CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE"

Transcription

1 This document is uncontrolled once printed. Please check on the CCG s Intranet site for the most up to date version CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE Document Title: Contracts Review for Information Governance Compliance Procedure Issue Date: 19 th November 2015 Version 1.1 Page 1 of 13

2 Document Information Document Name: Contracts review for information governance compliance procedure Location: Consultation: Intranet Information Governance Steering Group Approved by: Information Governance Steering Group 19 th November 2015 Supersedes: Version 1.0 Description: Audience: Contact details: Procedure to review contracts to identify if appropriate and adequate information governance and confidentiality clauses have been used. All Staff South East CSU Information Change History Version Date Author Approver Reason Jan 2014 NHS South London Information Governance Initial draft version CSU Information Steering Group Feb NHS South London Information Governance Formatting 2014 CSU Information Steering Group 1.1 Oct 2015 NHS South East CSU Information Governance Reapproval Information Steering Group Governance and NHS Lambeth Clinical Commissioning Group This document supersedes all pre-existing Contract Review procedures. This procedure applies to all staff of NHS Lambeth Clinical Commissioning Group. Details of the Equality & Equity Impact Assessment Checklist can be found in Annexe A Page 2 of 13

3 Table of Contents 1.0 Introduction Data Controller versus Data Processor Equality and Human Rights Statement Roles and Responsibilities Senior Information Risk Owner Caldicott Guardian Information Asset Owners NHS South East Commissioning Support Unit Contracts Manager NHS South East Commissioning Support Unit Information Governance Manager Procedure Procedure audit and monitoring compliance Statement of evidence/references Implementation and dissemination of document... 7 Appendix 1 - Equality & Equity Impact Assessment Checklist... 8 Appendix 2 Contract Checklist Guidance... 9 Page 3 of 13

4 Document Consultation Record Version Date Name Post Organisation Comments January 2014 IGSG IGSG NHS Lambeth CCG Formatting 1.1 October 2015 IGSG IGSG NHS Lambeth CCG Equality Impact Assessment updated Page 4 of 13

5 1.0 Introduction This procedure sets out the principles by which NHS Lambeth Clinical Commissioning Group (CCG) will develop, manage and review the management of contracts across the organisation. The CCG is a Data Controller as defined by the Data Protection Act 1998 and as such must ensure that all contracts that it signs which involve the use of patient confidential data (PCD) have been reviewed for compliance. This is also an Information Governance Toolkit requirement which NHS Lambeth CCG must complete to Level 2 in all requirements. Level 2 for this requirement requires all contractors or support organisations (including non-clinical staff) with access to the organisation s information assets have been identified and appropriate clauses for inclusion in contracts have been developed. 2.0 Data Controller versus Data Processor In law, the Data Controller is described (Data Protection Act 1998) as the organisation or individual which determines use of the data, i.e. they are responsible to the data subject (the patient) for ensuring their data is appropriately looked after. In the Data Protection Act 1998, the Data Processor acts only on the instruction of the Data Controller and this MUST be under a legally binding contract. The Data Controller must also have risk assessed the data to be processed. In health terms, given the myriad uses and flows of data that could potentially be within a contract, this means data flow mapping the data in each contract. 3.0 Equality and Human Rights Statement Promoting equality, eliminating unfairness and unlawful discrimination, and treating colleagues, partners and the public with dignity and respect are fundamental to successful performance by all staff in the CCG. This includes the Governing Body who are all expected to actively promote equality and human rights and challenge racism, homophobia and other forms of discrimination through their activities and support others to do the same. All staff are expected to work with others on effective approaches to ensure strategies, policies and activities promote and demonstrate equality and human rights. Equality Impact Assessment and Equality Analysis are to be used as part of developing and monitoring proposals and projects for their impact on equality and equity. All staff of NHS Lambeth CCG, including the Governing Body are required to abide by all equality and human rights legislation and good practice, and will receive appropriate training and support to do so. Page 5 of 13

