Information Governance Policy

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Information Governance Policy"

Transcription

1 Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual: Target audience: CSU Team Audit Committee/Chief Finance Officer All staff, including temporary staff and contractors 1 of 21

2 VERSION CONTROL Policy Name: Version Valid From Valid To Document Path/Name May May Feb Feb of 21

3 1. Introduction 2. Scope is a vital asset, both in terms of clinical management of individual patients and the efficient planning and management of services and resources. It is therefore of paramount importance to ensure that information is effectively managed and that appropriate policies, procedures, management accountability and structures provide a robust governance framework for information management. This policy provides assurance to the CCG and to individuals that personal information is dealt with legally, securely, efficiently and effectively, in order to deliver the best possible care. The CCG will establish and maintain this policy and the associated procedures to ensure compliance with the requirements contained in the Health and Social Care Centre s (HSCIC) Toolkit. This policy, and its supporting procedures, are fully endorsed by the Board through the production of these documents and their minuted approval. 2.1 This policy covers all aspects of information within the organisation, including but not limited to: Personal - Patient/client/service user information - Employee information Organisational 2.2 This policy covers all aspects of handling information, including but not limited to: Structured record systems paper and electronic Transmission of information fax, , other forms of electronic transmission such as FTP, post and telephone 2.3 This policy covers all information systems purchased, developed and managed by or on behalf of the CCG, and any individual directly employed or otherwise by the CCG. 2.4 The key component underpinning this policy is the annual action plan arising from a baseline assessment against the standards set out in the HSCIC c Toolkit. 2.5 This policy cannot be seen in isolation as information plays a key part in corporate governance, strategic risk, clinical governance, Caldicott principles, service planning, performance and business management. 3 of 21

4 2.6 The policy therefore links into all these aspects of the CCG and should be reflected in these respective strategies/policies. 3. Principles The CCG recognises the need for an appropriate balance between openness and confidentiality in the management and use of information. The CCG fully supports the principles of corporate governance and recognizes its public accountability. It equally places importance on the confidentiality of, and the security arrangements to safeguard, both personal information about patients and staff and commercially sensitive information. The CCG also recognises the need to share patient information with other health organisations and other agencies in a controlled manner consistent with the interests of the patient and, in some circumstances, the public interest. The CCG believes that accurate, timely and relevant information is essential to deliver the highest quality health care. As such it is the responsibility of all CCG employees to ensure and promote the quality of information and to actively use information in decision making processes. There are 4 key interlinked strands to the information governance policy: Openness and transparency Legal compliance security and Risk Quality assurance 3.1 Openness & Transparency The CCG recognises the need for an appropriate balance between openness and confidentiality in the management and use of information. Patients will have access to information relating to their own health care, options for treatment and their rights as patients. There will be clear procedures and arrangements for handling queries from patients and the public. The CCG will have clear procedures and arrangements for liaison with the press and broadcasting media. Integrity of information will be developed, monitored and maintained to ensure that it is appropriate for the purposes intended. Availability of information for operational purposes will be maintained within set parameters relating to its importance via appropriate procedures and computer system resilience. 4 of 21

5 The CCG regards all identifiable information relating to patients as confidential. Compliance with legal and regulatory framework will be achieved, monitored and maintained. The CCG regards all identifiable information relating to staff as confidential except where national policy on accountability and openness requires otherwise. The CCG will ensure that when person identifiable information is shared, the sharing complies with the law, guidance and best practice and both service users rights and the public interest are respected. Non-confidential information relating to the CCG and its services is available to the public through a variety of media, in line with the Freedom of Act and Environmental Regulations. The CCG will establish and maintain policies and procedures to ensure compliance with the Data Protection Act, Human Rights Act, the common law duty of confidentiality and the Freedom of Act and Environmental Regulations. training including awareness and understanding of Caldicott principles and confidentiality, information security, records management and data protection will be mandatory for all staff. governance will be included in induction training for all new staff. 3.2 Legal Compliance The CCG regards all identifiable information relating to patients as confidential. The CCG will undertake or commission annual assessments and audits of its compliance with legal requirements through the IG Toolkit. The CCG regards all person identifiable information relating to staff as confidential, except where national policy on accountability and openness requires otherwise. The CCG will establish and maintain procedures to ensure compliance with the Data Protection Act, Human Rights Act and common law confidentiality. The CCG will establish and maintain procedures for the controlled and appropriate sharing of patient information with other agencies, taking account of relevant legislation (e.g. Health and Social Care Act, Crime and Disorder Act, Protection of Children Act). The CCG has a comprehensive range of procedures supporting the information governance agenda; reference must be made to these alongside this policy. Legal and professional guidance should also be considered where appropriate. 5 of 21

