

Information Governance Information Governance Safe Haven Procedures; Guidance for all BHR CCG Staff Fax Machines Email Postage Telephone Conversations Fax Machines Confidential information faxed in emergency situations only

More information

CIPFA DATA MANAGEMENT POLICY AND PROCEDURES

CIPFA DATA MANAGEMENT POLICY AND PROCEDURES INTRODUCTION These Policies and Procedures apply to all CIPFA volunteers that have access to, use, store and share significant amounts of personal data. It is critically important that this data is handled

More information

Research Governance Standard Operating Procedure

Research Governance Standard Operating Procedure Research Governance Standard Operating Procedure The Management and Use of Research Participant Data for Secondary Research Purposes SOP Reference: Version Number: 01 Date: 28/02/2014 Effective Date: Review

More information

Bulk Data Transfer Guidelines

Bulk Data Transfer Guidelines Bulk Data Transfer Guidelines This procedural document supersedes: CORP/ICT 20 v.1 Bulk Data Transfer. Did you print this document yourself? The Trust discourages the retention of hard copies of policies

More information

Mobility and Young London Annex 4: Sharing Information Securely

Mobility and Young London Annex 4: Sharing Information Securely Young London Matters April 2009 Government Office For London Riverwalk House 157-161 Millbank London SW1P 4RR For further information about Young London Matters contact: younglondonmatters@gol.gsi.gov.uk

More information

Safe and secure use of personal health information

Safe and secure use of personal health information Safe and secure use of personal health information Who is this leaflet for? This leaflet is for anyone who uses any of the services provided by the NHS in Scotland. It has been produced by Health Protection

More information

De-identification of Data using Pseudonyms (Pseudonymisation) Policy

De-identification of Data using Pseudonyms (Pseudonymisation) Policy De-identification of Data using Pseudonyms (Pseudonymisation) Policy Version: 2.0 Page 1 of 7 Partners in Care This is a controlled document. It should not be altered in any way without the express permission

More information

DATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff

DATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff DATA PROTECTION IT S EVERYONE S RESPONSIBILITY An Introductory Guide for Health Service Staff 1 Message from Director General Dear Colleagues The safeguarding of and access to personal information has

More information

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE

More information

Health and Social Care Information Centre

Health and Social Care Information Centre Health and Social Care Information Centre Information Governance Assessment Customer: Clinical Audit Support Unit of the Health and Social Care Information Centre under contract to the Royal College of

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review

More information

HOW WE USE YOUR PERSONAL INFORMATION

HOW WE USE YOUR PERSONAL INFORMATION HOW WE USE YOUR PERSONAL INFORMATION Information Leaflet Your Health. Our Priority. Page 2 of 9 Introduction This Leaflet explains why the NHS collects information about you and how it is used, your right

More information

Human Resources Policy documents. Data Protection Policy

Human Resources Policy documents. Data Protection Policy Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and

More information

Access to Health Records

Access to Health Records Access to Health Records Crown Heights Medical Centre Procedure Access to Health Records ACCESS TO MEDICAL RECORDS (DATA PROTECTION) POLICY INTRODUCTION The Access to Health Records Act 1990 gave individuals

More information

X NSW/ACT X NT X QLD X SA X TAS X VIC X WA

X NSW/ACT X NT X QLD X SA X TAS X VIC X WA 1. Please complete this form USING BLACK INK and write within the boxes in CAPITAL LETTERS. Mark appropriate answer boxes with a CROSS. Start at the left of each answer space and leave a gap between words.

More information

your hospitals, your health, our priority STANDARD OPERATING PROCEDURE: Safe Haven Procedure TW10-110 SOP 3 SOP NO: VERSION NO:

your hospitals, your health, our priority STANDARD OPERATING PROCEDURE: Safe Haven Procedure TW10-110 SOP 3 SOP NO: VERSION NO: STANDARD OPERATING PROCEDURE: Safe Haven Procedure SOP NO: VERSION NO: APPROVING COMMITTEE: DATE THIS VERSION APPROVED: TW10-110 SOP 3 3 Information Governance Committee July 2013 RATIFYING COMMITTEE:

More information

Patient Information Whose information is it anyway? Your health records

Patient Information Whose information is it anyway? Your health records Patient Information Whose information is it anyway? Your health records Derriford Hospital Derriford Road Plymouth PL6 8DH Tel: 0845 155 8155 www.plymouthhospitals.nhs.uk Your health record We ask you

More information

Portable Devices and Removable Media Acceptable Use Policy v1.0

Portable Devices and Removable Media Acceptable Use Policy v1.0 Portable Devices and Removable Media Acceptable Use Policy v1.0 Organisation Title Creator Oxford Brookes University Portable Devices and Removable Media Acceptable Use Policy Information Security Working

More information

INFORMATION GOVERNANCE STAFF HANDBOOK

INFORMATION GOVERNANCE STAFF HANDBOOK INFORMATION GOVERNANCE STAFF HANDBOOK Contents Why do YOU need to know about Information Governance (IG)?... 2 Keeping Information Safe... 2 Confidentiality... 2 Deciding to Communicate Important Information...