6 4.0 Roles and Responsibilities 4.1. Senior Information Risk Owner The Senior Information Risk Owner (SIRO) is responsible for ensuring that all risks are accounted for and mitigated. Information risks identified as a result of the contract reviews will be reported to the SIRO to provide assurance to the Governing Body Caldicott Guardian The Caldicott Guardian is the patient voice in the organisation and works to ensure confidentiality and appropriate use of personal confidential data (PCD) is paramount in all activities of the CCG Information Asset Owners Information Asset Owners (Directors) are responsible for ensuring all contracts in their Directorate have been reviewed and any information risks added to the directorate risk register are worked through to ensure appropriate mitigation as required. This assures the SIRO that the information risk in contracts is being appropriately mitigated NHS South East Commissioning Support Unit Contracts Manager The NHS South East Commissioning Support Unit (SECSU) Contracts Manager is responsible for ensuring that all contracts are reviewed to the required standard and appropriate review dates are entered into the master corporate contracts list NHS South East Commissioning Support Unit Information Governance Manager The SECSU Information Governance Manager is to review all contracts for information governance compliance including non-commissioning contracts e.g. premises contracts. 5.0 Procedure Contracts must be reviewed for information governance compliance by the information governance lead for the CCG with the assistance from the SECSU IG Manager as required. Risks identified must be added to the appropriate risk register and worked through to the appropriate level of mitigation in line with the risk policy of the CCG. All contracts will be entered into the CCG contracts register. Data Flow Mapping of ALL flows of data must be covered by the contract. The IG Contract Checklist (Appendix 2) must be completed by the contract lead. Page 6 of 13

7 6.0 Procedure audit and monitoring compliance MONITORING/ AUDIT REQUIREMENT Training record for CCG staff for Mandatory and Statutory Information Governance Training Contract review audit Developing and maintaining the contract log Contract review update report MONITORING/ AUDIT METHOD Training records/ Training Needs Analysis Inspection record/ risk assessment Contract log Reports and minutes of meetings to confirm receipt MONITORING REPORT/ AUDIT PREPARED BY NHS South East CSU Information NHS South East CSU Information NHS South East CSU Information NHS South East CSU Information MONITORING REPORT/ AUDIT PRESENTED TO Information Governance Steering Group Information Governance Steering Group Information Governance Steering Group Information Governance Steering Group FREQUENCY OF MONITORIN REPORT/ AUDIT Annually At least quarterly Quarterly Quarterly 7.0 Statement of evidence/references The Data Protection Act 1998 Health and Social Care Act 2012 The NHS Health and Social Care Information Centre Information Governance Toolkit (IGT) 8.0 Implementation and dissemination of document Following ratification, the Contract Review Procedure will be uploaded onto the CCG intranet. Awareness of the policy will be checked through a staff survey and spot checks on at least an annual basis. Page 7 of 13

8 Appendix 1 - Equality & Equity Impact Assessment Checklist EQUALITY IMPACT ASSESSMENT INITIAL SCREENING The CCGs Equality and Human Rights Statement is included in Section 3 of this document. This information is also included in CCG job descriptions. The purpose of this assessment is to assess the likely (or actual) effects of this policy on people in respect of disability, gender, including gender identity, racial equality and wider equality areas including looking for opportunities to promote equality, as well as negative or adverse impacts that can be removed or mitigated. A full impact assessment will normally be required if you have answered YES to one or more of questions 1, 2 and 3 below. 1 Does the policy meet any of the following duties/needs: Eliminate unlawful discrimination, harassment and victimisation. Advance equality of opportunity between people who share a protected characteristic and those who do not. Foster good relations between people who share a protected characteristic and those who do not. 2 Is there any evidence or reason to believe that the policy, strategy or project could have an adverse or negative impact on any group/s*? 3 Is there any evidence or other reason to believe that different groups* have different needs and experiences that this policy is likely to assist i.e. there might be a relative adverse effect on other groups? 4 Has prior consultation taken place with organisations or groups* which has indicated a pre-existing problem which this policy, strategy, service redesign or project is likely to address? No No No No No No * Race/ ethnicity, gender (including gender reassignment) age, religion or belief, disability, sexual orientation, marriage or civil partnership, pregnancy and maternity. This will include groups such as refugees and asylum seekers, new migrants, Gypsy and Traveller communities; and people with long term conditions, hearing or visual impairment Page 8 of 13

9 Appendix 2 Contract Checklist Guidance The recent Caldicott review of Information Governance To Share or Not to Share recommended that all third party contracts contained a minimum set of clauses where regards Patient Confidential Data (PCD). 1 The review also described four key stages to contracting for PCD and in the lifecycle of a contract: 1. Pre-contract checks and procurement arrangements 2. Legal provisions of the contract and any data sharing agreements subject to it 3. Contract performance management nominated manager and audit requirements/resources 4. Contract exit management Other recommendations included: Sign off by senior responsible owner Schedule provisions for change and authority to change This checklist serves as a first part of the process towards confirming that a contract contains the relevant terms and conditions to protect PCD, and to ensure that appropriate indemnity is provided against the activities of the Data Processor or service provider. Data Controller versus Data Processor In law, the Data Controller is described (Data Protection Act 1998) as the organisation or individual which determines use of the data. I.e. they are responsible to the data subject (the patient) for ensuring their data is appropriately looked after. In the Data Protection Act 1998, the Data Processor acts only on the instruction of the Data Controller and this MUST be under a legally binding contract. The Data Controller must also have risk assessed the data to be processed. In health terms, given the myriad of uses and flows of the data that could potentially be within a contract, this means data flow mapping the data in each contract. 1 Information Governance Review Page 9 of 13