6 3.3 Security and Risk The CCG will establish and maintain procedures for the effective and secure management of its information assets and resources. The CCG will undertake or commission annual assessments and audits of its information and IT security arrangements through the IG Toolkit framework. The CCG will promote effective confidentiality and security practice to its staff through procedures and training. The CCG will establish and maintain incident reporting procedures and will monitor and investigate all reported instances of actual or potential breaches of confidentiality and security. The CCG will establish and maintain Risk Management and reporting procedures and will have in place risk control and monitor all reported information risks. 3.4 Quality Assurance The CCG will establish and maintain procedures for information quality assurance and the effective management of records. The CCG will undertake or commission annual assessments and audits of its information quality and records management arrangements in line with IG toolkit requirements. The CCG will ensure that information is managed throughout its lifecycle of creation, retention, maintenance, use and disposal. The CCG will ensure that information is effectively managed so that it is accurate, up to date, secure, retrievable and available when required. Employees are expected to take ownership of, and seek to improve, the quality of information within their services. quality should be assured at the point of collection. The CCG will promote information quality and effective records management through procedures and training. 4. Responsibilities It is the role of the CCG Board to define the CCG policy in respect of, taking into account legal and NHS requirements. The Board is also responsible for ensuring that sufficient resources are provided to support the requirements of the policy. 6 of 21

7 The Chief Officer as Accountable Officer of the CCG has overall accountability and responsibility for in the CCG and is required to provide assurance, through the Annual Statement that all risks to the CCG, including those relating to information, are effectively managed and mitigated. The Senior Risk Owner (SIRO) is an Executive Director of the CCG Board. The SIRO is expected to understand how the strategic business goals of the CCG will be impacted by information risks. The SIRO will act as an advocate for information risk on the Board and in internal discussions, and will provide written advice to the Accounting Officer on the content of their Annual Statement in regard to information risk. The SIRO will provide an essential role in ensuring that identified information security threats are followed up and incidents managed. They will also ensure that the Board and the Accountable Officer are kept up to date on all information risk issues. The role will be supported by the Midlands and Lancashire Commissioning Support Unit by the Team, the CCG Caldicott Guardian, and a network of Asset Owners and Asset Administrators, although ownership of Risk assessment process will remain with the SIRO. Asset Owners (IAOs) shall ensure that information risk assessments are performed at least once each quarter on all information assets where they have been assigned ownership, following guidance from the SIRO on assessment method, format, content and frequency. IAOs shall submit the risk assessment results and associated plans to the SIRO for review, along with details of any assumptions or external dependencies. Mitigation plans shall include specific actions which expected completion dates, as well as an account of residual risks. The organisation must have a Caldicott Guardian. This role is an amalgamation of management and clinical issues which helps to ensure the involvement of healthcare professionals in relation to achieving improved information governance compliance. The Caldicott Guardian has responsibility for ensuring that all staff comply with the Caldicott Principles and the guidance contained in the Health and Social Care Centre s (HSCIC) document A Guide To Confidentiality in Health and Social Care. The Caldicott Guardian will guide the organisation on confidentiality and protection issues relating to patient information. This role is pivotal in ensuring the balance between maintaining confidentiality standards and the delivery of patient care. The Caldicott Guardian will also advise the Board on progress and major issues as they arise. The Audit Committee is responsible for overseeing day to day issues, developing and maintaining policies, standards, procedures and guidance, coordinating and raising awareness of in the CCG. All managers within the CCG are responsible for ensuring that the policy and supporting procedures are built into local processes to ensure on-going compliance. s are also 7 of 21

8 responsible for ensuring that staff attend mandatory awareness training and refresher training as required. All staff, whether permanent, temporary or contracted, are responsible for ensuring that they are aware of the requirements incumbent upon them and for ensuring that they comply with these on a day to day basis. 5. Training/Awareness governance will be a part of an induction process. All new and existing staff will receive annual mandatory training and guidance on information governance, which will include Caldicott and confidentiality, data protection, information security and Freedom of. 6. Monitoring/Audit The CCG will monitor this policy and related strategies and procedures through the Audit Committee. As assessment of compliance with the requirements of the Toolkit (IGT) will be undertaken each year. The CCG will identify staff to undertake Administrator, Reviewer and User roles as described in the IGT. The Audit Committee will ensure implementation of the Strategy. Annual reports and proposed action/development plans will be presented to the CCG Board for approval prior to submission of the IGT. The policy and associated procedures will be subjected to both internal and external audit reviews. The CCG will ensure that the support infrastructure for the SIRO is in place, and is kept under regular review. 7. Management management across the organisation will be co-ordinated by the Audit Committee. The responsibilities of the Audit Committee will include, but not be limited to: Recommending policies and procedures to the appropriate CCG Board for approval. Recommending the annual submission of compliance with requirements in the IGT and related action plan to the CCG Board for approval. 8 of 21