More information

FISHER & PAYKEL PRIVACY POLICY

FISHER & PAYKEL PRIVACY POLICY FISHER & PAYKEL PRIVACY POLICY 1. About this Policy Fisher & Paykel Australia Pty Limited (ABN 71 000 042 080) and its related companies ('we', 'us', 'our') understands the importance of, and is committed

More information

Information Governance Manual Training Booklet

Information Governance Manual Training Booklet Information Governance Manual Training Booklet Introduction This booklet is aimed at staff who do not access a computer whilst working for the Trust. If you have access to a computer, you must complete

More information

Policy Name: Data Protection. Nominated Lead Member of Staff: ICT Manager. Status: Review Cycle: 2 Years. Authorisation: Governing Body

Policy Name: Data Protection. Nominated Lead Member of Staff: ICT Manager. Status: Review Cycle: 2 Years. Authorisation: Governing Body Policy Name: Data Protection Nominated Lead Member of Staff: ICT Manager Status: Review Cycle: 2 Years Authorisation: Governing Body Review Date: June 2017 Data Protection Policy The Governing Body of

More information

The Care Record Guarantee Our Guarantee for NHS Care Records in England

The Care Record Guarantee Our Guarantee for NHS Care Records in England The Care Record Guarantee Our Guarantee for NHS Care Records in England Introduction In the National Health Service in England, we aim to provide you with the highest quality of healthcare. To do this,

More information

Findings from ICO audits and reviews of community healthcare providers. June 2013 to December 2014

Findings from ICO audits and reviews of community healthcare providers. June 2013 to December 2014 Findings from ICO audits and reviews of community healthcare providers June 2013 to December 2014 Introduction The Information Commissioner s Office (ICO) is the regulator responsible for ensuring that

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Version: V1 Ratified by: Operational Management Executive Committee Date ratified: 26 September 2013 Name and Title of originator/author(s): Chris Brady, FOI, Data Protection and

More information

Data Transfer Policy. Data Transfer Policy London Borough of Barnet

Data Transfer Policy. Data Transfer Policy London Borough of Barnet Data Transfer Policy Data Transfer Policy London Borough of Barnet Document Control POLICY NAME Data Transfer Policy Document Description Policy surrounding data transfers (electronic and paper based).

More information

CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY

CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY 1. About this Policy Corporate Travel Management Group Pty Ltd (ABN 52 005 000 895) (CTM) ('we', 'us', 'our') understands the importance of, and is committed

More information

POLICY DOCUMENT. Policy on Mobile / Portable Computing Devices and Data Security. Release: Final Date Created: 3 March 2009

POLICY DOCUMENT. Policy on Mobile / Portable Computing Devices and Data Security. Release: Final Date Created: 3 March 2009 POLICY DOCUMENT Policy on Mobile / Portable Computing Devices and Data Security Release: Final Date Created: 3 March 2009 Owner: David Priest Compiled by: David Priest Document Reference: Page 1 of 8 Printed:

More information

INFORMATION MANAGEMENT & TECHNOLOGY SECURITY POLICY

INFORMATION MANAGEMENT & TECHNOLOGY SECURITY POLICY Information Management & Technology Security Policy INFORMATION MANAGEMENT & TECHNOLOGY SECURITY POLICY POLICY NO IM&T 003 DATE RATIFIED October 2010 NEXT REVIEW DATE October 2013 POLICY STATEMENT/KEY

More information

Data Encryption Policy

Data Encryption Policy Data Encryption Policy Number: THCCGCG36 Version: 01 Executive Summary This Policy defines the Security requirements for data encryption upon laptops, physical media and Secure File Transfer within the

More information

Barnet Partnership Information Sharing Protocol

Barnet Partnership Information Sharing Protocol Barnet Partnership Information Sharing Protocol Information Sharing Protocol V1_0C - FINAL Page 1 of 52 Version 1.0 (FINAL) Contents 1 Background... 4 1.1 The need to share information... 4 2 Scope...