10 Contract Checklist This checklist is taken directly from the Information Governance Review March 2013, accessible at Contract/Supplier Name: Synopsis of use of information and types of information used: Date Checklist Completed: Senior Responsible Owner: Required clause/areas covered by contract 1. If possible, please attach or provide a map of data flows, ie where information will travel from and to, and what the information might contain (it is ok to embed that here in the notes box) 2. Does the contract define who are the Data Controller and Data Processor and the relationship between the parties? 3. Is there a clause requiring the Data Processor to act only on instruction from the Data Controller and that no further processing or changed processing should take place without the permission of the DC? 4. Does the contract define the scope and terms of the agreement properly? 5. Does the contract include named service level agreements or data sharing agreements? 6. Are definitions of terminology included in the contract and are they fully inclusive and adequate? 7. Does the contract define the law under which the contract operates (e.g. England, Wales, Scotland etc.)? 8. Does the contract include any duty to cooperate with other parties? 9. Does the contract include a definition of the legal basis for processing each type of data, with a restriction clearly specified for only that data to be used under the instruction of the Data Controller? 10. Is there a clause which includes the confidentiality and protection of commercially sensitive information? 11. Is there an included agreement to be subject to audit, including sub-contractors and provide information in a reasonable Included y/n/na Notes/Comments (text in RED denotes a risk and area that must be attended to) Page 10 of 13

11 Required clause/areas covered by contract Included y/n/na Notes/Comments (text in RED denotes a risk and area that must be attended to) timescale? 12. Are there any changes to fair processing responsibilities required and if so are they detailed in the contract? 13. Are any policies relevant to the contract and the requirement to follow/adhere to those policies and procedures included in the contract terms? 14. The contract should include timely communication of transfer of information where required to other professionals if this is part of the operation of the service or contract 15. Following on from the above, online access to records and communication of care plans or information where required should be included 16. Does the contract include conformance with specific information and data standards such as ISO or a requirement to keep to Information Governance Toolkit security standards? 17. Is there a requirement for the provider to ensure staff recruitment checks and training take place and there is the inclusion of confidentiality in t&cs of employment? 18. Is there a requirement to maintain information asset registers, data flow mapping and data sets for extraction and reporting and to share them with the Data Controller? 19. Does the contract specify how data will be shared and what the security requirements around around any transfers? 20. Is there clear responsibility for the sharing of requests for information which may fall under the Freedom of Information Act 2000, Environment Information Regulations 2004 and Data Protection Act 1998? This may also include who might take responsibility for clinical audit or audit of the above where required? 21. Does the contract include terms (where necessary) that cover off the provider s responsibilities for: Page 11 of 13

12 Required clause/areas covered by contract Business continuity Disaster recovery Monitoring and audit of access to systems Records management lifecycle 22. If required, are registration authority requirements included in the contract? 23. Does the contract include a change control process, list of officers authorised to make change, and an approvals processes? 24. Does the contract prohibit Sub-contracting unless they are first notified to the Data Controller and subsequently agreed in writing? 25. Does the contract specify the location of data, and/or restrict the territories in which it might be used? 26. Does the contract place on the provider the requirement to immediately report serious incidents and to work with the Data Controller on reporting, monitoring and assistance with the closing of incidents? 27. Does the contract include a dispute resolution process 28. On exit, does the contract specify: What happens to records, and how long is there to move them? What happens on premature exit for data breach, when it is appropriate to stop processing and under what/who s instruction Who has responsibility for destruction and under whose instruction? 29. Does the contract cover the Data Controller for charges, liability and indemnity, remedies and penalties for breach, failure to keep data securely, should there be an ICO fine for which the supplier is negligent? 30. Does the contract include a signature form for responsible signatories? 31. Does the contact include details for significant persons and contacts for day to day management of the service or provision? Included y/n/na Notes/Comments (text in RED denotes a risk and area that must be attended to) Page 12 of 13

13 Required clause/areas covered by contract 32. Please enter any other comments? Included y/n/na Notes/Comments (text in RED denotes a risk and area that must be attended to) Page 13 of 13