9 Co-ordinating and monitoring the Strategy across the organisation The Audit Committee will endorse Strategy for the CCG. 8. Improvement Plan The Audit Committee will be responsible for monitoring the improvement plans and associated progress. The improvement plan is fundamental to the organisation achieving the Toolkit. It is essential that the Audit Committee are updated on the progress of the plan and of any associated risks which will affect the organisations ability to achieve IG Toolkit compliance. The Improvement Plan can be found in Appendix Review This policy and associated strategy and procedures will be reviewed on an annual basis or earlier if appropriate, to take into account any changes to legislation that may occur, and/or guidance from the Department of Health and/or NHS Executive. 10. Supporting Procedures Handbook. 9 of 21

10 Appendix A - Management Framework Senior Roles within the CCG Requirement Accountable Officer: Dr Caron Morton, Chief Officer Detail The Chief Officer as Accountable Officer of the Shropshire CCG and has overall accountability and responsibility for in the CCG and is required to provide assurance through the Annual Statement that all risks to the organisation, including those relating to information, are effectively managed and mitigated. Senior Risk Owner: Donna McGrath, Chief Finance Officer The Senior Risk Owner (SIRO) is an Executive Director of Shropshire CCG Board. The SIRO is expected to understand how the strategic business goals of the CCG may be impacted by information risks. The SIRO will act as an advocate for information risk on the Board and in internal discussions, and will provide written advice to the Accountable Officer on the content of their Annual Statement in regard to information risk. The SIRO will provide an essential role in ensuring that identified information security threats are followed up and incidents managed. They will also ensure that the Board and the Accountable Officer are kept up to date on all information risk issues. The role will be supported by the Midlands and Lancashire Commissioning Support Unit Team and the Caldicott Guardian, although ownership of the Risk Agenda will remain with the SIRO. The SIRO will be supported through a network of Asset Owners and Administrators who have been identified and trained throughout the organisation. Caldicott Guardian: Bharti Patel- Smith, Director of & Involvement Organisational Hayley Gidman, Lead (Midlands and Lancashire Commissioning Support Unit) Shropshire CCG Caldicott Guardian has particular responsibility for reflecting patients interests regarding the use of patient identifiable information and to ensure that the arrangements for the use and sharing of clinical information comply with the Caldicott principles. The Caldicott Guardian will advise on lawful and ethical processing of information and enable information sharing. They will ensure that confidentiality requirements and issues are represented at Board level and within the Shropshire CCG overall governance framework. The key purpose of the role is to ensure Shropshire CCG successfully manages the risks associated with & Security. The post holder will ensure the establishment of corporate standards and a consistent CCG wide approach to & Security and will be responsible for assuring the implementation of a range of policies, processes, monitoring audits and training and awareness mechanisms to ensure a high level of compliance with external assessments including the Toolkit, Care Quality Commission and the NHS Litigation Authority. The Senior and Security will also be responsible for the implementation and ongoing development of the SIRO framework, ensuring that IAOs and IAAs fulfil their duties and promote an information risk management approach when dealing with information assets. 10 of 21

11 Key Policies Policies set out the scope and intent of the organisation in relation to the management of. Organisational Ilse Newsome, Deputy Chief Finance Officer Ratification Schedule: Policy Hand Book The key purpose of the role is to ensure Shropshire CCG successfully implements a range of policies, processes, monitoring audits and training and awareness mechanisms to ensure a high level of compliance with & Security. The post holder will ensure the implementation of corporate standards and a consistent organisation wide approach to & Security. Audit Committee 25/02/ /02/2015 Key Bodies A group, or groups, with appropriate authority should have responsibility for the IG agenda. Resources Details of key staff roles Policies are communicated to appropriate staff via the membership of the groups at which they are ratified, and through internal communications utilising the CCGs intranet site and staff briefing announcements. All policies are available on the CCGs shared network drive and on the external website at Audit The Audit Committee is responsible for overseeing day to day Committee issues, developing and maintaining policies, standards, procedures and guidance, coordinating and raising awareness of in the CCG. Dedicated Staff Support Officer Kate Faulkner-Elliott Security Andy Thompson Framework Details of how responsibility and accountability for IG is cascaded through the organisation. Asset Owners Emma Styles Lead Hayley Gidman Asset Owners are senior individuals involved in running the relevant business. The IAOs role is to: - Understand and address risks to the information assets they own ; and - Provide assurance to the SIRO on the security and use of these assets. Asset Owners have been nominated across the whole organisation and have received specialist information risk training to allow them to be effective in their role. 11 of 21