More information

Information Security Policy. Appendix B. Secure Transfer of Information

Information Security Policy. Appendix B. Secure Transfer of Information Information Security Policy Appendix B Secure Transfer of Information Author: Data Protection and Information Security Officer. Version: 0.7 Date: March 2008 Document Control Information Document ID Document

More information

Direct Recruitment Privacy Policy

Direct Recruitment Privacy Policy Direct Recruitment Privacy Policy Direct Recruitment manages personal information in accordance with the Privacy Act 1988 and Australian Privacy Principles (APP). This policy applies to information collected

More information

Data Transfer Policy London Borough of Barnet

Data Transfer Policy London Borough of Barnet London Borough of Barnet DATA PROTECTION 11 Document Control Document Description Data Transfer Policy Version v.2 Date Created December 2010 Status Authorisation Name Signature Date Prepared By: IS Checked

More information

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy

More information

The Newcastle upon Tyne Hospitals NHS Foundation Trust. Occupational Health Records Management and Retention Operational Policy

The Newcastle upon Tyne Hospitals NHS Foundation Trust. Occupational Health Records Management and Retention Operational Policy The Newcastle upon Tyne Hospitals NHS Foundation Trust Occupational Health Records Management and Retention Operational Policy Version No. 1.0 Effective From: 9 October 2013 Expiry Date: 30 September 2016

More information

Information Governance and Risk Stratification: Advice and Options for CCGs and GPs

Information Governance and Risk Stratification: Advice and Options for CCGs and GPs Information Governance and Risk Stratification: Advice and Options for CCGs and GPs 1 NHS England INFORMATION READER BOX Directorate Medical Operations Patients and Information Nursing Policy Commissioning

More information

Information Sharing Policy

Information Sharing Policy Information Sharing Policy REFERENCE NUMBER IG 010 / 0v3 February 2013 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive Committee 5.2.13 REVIEW DUE DATE February 2016 West Lancashire CCG is committed

More information

The Care Record Guarantee Our Guarantee for NHS Care Records in England

The Care Record Guarantee Our Guarantee for NHS Care Records in England The Care Record Guarantee Our Guarantee for NHS Care Records in England January 2011, version 5 Introduction In the National Health Service in England, we aim to provide you with the highest quality of

More information

Introduction to the NHS Information Governance Requirements

Introduction to the NHS Information Governance Requirements Introduction to the NHS Information Governance Requirements 2 Version April 2014 Information Governance ensures necessary safeguards for, and appropriate use of, patient and personal information. The widely

More information

Trust Informatics Policy. Information Governance. Secure Transfer of Information Policy

Trust Informatics Policy. Information Governance. Secure Transfer of Information Policy Trust Informatics Policy Information Governance Policy Reference: 3628 Document Title Author/Contact Document Reference 3628 Document Control Pauline Nordoff-Tate, Information Assurance Manager Document

More information

Information Governance Policy

Information Governance Policy Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its

More information

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE GUIDANCE 1 TITLE: INFORMATION GOVERNANCE FRAMEWORK 2 POLICY AREA: INFORMATION GOVERNANCE 3 ACCOUNTABLE DIRECTOR FOR POLICY AREA: DIRECTOR OF QUALITY AND GOVERNANCE 4 GUIDANCE DRAFTED BY: INTEGRATED GOVERNANCE

More information

PRIVACY POLICY. comply with the Australian Privacy Principles ("APPs"); ensure that we manage your personal information openly and transparently;

PRIVACY POLICY. comply with the Australian Privacy Principles (APPs); ensure that we manage your personal information openly and transparently; PRIVACY POLICY Our Privacy Commitment Glo Light Pty Ltd A.C.N. 099 730 177 trading as "Lighting Partners Australia of 16 Palmer Parade, Cremorne, Victoria 3121, ( LPA ) is committed to managing your personal

More information

Personal Identifiable Data Security Policy

Personal Identifiable Data Security Policy Personal Identifiable Data Security Policy Number: THCCGCG43 Version: 01 Executive Summary This Policy defines the Security requirements for all Staff involved in handling Person Identifiable Data (PID)

More information

Remote Data Extraction Policy and Procedure

Remote Data Extraction Policy and Procedure Remote Data Extraction Policy and Procedure Prepared by PRIMIS June 2015 The University of Nottingham. All rights reserved. Contents 1. Introduction... 3 2. Purpose and scope... 3 3. Policy Statement...