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:

More information

Policy Information Management

Policy Information Management Policy Information Management Document Title: Policy Information Management Issue date: October 2013 Document Status: Approved IGC 23 Oct 2013 Review date: October 2014 Page 1 of 17 Document control Document

More information

Information Management Policy CCG Policy Reference: IG 2 v4.1

Information Management Policy CCG Policy Reference: IG 2 v4.1 Information Management Policy CCG Policy Reference: IG 2 v4.1 Document Title: Policy Information Management Document Status: Final Page 1 of 15 Issue date: Nov-2015 Review date: Nov-2016 Document control

More information

BUSINESS CONTINUITY MANAGEMENT POLICY

BUSINESS CONTINUITY MANAGEMENT POLICY This document is uncontrolled once printed. Please check on the CCG s Intranet site for the most up to date version BUSINESS CONTINUITY MANAGEMENT POLICY DOCUMENT CONTROL Type of Document Document Title

More information

JOB DESCRIPTION. Information Governance Manager

JOB DESCRIPTION. Information Governance Manager JOB DESCRIPTION POST TITLE: Information Governance Manager DIRECTORATE: ACCOUNTABLE TO: BAND: LOCATION: CSS Head of Information Governance 8a CSS Job Purpose The Information Governance Manager will ensure

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

Information Governance Policy

Information Governance Policy Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version

More information

INFORMATION ASSURANCE DOCUMENTED PLAN

INFORMATION ASSURANCE DOCUMENTED PLAN NHS South West Lincolnshire Clinical Commissioning Group (CCG) INFORMATION ASSURANCE DOCUMENTED PLAN Document History: Document Reference: Document Purpose: IG18 To provide guidance to all CCG staff about

More information

INFORMATION ASSURANCE DOCUMENTED PLAN

INFORMATION ASSURANCE DOCUMENTED PLAN INFORMATION ASSURANCE DOCUMENTED PLAN Document Reference: Document Purpose: IG20 Date Approved: Approving Committee: To provide guidance to all CCG staff about the CCG s documented plan for Information

More information

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17 Proforma: Information Policy Security & Corporate Policy Procedures Status: Approved Next Review Date: April 2017 Page 1 of 17 Issue Date: June 2014 Prepared by: Information Governance Senior Manager Status:

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version

More information

Policies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1

Policies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1 Policies for: Information Governance Information Quality Information Management Information Security Approved by: None this version Date approved: Name of originator/author: Ade Oduntan, Mike Hellier,

More information

Information Governance Strategy 2015/16

Information Governance Strategy 2015/16 Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy

More information

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety

More information

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Final No impact Document Ratified/Approved By Hartlepool

More information

NHS Waltham Forest Clinical Commissioning Group Information Governance Policy

NHS Waltham Forest Clinical Commissioning Group Information Governance Policy NHS Waltham Forest Clinical Commissioning Group Information Governance Policy Author: Zeb Alam & David Pearce Version 3.0 Amendments to Version 2.1 Updates made in line with National Guidance and Legislation

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September

More information

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South

More information

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY ENFIELD CLINICAL COMMISSIONING GROUP INFORMATION GOVERNANCE POLICY PLEASE DESTROY ALL PREVIOUS VERSIONS OF THIS DOCUMENT Enfield CCG Information Governance Policy Information Governance Policy (Policy

More information

IG: Third Party Contracts and Contractors Policy

IG: Third Party Contracts and Contractors Policy IG: Third Party Contracts and Contractors Policy Document Summary This policy provides guidance on the Information Governance arrangements that need to be considered and / or implemented when engaging

More information

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff. Information Governance Policy 1 SUMMARY This policy is intended to ensure that staff are fully aware of their Information Governance (IG) responsibilities, so that they can effectively manage and best

More information

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs NOTE: This is a CONTROLLED Document. Any documents appearing in paper

More information

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy

More information

Information Communication and Technology Management. Framework

Information Communication and Technology Management. Framework Information Communication and Technology Management Framework Author(s) Andrew Thomas Version 1.0 Version Date 24 September 2013 Implementation/approval Date 25 September 2013 Review Date September 2014

More information

May STEPHENSON COLLEGE EQUALITY and DIVERSITY POLICY For review in 2019

May STEPHENSON COLLEGE EQUALITY and DIVERSITY POLICY For review in 2019 STEPHENSON COLLEGE EQUALITY and DIVERSITY POLICY For review in 2019 1 Contents: 1. Purpose 2. Scope 3. Policy Statement and Commitment 4. The Legislative Framework 5. Definitions 6. Responsibilities 7.