12 Asset Administrators The Asset Administrators and will: - Ensure that policies and procedures are followed - Recognise potential or actual security incidents - Consult their IAO on incident management - Ensure that information assets registers are accurate and maintained up to date. Training and Guidance Staff need clear guidelines on expected working practices and on the consequences of failing to follow policies and procedures. The approach to ensuring that all staff receive training appropriate to their roles should be detailed. Handbook Training for all staff Asset Owners have received specialist information risk training to allow them to be effective in their role. Purpose of the Handbook: To inform staff of the need and reasons for keeping information confidential To inform staff about what is expected of them To protect the Organisation as an employer and as a user of confidential information This Handbook has been written to meet the requirements of: The Data Protection Act 1998 The Human Rights Act 1998 The Computer Misuse Act 1990 The Copyright Designs and Patents Act 1988 A Guide To Confidentiality in Health and Social Care (HSCIC) This Handbook has been produced to protect staff by making them aware of the correct procedures so that they do not inadvertently breach any of these requirements. If the Handbook is breached then this may result in legal action against the individual and/or Organisation as well as investigation in accordance with the Organisation s disciplinary procedures. The Handbook will be disseminated to all staff working for the CCG and they will be required to acknowledge that they have received and understand the document. In future, any new starters to the organisation will receive a copy of this with their contract. Both should be signed and returned to their line manager and kept on file. All staff will receive basic IG training, initially via the Introduction to module of the online training tool (https://www.igtt.hscic.gov.uk/igte/index.cfm). Annual refresher training will then be conducted through face to face training sessions facilitated by the Support Officer. Specialist IG training As required specialist IG training will be provided across the organisation for those staff that are given additional responsibility for IG within their areas. Current specialist training includes: Risk Training Privacy Impact Assessments Caldicott and Data Protection Training 12 of 21

13 Incident Management Clear guidance on incident management procedures should be documented and staff should be aware of their existence, where to find them, and how to implement them. Documented Procedures and Staff Awareness Incident Management in the CCG is covered in the following organisational policies and Procedures: Policy Handbook Staff awareness is raised through the following ways: Staff Induction Training Risk Training Caldicott and Data Protection Training 13 of 21

14 Appendix B CCG Improvement Plan Improvement/Requirement Measurable Action Target Dates Lead/Resources IG Toolkit elements met by this requirement Management Training Delivery of all staff IG training Deliver Face to face refresher IG training within the CCG Implement new starter IG induction Process, including ensuring that the e-learning tool is completed as part of the induction. Sessions booked for: - 31/10/ /11/ /01/2015 Jan/Feb 2015 Joint session between Telford & Wrekin and Shropshire CCGs to catch anyone who has not been able to attend the previous three dates CSU Operational Officer CSU Strategic CCG Resource: All Staff Provide Senior Risk Owner (SIRO) Training November 2014 CSU Operational Security CSU Strategic 14 of 21

15 Improvement/Requirement Measurable Action Target Dates Lead/Resources IG Toolkit elements met by this requirement CCG Resource: SIRO Promotional & Communication Campaign Raise the profile of IG Raise awareness of national IG legislation and guidance Staff Engagement Officer Visual presence within the CCG Base Meet all new CCG new starter s and conduct an IG induction. Development of promotional materials including the design of Screensavers and posters. Ensure the CCG website meets the requirements of privacy and fair processing notices. Bi-monthly IG Newsletter to be issues to all staff Training sessions to cover the legislative background to IG and any changes to guidance that has been issued. Use surveys to understand staffs perception of IG and the general satisfaction levels in relation to the IG communications. December 2014 December 2014 October 2014 CSU Operational Officer CSU Strategic CCG Resource: All Staff Confidentiality & Data Protection Assurance Confidentiality and Security Audits Identification of those areas within the CCG where patient information is routinely accessed and the Contacting all Asset Owners and Assistants to provide updates the processes and systems used within their departments where patient information is regularly accessed. This will be throughout the year. Audit findings to be complete and reported to the CCG by February CSU Operational of 21

16 Improvement/Requirement Measurable Action Target Dates Lead/Resources IG Toolkit elements met by this requirement systems used to do so. Smart Card Audit completed in conjunction with the review of the CCG Asset Registers. Where it identified that staff are accessing patient or confidential information an audit of those accesses will be completed. Ensure that where staff have a smart card that the appropriate role based access codes are on the card and that historical access codes from previous roles have been removed. October 2014 Officer CSU Strategic Security CCG Resource: All Staff Identification of the access controls in place on the systems used by the CCG including the level of monitoring that is undertaken. Testing the information recorded within the Asset Registers as a true and accurate reflection using the Plan, Do, Check, Act model of Security Assurance. Spot Check Audits Contact individual system administrators and/or IT Provider to ensure appropriate controls are in place To be completed during the final review of asset registers for the financial year. Contacting information Assets owners/assistants to review and record any changes from previously. Carryout an Security Audit to test the recorded information. Completing regular spot checks within the CCG offices early morning Checking for hardware unattended from the previous working day February of 21