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

TEG Live Privacy Policy

TEG Live Privacy Policy TEG Live Privacy Policy We Respect Your Privacy At TEG Live * the security of personal information that we collect is of utmost importance to us. You can find information about how we handle and manage

More information

SECURITY POLICY REMOTE WORKING

SECURITY POLICY REMOTE WORKING ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY REMOTE WORKING Introduction This policy defines the security rules and responsibilities that apply when doing Council work outside of Council offices

More information

NHS HDL (2006)41 abcdefghijklm. = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé

NHS HDL (2006)41 abcdefghijklm. = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé NHS HDL (2006)41 abcdefghijklm = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé Dear Colleague NHSSCOTLAND INFORMATION SECURITY POLICY Summary 1. NHSScotland IT Security Policy was

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

Information Governance

Information Governance Information Governance What you will learn in this session? 1. Principles of Information Governance and their application to health and social care organisations 2. Accessing Information Governance resources

More information

Version: 2.0. Effective From: 28/11/2014

Version: 2.0. Effective From: 28/11/2014 Policy No: OP58 Version: 2.0 Name of Policy: Anti Virus Policy Effective From: 28/11/2014 Date Ratified 17/09/2014 Ratified Health Informatics Assurance Committee Review Date 01/09/2016 Sponsor Director

More information

Annual Continuing Education (ACE) (Print version) Information Privacy and I.T. Security and Compliance

Annual Continuing Education (ACE) (Print version) Information Privacy and I.T. Security and Compliance Annual Continuing Education (ACE) (Print version) Information Privacy and I.T. Security and Compliance Information Privacy and IT Security & Compliance The information in this module in addition to the

More information

RD SOP17 Research data management and security

RD SOP17 Research data management and security RD SOP17 Research data management and security Version Number: V2 Name of originator/author: Dr Andy Mee, R&I Manager Name of responsible committee: R&I Committee Name of executive lead: Medical Director

More information

OLD HALL SURGERY COMPLAINTS PROCEDURE (FORM 1)

OLD HALL SURGERY COMPLAINTS PROCEDURE (FORM 1) (FORM 1) WE OPERATE A PRACTICE AS PART OF THE N.H.S. SYSTEM FOR DEALING WITH COMPLAINTS. OUR SYSTEM MEETS NATIONAL CRITERIA. OUR AIM IS TO GIVE YOU THE HIGHEST POSSIBLE STANDARD OF SERVICE AND WE TRY TO

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1 Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees

More information

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee

More information

Data Protection and Data security Policy

Data Protection and Data security Policy Data Protection and Data security Policy Statement of policy and purpose of Policy 1. Somer Valley Community Radio Ltd (the Employer) is committed to ensuring that all personal information handled by us

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

Information Governance Plan

Information Governance Plan Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.

More information

Information Governance Policy

Information Governance Policy Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY

More information

Information Management for Medical Revalidation in England

Information Management for Medical Revalidation in England Information Management for Medical Revalidation in England www.revalidationsupport.nhs.uk Contents Page 1. Introduction 3 2. Information flows 4 The doctor 5 The appraiser 5 The responsible officer 6 New

More information

Easy Participation for Healthcare Professionals

Easy Participation for Healthcare Professionals Easy Participation for Healthcare Professionals Electronic Health Record Sharing System Welcome to Join www.ehealth.gov.hk 3467 6230 What is an Electronic Health Record (ehr)? An electronic health record

More information

NHSScotland is improving the way it uses information from GP patient records.

NHSScotland is improving the way it uses information from GP patient records. NHSScotland is improving the way it uses information from GP patient records. It helps me. GP, Lanark. And us. SPI27400 8pp A5 leaflet.indd 1 31/07/2015 17:11 A change for the better. From Autumn 2015

More information

Information Governance. and what it means for you

Information Governance. and what it means for you Information Governance and what it means for you 1 Content Introduction 3 Who are we? 4 What is Information Governance? 4 Purpose of Holding Information 5 Confidentiality and Security 5 Accuracy of Information

More information

Secure Storage, Disposal and Destruction of Electronic Equipment and Media Policy

Secure Storage, Disposal and Destruction of Electronic Equipment and Media Policy Secure Storage, Disposal and Destruction of Electronic Equipment and Media Policy Page 1 of 8 Secure Storage, Disposal and Destruction of Electronic Equipment and Media Policy EXECUTIVE SUMMARY Key Messages

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting

More information

Best practice guidance for information security within Choose and Book May 2009

Best practice guidance for information security within Choose and Book May 2009 Best practice guidance for information security within Choose and Book May 2009 Best practice guidance for information security within Choose and Book This guidance has been prepared to help organisations

More information

Privacy Policy. Board for Lutheran Education Australia. Policy. Purpose. Exclusion