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying

More information

SUBJECT ACCESS REQUEST PROCEDURE

SUBJECT ACCESS REQUEST PROCEDURE This document is uncontrolled once printed. Please check on the CCG s Intranet site for the most up to date version SUBJECT ACCESS REQUEST PROCEDURE DOCUMENT CONTROL Type of Document Document Title Description:

More information

Mental Health Act Code of Practice. Professions and Care Standards Liz Johnson - Head of Equality and Inclusion. Group

Mental Health Act Code of Practice. Professions and Care Standards Liz Johnson - Head of Equality and Inclusion. Group Policy: Equality and Human Rights Executive or Associate Director lead Policy author/ lead Feedback on implementation to Liz Lightbown - Executive Director of Nursing, Professions and Care Standards Liz

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading

More information

Information Governance Standards in Relation to Third Party Suppliers and Contractors

Information Governance Standards in Relation to Third Party Suppliers and Contractors Information Governance Standards in Relation to Third Party Suppliers and Contractors Document Summary Ensure staff members are aware of the standards that should be in place when considering engaging

More information

Information Governance Management Framework

Information Governance Management Framework Information Governance Management Framework Document Status: Approved Version: v 1.3 DOCUMENT CHANGE HISTORY Version Date Comments (i.e. viewed, or reviewed, amended, approved by person or committee v1.0

More information

CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY. December 2014

CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY. December 2014 CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY December 2014 DOCUMENT INFORMATION Author: Barbara Sansom Information Governance Manager Equality Impact Assessment Consultation & Approval

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:

More information

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of

More information

NHS Commissioning Board: Information governance policy

NHS Commissioning Board: Information governance policy NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION

More information

Subject Access Request (SAR) Procedure

Subject Access Request (SAR) Procedure Subject Access Request (SAR) Procedure East and North Hertfordshire Clinical Commissioning Group Page 1 of 16 DOCUMENT CONTROL SHEET Document Owner: Chief Finance Officer Document Author(s): Anne Ephgrave

More information

Information Governance Strategy :

Information Governance Strategy : Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update

More information

NHS Waltham Forest Clinical Commissioning Group Information Governance Strategy

NHS Waltham Forest Clinical Commissioning Group Information Governance Strategy NHS Waltham Forest Clinical Commissioning Group Governance Strategy Author: Zeb Alam, CCG IG Lead, (NELCSU) David Pearce, Head of Governance, WFCCG Version 3.0 Amendments to Version 2.1 Annual Review Reference

More information

Information Governance Framework and Strategy. November 2014

Information Governance Framework and Strategy. November 2014 November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet

More information

SUBJECT ACCESS REQUEST PROCEDURE

SUBJECT ACCESS REQUEST PROCEDURE SUBJECT ACCESS REQUEST PROCEDURE Document History Document Reference: Document Purpose: IG31 This procedure sets out the responsibility for staff when receiving requests for information provided under

More information

EQUALITY AND DIVERSITY POLICY

EQUALITY AND DIVERSITY POLICY Equality and Diversity Policy V1.2 Final 2015 33 30 EQUALITY AND DIVERSITY POLICY Author: Date of Release: 08 September 2015 Version No. & Status: V1.2 Final 2015 11 30 Approved By: Executive Management

More information

Equality and Diversity Policy. Deputy Director of HR Version Number: V.2.00 Date: 27/01/11

Equality and Diversity Policy. Deputy Director of HR Version Number: V.2.00 Date: 27/01/11 Equality and Diversity Policy Author: Deputy Director of HR Version Number: V.2.00 Date: 27/01/11 Approval and Authorisation Completion of the following signature blocks signifies the review and approval

More information

Information Security Policy

Information Security Policy Information Security Policy JUNE 2014 Author Responsibility Lynda Harris, Head of Information Governance, Central Eastern CSU, Bedfordshire and Luton All staff Effective Date June 2014 Review Date June

More information

This Policy supersedes the following Policy, which must now be destroyed :

This Policy supersedes the following Policy, which must now be destroyed : Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Removable Media: Data Encryption Policy NTW(O)30 Lisa Quinn Executive Director of Performance and Assurance Sue

More information

Information Governance Framework

Information Governance Framework Information Governance Framework Authorship: Chris Wallace, Information Governance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date: March

More information

Initial Equality Impact Assessment

Initial Equality Impact Assessment Initial Equality Impact Assessment Department Service Area Date 20/10/11 This Initial EqIA will help you to analyse equality in the context of your policy, practice or function. The assessment is a useful

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):