17 Improvement/Requirement Measurable Action Target Dates Lead/Resources IG Toolkit elements met by this requirement Ensuring all desks adhere to the clear desk policies Reporting all findings to CCG SIRO/IG Lead Following up any actions required Lifecycle Management Where necessary additional training following audit to highlight risks and findings, promoting best practice Shared Drive & Records Management Standards Work with the CCG to move away from the legacy drive and to look to set the standards and structures in place for a CCG shared drive that meets the business needs. (This may not be relevant to all CCGs) Development of best practice guidelines for staff in relation to records management practices to include: Work with the Records Management Lead to determine what the business requirements are and to use this to inform the structure that needs to be implemented. Support the CCG with the ongoing set up of the shared drive providing specialist Records Management advice as required. This will also include make recommendations as required. Ensure folders identified as being unsecure from asset register exercise are held in the appropriate area with restrictions where applicable. Work with the CCG to understand whether they wish to raise awareness of records management best practice or whether they wish to make an organisation decision to implement the nest practice records management Oct 2014 throughout the information asset review work programme actions to be completed as issues are found. CSU Operational Officer CSU Strategic CCG Resource: All Staff National Best Practice for Corporate Records Management 17 of 21

18 Improvement/Requirement Measurable Action Target Dates Lead/Resources IG Toolkit elements met by this requirement - Folder & File Naming Conventions standards as policy. - Version Control - Retention of Records - Destruction of records Security Assurance Project Management & Privacy Requirements Ensuring that the Privacy Impact Assessment process is embedded and that the identification of the need to complete an assessment is met. Ensure that the PIA forms are included within the project initiation procedures and procurement processes. Measures should be taken to raise the awareness of this matter amongst those teams who are involved in the implementation of new projects, processes or services. Communications raising the profile as PIA: - Team Briefings - Newsletters - As part of the Asset Reviews - Training Nov 2014 CSU Operational Officer CSU Strategic Security CCG Resource: Project & Commissioning s Risk Assurance Work Programme Ensure that there is an effectively continued information risk processes; there should be a comprehensively scoped and formally Review the existing list of IAAs and IAOs and update as necessary based on staffing changes and the requirements of the business. Oct 2014 Transfer information from previous Oct 2014 CSU Operational Officer of 21

19 Improvement/Requirement Measurable Action Target Dates Lead/Resources IG Toolkit elements met by this requirement documented programme that considers the security risks to Assets. Asset Register to new template Conduct workshops/drop in sessions for IAAs and IAOs Review of Assets for departments. Transfer information from previous Data Flow Mapping to new template where a data flow had previously been recorded and applicable information had been recorded Oct 2014 CSU Strategic Security CCG Resource: IAO, IAAs and the SIRO Work with IAAs and IAOs to review, update and add to the Data Flow Mapping spreadsheet. Oct 2014 Contracts and sharing Agreements Senior Risk Owner Reports Ensure that contacts and sharing agreements are in place Reports to be sent to the SIRO on a quarterly basis, informing them of Progress against the Risk Work Programme Highlighted areas of information risk Any incidents that have occurred during the previous quarter Provide a checklist and templates which can be used by the CCGs to ensure that all requirements are included and adequately addressed in any new contracts or sharing agreements Review any existing (or new) contracts or sharing agreements (specifically tier 2 Quarterly Nov 2014 as identified via Data Flow Mapping CSU Operational Officer CSU Strategic 19 of 21

20 Improvement/Requirement Measurable Action Target Dates Lead/Resources IG Toolkit elements met by this requirement agreements) against the Sharing checklist Put plans in place to ensure where contracts and agreements are not in place or need amendment that this is done within the IG toolkit reporting year. Security CCG Resource: IAO, IAAs and the SIRO IG Incident Management Establish and implement incident reporting processes in line with the national IG Serious Incident Guidance Work with CCG to ensure adequate, relevant information is recorded regarding the incident/near miss. Update entries made in the reporting tool to reflect investigation and closure of the incident Verify incident severity assessments Support IGSO with the investigation of Level 0 or Level 1 incidents. Operational Officer Strategic Security Support the investigating officer in the investigation of Level 2 incidents. Technology Technology Toolkit Requirements and Business Continuity Requirements Working in conjunction with the IT Lead, to identify the measures that can be taken to obtain appropriate assurance from each of the IT services Ensuring all policies and processes are up to date with the IT Providers. Working with the relevant contacts within the IT Provider for relevant evidence CSU Operational Security CSU Strategic of 21

21 Improvement/Requirement Measurable Action Target Dates Lead/Resources IG Toolkit elements met by this requirement 21 of 21

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):

More information

Information Governance Policy

Information Governance Policy Information Governance Policy REFERENCE NUMBER IG 101 / 0v3 May 2012 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive 4.9.12 REVIEW DUE DATE May 2015 West Lancashire CCG is committed to ensuring

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):

More information

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of

More information

INFORMATION GOVERNANCE POLICY & FRAMEWORK

INFORMATION GOVERNANCE POLICY & FRAMEWORK INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version Version 1 Ratified By Date Ratified PROPOSED FOR APPROVAL 15/11/12 Author(s) Responsible Committee / Officers Date Issue November 2012 Review Date November 2013 Intended