Privacy Policy. Board for Lutheran Education Australia. Policy. Purpose. Exclusion Policy Relevant to Responsible officer Contact officer Authorisation Date introduced March 2014 Effective date of latest version March 2014 Next review date March 2017 Relevant legislation or source Board

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name Introduction Removable Media and Mobile Device Policy Removable media and mobile devices are increasingly used to enable information access

More information

Security Awareness. A Supplier Guide/Employee Training Pack. May 2011 (updated November 2011)

Security Awareness. A Supplier Guide/Employee Training Pack. May 2011 (updated November 2011) Security Awareness A Supplier Guide/Employee Training Pack May 2011 (updated November 2011) Contents/Chapters 1. How do I identify a DWP asset 2. Delivering on behalf of DWP - Accessing DWP assets 3. How

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19 Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility

More information

Data Quality Policy. March 2015 POLICY DEVELOPMENT PROCESS. Data Quality Policy Page 1

Data Quality Policy. March 2015 POLICY DEVELOPMENT PROCESS. Data Quality Policy Page 1 Data Quality Policy March 2015 Author: Lynda Harris, Head of Information Governance LyndaHarris2@nhs.net Responsibility: All Staff Effective Date: March 2015 Review Date: March 2017 Reviewing/Endorsing

More information

Data Protection and Information Security Policy and Procedure

Data Protection and Information Security Policy and Procedure Data Protection and Information Security Policy and Procedure Document Detail Category: Data Protection Authorised By: Full Governing Body Author: School Business Manager Version: 1 Status: Approved May

More information

ST IVES CHAMBERS POLICY ON THE COLLECTION AND USE OF DIVERSITY DATA

ST IVES CHAMBERS POLICY ON THE COLLECTION AND USE OF DIVERSITY DATA ST IVES CHAMBERS POLICY ON THE COLLECTION AND USE OF DIVERSITY DATA 1. This is the Data Diversity Policy for St Ives Chambers which is established in accordance with RC110 (section D1.2 Equality and diversity)

More information

Tenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014

Tenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014 Tenth Judicial Circuit of Florida Information Systems Acceptable Use s Polk, Hardee and Highlands Counties as of January 2014 The following guidelines define the acceptable use of information technology

More information

Accessing Personal Information on Patients and Staff:

Accessing Personal Information on Patients and Staff: Accessing Personal Information on Patients and Staff: A Framework for NHSScotland Purpose: Enabling access to personal and business information is a key part of the NHSScotland Information Assurance Strategy

More information

PART 1 PERSONAL AND CREDIT INFORMATION PRIVACY POLICY Document Purpose

PART 1 PERSONAL AND CREDIT INFORMATION PRIVACY POLICY Document Purpose Tyro Payments Privacy Policy Version 2.0 PART 1 PERSONAL AND CREDIT INFORMATION PRIVACY POLICY Document Purpose The purpose of this Privacy Policy is to provide a summary of how, why and when personal

More information

Information Security Assurance Plan 2015/16

Information Security Assurance Plan 2015/16 Information Security Assurance Plan 2015/16 Policy number: N/A Version 2.0 Approved by Name of author/originator Owner (Exec Director) Date of approval August 2015 Date of last review July 2015 Next due

More information

Data and Information Security Policy

Data and Information Security Policy St. Giles School Inspire and achieve through creativity School Policy for: Date: February 2014 Data and Information Security Policy Legislation: Policy lead(s) The Data Protection Act 1998 (with consideration

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Policy for the electronic transfer of Person Identifiable Data - harmonised Version: 5 Reference Number: CO51 Supersedes Supersedes: 4 Description of Amendment(s):

More information

Information Governance in Dental Practices. Summary of findings from ICO reviews. September 2015

Information Governance in Dental Practices. Summary of findings from ICO reviews. September 2015 Information Governance in Dental Practices Summary of findings from ICO reviews September 2015 Executive summary The Information Commissioner s Office (ICO) is the regulator responsible for ensuring that

More information

We will not collect, use or disclose your personal information without your consent, except where required or permitted by law.

We will not collect, use or disclose your personal information without your consent, except where required or permitted by law. HSBC Privacy Notice HSBC's Privacy Principles HSBC Bank Canada is a subsidiary of HSBC Holdings plc which, together with its subsidiaries and affiliates, is one of the world s largest banking and financial

More information

Corporate Affairs Overview and Scrutiny Committee

Corporate Affairs Overview and Scrutiny Committee Agenda item: 4 Committee: Corporate Affairs Overview and Scrutiny Committee Date of meeting: 29 January 2009 Subject: Lead Officer: Portfolio Holder: Link to Council Priorities: Exempt information: Delegated

More information