More information

NHS North Derbyshire CCG Equality Objectives

NHS North Derbyshire CCG Equality Objectives NHS North Derbyshire CCG Equality Objectives 2013-2015 NHS North Derbyshire CCG has a duty to publish its Equality Objectives by no later than October 13 th 2013 Background: Equality Act 2010 and Public

More information

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE GUIDANCE 1 TITLE: INFORMATION GOVERNANCE FRAMEWORK 2 POLICY AREA: INFORMATION GOVERNANCE 3 ACCOUNTABLE DIRECTOR FOR POLICY AREA: DIRECTOR OF QUALITY AND GOVERNANCE 4 GUIDANCE DRAFTED BY: INTEGRATED GOVERNANCE

More information

Guidance for NHS commissioners on equality and health inequalities legal duties

Guidance for NHS commissioners on equality and health inequalities legal duties Guidance for NHS commissioners on equality and health inequalities legal duties NHS England INFORMATION READER BOX Directorate Medical Commissioning Operations Patients and Information Nursing Trans. &

More information

Information Governance Policy

Information Governance Policy Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:

More information

Data Protection Policy

Data Protection Policy Issue Date: June 2014 Document Number: POL_1006 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading length; please depending delete other on line length;

More information

FINANCIAL POLICY PAYMENT FOR SUPPLIER INVOICES

FINANCIAL POLICY PAYMENT FOR SUPPLIER INVOICES FINANCIAL POLICY PAYMENT FOR SUPPLIER INVOICES Version 1.0 Important: This document can only be considered valid when viewed on the CCG s intranet/y: Drive. If this document has been printed or saved to

More information

Information Governance Policy

Information Governance Policy Information Governance Policy REFERENCE NUMBER IG 101 / 0v3 May 2012 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive 4.9.12 REVIEW DUE DATE May 2015 West Lancashire CCG is committed to ensuring

More information

SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES

SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES 1 1 Definitions In these conditions:- We means Scotland s Commissioner for Children and Young People,

More information

SCHEDULE 24. Responsible Procurement

SCHEDULE 24. Responsible Procurement Enforcement Operations- Schedule 24 (Responsible Procurement) SCHEDULE 24 Responsible Procurement 1. Scope This Schedule 24 (Responsible Procurement) sets out the provisions with regards to the Responsible

More information

ACCESS TO COLLEGE INFORMATION

ACCESS TO COLLEGE INFORMATION ACCESS TO COLLEGE INFORMATION This document will be made available in other languages and formats upon request from Reaseheath College employees and students (or their parents/carers) Version: 1 Date of

More information

Information Security Policy. Version 2.0

Information Security Policy. Version 2.0 1 Intranet and Website Upload: Intranet Website Keywords: Electronic Document Library CCGs G Drive Location: Location in FOI Publication Scheme Information, Security, Information Governance, IG, Data Protection.

More information

WINSLOW CE COMBINED SCHOOL Policy on Equalities

WINSLOW CE COMBINED SCHOOL Policy on Equalities WINSLOW CE COMBINED SCHOOL Policy on Equalities Legal duties 1. We welcome our duties under the Race Relations 1976 as amended by the Race Relations Amendment Act 2000; the Disability Discrimination Acts

More information

Equality and Diversity Policy

Equality and Diversity Policy Equality and Diversity Policy Introduction 1 Our aim is to be a fair regulator, and a fair employer. Our Equality and Diversity Strategy explains more about how we are trying to meet this aim. 2 We have

More information

SOCIAL MEDIA POLICY. Senior Governance Officer, NHS North of England Commissioning Support Unit Reference No

SOCIAL MEDIA POLICY. Senior Governance Officer, NHS North of England Commissioning Support Unit Reference No SOCIAL MEDIA POLICY Ratified Governance & Risk Committee 08/2015 Status Final Issued August 2015 Approved By Governance and Risk Committee Consultation Governance and Risk Committee Equality Impact Assessment

More information

USE OF PERSONAL MOBILE DEVICES POLICY

USE OF PERSONAL MOBILE DEVICES POLICY Policies and Procedures USE OF PERSONAL MOBILE DEVICES POLICY Date Approved by Information Strategy Group Version Issue Date Review Date Executive Lead Information Asset Owner Author 15.04.2014 1.0 01/08/2014

More information

Information Incident Management. and Reporting Policy

Information Incident Management. and Reporting Policy Information Incident Management and Reporting Policy Policy ID IG10 Version: 1 Date ratified by Governing Body 21/3/2014 Author South CSU Date issued: 21/3/2014 Last review date: N/A Next review date:

More information

RISK MANAGEMENT STRATEGY 2014-17

RISK MANAGEMENT STRATEGY 2014-17 RISK MANAGEMENT STRATEGY 2014-17 DOCUMENT NO: Lead author/initiator(s): Contact email address: Developed by: Approved by: DN128 Head of Quality Performance Julia.sirett@ccs.nhs.uk Quality Performance Team

More information

UXBRIDGE COLLEGE EQUALITY AND DIVERSITY POLICY. Person responsible: Director of Learning and Support Services Director of Human Resources

UXBRIDGE COLLEGE EQUALITY AND DIVERSITY POLICY. Person responsible: Director of Learning and Support Services Director of Human Resources UXBRIDGE COLLEGE EQUALITY AND DIVERSITY POLICY Subject: Equality and Diversity Origination Date: September 2002 Last approved: November 2015 Effective date: November 2015 Person responsible: Director of

More information

Onshore Wind Energy: Supplementary Guidance. Equalities Impact Assessment. March 2012

Onshore Wind Energy: Supplementary Guidance. Equalities Impact Assessment. March 2012 Onshore Wind Energy: Supplementary Guidance Equalities Impact Assessment March 2012 Contents Introduction...3 What is an Equalities Impact Assessment?...3 Assessment...5 Conclusion...9 Introduction This

More information

Equality & Diversity Policy Version number 3.0

Equality & Diversity Policy Version number 3.0 Equality & Diversity Policy Version number 3.0 Lead executive Name / title of author: Janet Wilkinson, Director of HR & OD Juliette Tait, Employee Relations Lead Date reviewed: Target audience: Policy

More information

LONDON AMBULANCE SERVICE NHS TRUST EQUALITY AND INCLUSION IN PROCUREMENT POLICY

LONDON AMBULANCE SERVICE NHS TRUST EQUALITY AND INCLUSION IN PROCUREMENT POLICY LONDON AMBULANCE SERVICE NHS TRUST EQUALITY AND INCLUSION IN PROCUREMENT POLICY VERSION 1 DATED 31-01-2012 Approval and Acceptance Status (Approval or Acceptance) Version Date Authority Approved Final

More information

NHS Fife Equality Impact Assessment

NHS Fife Equality Impact Assessment NHS Fife Equality Impact Assessment Equality Impact Assessment Guidance is available to support this process Contact the Angela Heyes, Equality and Human Rights Lead if support is required to completed

More information

The Newcastle upon Tyne Hospitals NHS Foundation Trust. Employment Policies and Procedures

The Newcastle upon Tyne Hospitals NHS Foundation Trust. Employment Policies and Procedures The Newcastle upon Tyne Hospitals NHS Foundation Trust Employment Policies and Procedures Mobile Telephone and Telephone Expenses Reimbursement Policy Version No.: 1.0 Effective Date: 3 January 2013 Expiry

More information

Policy: Remote Working and Mobile Devices Policy

Policy: Remote Working and Mobile Devices Policy Policy: Remote Working and Mobile Devices Policy Exec Director lead Author/ lead Feedback on implementation to Clive Clarke SHSC Information Manager SHSC Information Manager Date of draft 16 February 2014

More information

NHS Fife Equality Impact Assessment

NHS Fife Equality Impact Assessment NHS Fife Equality Impact Assessment Equality Impact Assessment Guidance is available to support this process Contact the Angela Heyes, Equality and Human Rights Lead if support is required to completed

More information

Information Incident Management and Reporting Procedures

Information Incident Management and Reporting Procedures ` Information Incident Management and Reporting Procedures Compliance with all CCG policies, procedures, protocols, guidelines, guidance and standards is a condition of employment. Breach of policy may

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

The Newcastle upon Tyne Hospitals NHS Foundation Trust

The Newcastle upon Tyne Hospitals NHS Foundation Trust The Newcastle upon Tyne Hospitals NHS Foundation Trust Procedure for Joint Management of Complaints and Safeguarding Concerns within the Newcastle upon Tyne Hospitals NHS Foundation Trust Version No.:

More information

Summary of the Equality Act 2010

Summary of the Equality Act 2010 Equality Act 2010 1 Summary of the Equality Act 2010 The full Equality Act 2010 can be accessed through this link: Equality Act 2010. Introduction and Protected Characteristics The purpose of the Equality

More information

Safe Haven Policy. Equality & Diversity Statement:

Safe Haven Policy. Equality & Diversity Statement: Title: Safe Haven Policy Reference No: 010/IT Owner: Deputy Chief Officer Author Information Governance Lead First Issued On: November 2012 Latest Issue Date: March 2015 Operational Date: March 2015 Review