More information

Information Governance Policy

Information Governance Policy BEXLEY CARE TRUST MANAGEMENT MANUAL Title: INFORMATION GOVERNANCE POLICY Originating Department: IT DEPARTMENT Authorised by: Risk Management Committee June 2008 Reference no: CA12 Date of Issue: JANUARY

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: Revised: Consultation: Ratified by: 1.0 Information Governance Committee Governance Committee Date ratified: 19 March 2008 Name of originator/author: David McGrath

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy. Title: Reference No: NHSNYYIG - 007 Owner: Author: INFORMATION GOVERNANCE POLICY Director of Standards First Issued On: September 2010 Latest Issue Date: February 2012 Operational Date: February 2012 Review

More information

Information Governance Strategy. Version No 2.0

Information Governance Strategy. Version No 2.0 Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent

More information

Information Governance Policy

Information Governance Policy Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY

More information

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY Moorland is committed to ensuring that, as far as it is reasonably practicable, the way we provide services to the public and the way we treat

More information

Information Governance Policy. Church Road Medical Practice

Information Governance Policy. Church Road Medical Practice Information Governance Policy Church Road Medical Practice Version No: 1.0 Issue Date: March 2015 INFORMATION GOVERNANCE POLICY 1. Summary Information is a vital asset, both in terms of the clinical management

More information

Information Governance Framework and Strategy. November 2014

Information Governance Framework and Strategy. November 2014 November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

SALISBURY NHS FOUNDATIONTRUST

SALISBURY NHS FOUNDATIONTRUST SALISBURY NHS FOUNDATIONTRUST PAPER SHC 1738 TITLE Information Governance Policy PURPOSE OF PAPER The Information Governance Policy was first approved in April 2005. It is currently due for review to ensure

More information

Information Governance Strategy 2015/16

Information Governance Strategy 2015/16 Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal

More information

Information Governance Framework

Information Governance Framework Information Governance Framework Authorship: Chris Wallace, Information Governance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date: March

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

Surrey & Sussex Healthcare NHS Trust

Surrey & Sussex Healthcare NHS Trust Surrey & Sussex Healthcare NHS Trust An Organisation-wide Policy for Information Governance (IG) Version 1.3 Status Ratified Date Ratified March 2008 Name of Owner Name of Sponsor Group Name of Ratifying

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

Information Governance Strategy :

Information Governance Strategy : Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September

More information

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying

More information

Gloucestershire Hospitals

Gloucestershire Hospitals Gloucestershire Hospitals NHS Foundation Trust TRUST POLICY In the case of hard copies of this policy the content can only be assured to be accurate on the date of issue marked on the document. The Policy

More information

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South

More information

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Name of Policy Author: Name of Review/Development Body: Ratification Body: Ruth Drewett Information Governance Steering Group Committee Trust Board : April 2015 Review date:

More information

Information Governance Strategy. Version No 2.1

Information Governance Strategy. Version No 2.1 Livewell Southwest Information Governance Strategy Version No 2.1 Notice to staff using a paper copy of this guidance. The policies and procedures page of LSW Intranet holds the most recent version of

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY NWAS Information Governance Policy Page: Page 1 of 10 Date of Issue: January 2014 Date of Review February 2015 Recommended by Approved by Information Governance Management

More information

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Final No impact Document Ratified/Approved By Hartlepool

More information

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs NOTE: This is a CONTROLLED Document. Any documents appearing in paper

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting

More information

Information Governance Plan

Information Governance Plan Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:

More information

Information Governance Policy and Management Framework

Information Governance Policy and Management Framework Information Governance Policy and Management Framework Policy Number: IG01 Version: 3.0 Ratified by: Governing Body Date ratified: February 2016 Name of originator/author: Louise Chatwyn Information Governance

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

INFORMATION RISK MANAGEMENT POLICY

INFORMATION RISK MANAGEMENT POLICY INFORMATION RISK MANAGEMENT POLICY DOCUMENT CONTROL: Version: 1 Ratified by: Steering Group / Risk Management Sub Group Date ratified: 21 November 2012 Name of originator/author: Manager Name of responsible

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY POLICY NO IM&T 011 DATE RATIFIED January 2012 NEXT REVIEW DATE January 2015 POLICY STATEMENT/KEY OBJECTIVE: To provide an overarching framework through which Information Governance

More information

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE GUIDANCE 1 TITLE: INFORMATION GOVERNANCE FRAMEWORK 2 POLICY AREA: INFORMATION GOVERNANCE 3 ACCOUNTABLE DIRECTOR FOR POLICY AREA: DIRECTOR OF QUALITY AND GOVERNANCE 4 GUIDANCE DRAFTED BY: INTEGRATED GOVERNANCE

More information

Information Governance Management Framework

Information Governance Management Framework Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date

More information

Policies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1

Policies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1 Policies for: Information Governance Information Quality Information Management Information Security Approved by: None this version Date approved: Name of originator/author: Ade Oduntan, Mike Hellier,

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version

More information

CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY. December 2014

CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY. December 2014 CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY December 2014 DOCUMENT INFORMATION Author: Barbara Sansom Information Governance Manager Equality Impact Assessment Consultation & Approval

More information

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy

More information

Information Governance Training Plan v13

Information Governance Training Plan v13 Information Governance Training Plan To meet requirements of IGT v13 Lincolnshire East Clinical Commissioning Group Page 1 of 17 Contents Introduction Page 3 Training Provision Page 4 Staff Induction Awareness

More information

Information Governance Strategy & Policy

Information Governance Strategy & Policy Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information

More information

Trust Informatics Policy. Information Governance. Information Governance Policy

Trust Informatics Policy. Information Governance. Information Governance Policy Trust Informatics Policy Information Governance Policy Reference: TIP/IG/IGP I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/ - 1 Document Control Policy Title Author/Contact Document Reference

More information

INFORMATION GOVERNANCE POLICY & STRATEGY FINAL DRAFT

INFORMATION GOVERNANCE POLICY & STRATEGY FINAL DRAFT INFORMATION GOVERNANCE POLICY & STRATEGY FINAL DRAFT Prepared By: Alistair Stewart Responsible Person: Endorsed by: Information Governance Committee Date: May 2008 Review: June 2009 Issue Number Draft

More information

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY Report to the Trust Board 22 September 2015 Sponsoring Director: Author: Purpose of the report: Key Issues and Recommendations: Director

More information

Information Governance Policy

Information Governance Policy Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version

More information

Policy Checklist. Head of Information Governance

Policy Checklist. Head of Information Governance Policy Checklist Name of Policy: Information Governance Policy Purpose of Policy: To provide guidance to all staff on their responsibilities regarding information governance and to ensure that the Trust

More information

Information Security Policy

Information Security Policy Information Security Policy JUNE 2014 Author Responsibility Lynda Harris, Head of Information Governance, Central Eastern CSU, Bedfordshire and Luton All staff Effective Date June 2014 Review Date June

More information

Courier Policy. 1 P age

Courier Policy. 1 P age Courier Policy UNIQUE REF NUMBER: AC/IG/009/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY VERSION DATE AMENDMENT

More information

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2. Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments

More information

INFORMATION GOVERNANCE

INFORMATION GOVERNANCE This document is uncontrolled once printed. Please refer to the Trusts Intranet site (Procedural Documents) for the most up to date version INFORMATION GOVERNANCE NGH-PO-233 Ratified By: Procedural Document

More information

NHS Commissioning Board: Information governance policy

NHS Commissioning Board: Information governance policy NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval

More information

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff. Information Governance Policy 1 SUMMARY This policy is intended to ensure that staff are fully aware of their Information Governance (IG) responsibilities, so that they can effectively manage and best

More information

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY RECORDS MANAGEMENT POLICY Version 8.0 Purpose: For use by: This document is compliant with /supports compliance with: To outline the lifecycle of a record and to provide guidance on retention and disposal

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Responsible Officer Author Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date effective from August 2009 Date last amended August 2009

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading

More information

Information Management Policy CCG Policy Reference: IG 2 v4.1

Information Management Policy CCG Policy Reference: IG 2 v4.1 Information Management Policy CCG Policy Reference: IG 2 v4.1 Document Title: Policy Information Management Document Status: Final Page 1 of 15 Issue date: Nov-2015 Review date: Nov-2016 Document control

More information

NHS Waltham Forest Clinical Commissioning Group Information Governance Policy

NHS Waltham Forest Clinical Commissioning Group Information Governance Policy NHS Waltham Forest Clinical Commissioning Group Information Governance Policy Author: Zeb Alam & David Pearce Version 3.0 Amendments to Version 2.1 Updates made in line with National Guidance and Legislation

More information

Policy: D9 Data Quality Policy

Policy: D9 Data Quality Policy Policy: D9 Data Quality Policy Version: D9/02 Ratified by: Trust Management Team Date ratified: 16 th October 2013 Title of Author: Head of Knowledge Management Title of responsible Director Director of

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact

More information

Information Security Policy

Information Security Policy Information Security Policy Reference No: Version: 5 Ratified by: CG007 Date ratified: 26 July 2010 Name of originator/author: Name of responsible committee/individual: Date approved by relevant Committee:

More information

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE.