More information

Surrey & Sussex Healthcare NHS Trust

Surrey & Sussex Healthcare NHS Trust Surrey & Sussex Healthcare NHS Trust An Organisation-wide Policy for Information Governance (IG) Version 1.3 Status Ratified Date Ratified March 2008 Name of Owner Name of Sponsor Group Name of Ratifying

More information

Data Processing Agreement

Data Processing Agreement Data Processing Agreement BETWEEN GP Name and practice address (Hereinafter known as the Data Controller) AND Coventry & Rugby Clinical Commissioning Group, of Christchurch House, Greyfriars Lane, Coventry,

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):

More information

Senior Governance Manager, North of England. North Tyneside CCG Quality and Safety Committee (01/12/15)

Senior Governance Manager, North of England. North Tyneside CCG Quality and Safety Committee (01/12/15) Corporate IG02: Data Quality Version Number Date Issued Review Date V4 07/12/2015 01/01/18 Prepared By: Consultation Process: Senior Governance Manager, North of England Commissioning CCG Quality & Safety

More information

Southwark Council s approach to equality: delivering a fairer future for all

Southwark Council s approach to equality: delivering a fairer future for all Southwark Council s approach to equality: delivering a fairer future for all 1 Contents Foreword from Cllr Mohamed 3 1. Introduction 4 2. Equality at the heart of a fairer future 4 3. What are we required

More information

Accounts Receivable - Guidance to staff responsible for the collection of income following the supply of goods or services V4.0

Accounts Receivable - Guidance to staff responsible for the collection of income following the supply of goods or services V4.0 Accounts Receivable - Guidance to staff responsible for the collection of income following the supply of goods or services V4.0 June 2015 Table of Contents Accounts Receivable - Guidance to staff responsible

More information

NHS Fife Equality Impact Assessment

NHS Fife Equality Impact Assessment NHS Fife Equality Impact Assessment Equality Impact Assessment Guidance is available to support this process Contact Angela Heyes, Equality and Human Rights Lead if support is required to completed the

More information

Policy Ref No: SABP/RISK/0034

Policy Ref No: SABP/RISK/0034 Policy Ref No: SABP/RISK/0034 NAME OF POLICY: Claims Handling Policy Clinical Negligence, Liabilities to Third Parties and Property Expenses Scheme Claims REASON FOR THE POLICY: WHAT THE POLICY WILL ACHIEVE:

More information

Information Governance Strategy. Version No 2.0

Information Governance Strategy. Version No 2.0 Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent

More information

Strategic Equality Plan

Strategic Equality Plan Strategic Equality Plan 2012-2016 This Strategic Equality Plan is available in a variety of alternative or accessible formats. If you would like a copy of this document in an alternative format, please

More information

The Newcastle upon Tyne Hospitals NHS Foundation Trust. Claims Management Policy

The Newcastle upon Tyne Hospitals NHS Foundation Trust. Claims Management Policy The Newcastle upon Tyne Hospitals NHS Foundation Trust Claims Management Policy Version.: 6.0 Effective From: 16 July 2015 Expiry Date: 16 July 2017 Date Ratified: 23 June 2015 Ratified By: Clinical Policy

More information

PROTOCOL FOR DUAL DIAGNOSIS WORKING

PROTOCOL FOR DUAL DIAGNOSIS WORKING PROTOCOL FOR DUAL DIAGNOSIS WORKING Protocol Details NHFT document reference CLPr021 Version Version 2 March 2015 Date Ratified 19.03.15 Ratified by Trust Protocol Board Implementation Date 20.03.15 Responsible

More information

CCG: IG06: Records Management Policy and Strategy

CCG: IG06: Records Management Policy and Strategy Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY Version 1.0 Information Security Policy COR/043/V1.00 March 2016 Version 1.00 1 Subject and version number of document: Serial number: Information Security Policy Version 1.0

More information

3 Aims. 4 Duties (Roles and responsibilities)

3 Aims. 4 Duties (Roles and responsibilities) The Newcastle upon Tyne Hospitals NHS Foundation Trust Centralised Room Booking Policy Version No.: 3.1 Effective From: 31 March 2015 Expiry Date: 31 March 2018 Date Ratified: 3 March 2015 Ratified By:

More information

Network Security Policy

Network Security Policy Department / Service: IM&T Originator: Ian McGregor Deputy Director of ICT Accountable Director: Jonathan Rex Interim Director of ICT Approved by: County and Organisation IG Steering Groups and their relevant

More information