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE. Title: Information Governance Policy Date Approved: Approved by: Date of review: Policy Ref: Issue: January 2015 Information Governance Group Division/Department: January 2016 Policy Category: ISP-04 5

More information

INFORMATION GOVERNANCE

INFORMATION GOVERNANCE INFORMATION GOVERNANCE Information Asset Owners and Information Asset Administrator/ Data Custodians Handbook November 2016 November 2016 1 Subject and version number of document: Serial number: Information

More information

Information Governance and Data Protection Policy

Information Governance and Data Protection Policy Information Governance and Data Protection Policy Page 1 of 21 Document Control Sheet Name of document: Version: Owner: File location / Filename: Information Governance and Data Protection Policy Final

More information

INFORMATION GOVERNANCE STRATEGY NO.CG02

INFORMATION GOVERNANCE STRATEGY NO.CG02 INFORMATION GOVERNANCE STRATEGY NO.CG02 Applies to: All NHS LA employees, Non-Executive Directors, secondees and consultants, and/or any other parties who will carry out duties on behalf of the NHS LA.

More information

A Question of Balance

A Question of Balance A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What

More information

NHS Business Services Authority Information Governance Policy

NHS Business Services Authority Information Governance Policy NHS Business Services Authority Information Governance Policy NHS Business Services Authority Corporate Secretariat NHSBSAIGM002 Issue Sheet Document reference NHSBSAIGM002 Document location F:\CEO\IGM\Info

More information

Information Governance Strategy Includes Information risk & incident management methodology

Information Governance Strategy Includes Information risk & incident management methodology Version 2.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality & Governance Committee Ratification date: May 2014 Review date: May

More information

Information Governance Strategy Includes Information risk & incident management methodology

Information Governance Strategy Includes Information risk & incident management methodology Version 3.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality Assurance Group Ratification date: March 2015 Review date: March 2016

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet

More information

Information Governance Standards in Relation to Third Party Suppliers and Contractors

Information Governance Standards in Relation to Third Party Suppliers and Contractors Information Governance Standards in Relation to Third Party Suppliers and Contractors Document Summary Ensure staff members are aware of the standards that should be in place when considering engaging

More information

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE

More information

Information governance policy

Information governance policy Information governance policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSAIGM002a S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review IG Policy\Current

More information

Information Governance Strategy

Information Governance Strategy Policy No: IG01 Version: 3.0 Name of Policy: Information Governance Strategy Effective From: 02/06/2015 Date Ratified 06/05/2015 Ratified Health Informatics Assurance Group (HIAG) Review Date 01/05/2017

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY ENFIELD CLINICAL COMMISSIONING GROUP INFORMATION GOVERNANCE POLICY PLEASE DESTROY ALL PREVIOUS VERSIONS OF THIS DOCUMENT Enfield CCG Information Governance Policy Information Governance Policy (Policy

More information

Information Governance Toolkit Assessment 2009/10

Information Governance Toolkit Assessment 2009/10 Information Governance Toolkit Assessment 2009/10 Document Reference: Version: Ratified by: Date ratified: Name of originator/author: Name of responsible committee/individual: Document owner: Document

More information

Information Security Policy

Information Security Policy Information Security Policy v2.0 Target Audience: Policy Endorsed by: ESCC Staff, members and other agencies handling ESCC information Governance Committee Final V2.0 Page 1 of 13 Information Security

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY Policy approved by: Audit and Governance Committee Date: 4 th December 2014 Next Review Date: December 2016 Version: 1 Information Security Policy Page 1 of 17 Review and Amendment

More information

NHS Waltham Forest Clinical Commissioning Group Information Governance Strategy

NHS Waltham Forest Clinical Commissioning Group Information Governance Strategy NHS Waltham Forest Clinical Commissioning Group Governance Strategy Author: Zeb Alam, CCG IG Lead, (NELCSU) David Pearce, Head of Governance, WFCCG Version 3.0 Amendments to Version 2.1 Annual Review Reference

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:

More information

Lancashire County Council Information Governance Framework

Lancashire County Council Information Governance Framework Appendix 'A' Lancashire County Council Information Governance Framework Introduction Information Governance provides a framework for bringing together all of the requirements, standards and best practice

More information

Policy Information Management

Policy Information Management Policy Information Management Document Title: Policy Information Management Issue date: October 2013 Document Status: Approved IGC 23 Oct 2013 Review date: October 2014 Page 1 of 17 Document control Document

More information

Information Governance Lead

Information Governance Lead Peninsula Community Health Information Governance Policy Title: Information Governance Policy Procedural Document Type: Policy Reference: CO-IG-P04 CQC Outcome: Version: 2.0 Approved by: Information Governance

More information

Informatics Policy. Information Governance. Network Storage Policy

Informatics Policy. Information Governance. Network Storage Policy Informatics Policy Information Governance Policy Ref: 3593 Policy Title Author/Contact Document Reference 3593 Pauline Nordoff-Tate, Information Assurance Manager Document Impact Assessed Yes/No Date:

More information

NHS Lanarkshire Information Governance Committee

NHS Lanarkshire Information Governance Committee INFORMATION GOVERNANCE COMMITTEE DRAFT TERMS OF REFERENCE Name Purpose NHS Lanarkshire Information Governance Committee To provide direction of and oversee the development of NHS Lanarkshire Information

More information