SUBJECT ACCESS REQUEST PROCEDURE

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "SUBJECT ACCESS REQUEST PROCEDURE"

Transcription

1 SUBJECT ACCESS REQUEST PROCEDURE Document History Document Reference: Document Purpose: IG31 This procedure sets out the responsibility for staff when receiving requests for information provided under Section 7 of the Data Protection Act whereby individuals can request access to their data. Date Approved: 28 th March 2014 Approving Committee: Information Governance Management and Technology Committee Version Number: V1.0 Status: Approved Next Revision Due: January 2015 Developed by: Policy Sponsor: Target Audience: Associated Documents: Information Governance, Greater East Midlands Commissioning Support Unit (GEM CSU) Information Governance Management and Technology Committee This Policy applies to any person directly employed, contracted or volunteering to the CCG All Information Governance Policies and the Information Governance Toolkit Author: GEM CSU IG 1 Approved January 2014

2 Revision History Version Revision date Comments Draft August 2013 Developed in line with NHS England guidance, Caldicott Review and the Information Governance Toolkit version 11 Approved January 2014 Information Governance Management and Technology committee pending minor amendments to text and formatting. Policy Dissemination information Reference Number IG31 Title Subject Access Request Procedure Available from CCG Intranet Contents 1. Introduction Purpose & Scope Policy Statement Principles Who can make a request Roles & Responsibilities Subject Access Requests the rights of individuals Consent Issues Shared Records Deceased Patient Records Exemptions to the Release of Information Subject Access Request Process Incidents Equality Impact Assessment Due Regard Policy Review APPENDIX A - REFERENCES AND BIBLIOGRAPHY Author: GEM CSU IG 2 Approved January 2014

3 1. Introduction This procedure applies to Nottinghamshire County Clinical Commissioning Groups (CCGs) subsequently referred to in this document as the CCGs. They include: NHS Mansfield and Ashfield CCG NHS Newark and Sherwood CCG NHS Nottingham North and East CCG NHS Nottingham West CCG NHS Rushcliffe CCG Legislation provides that an individual has the right to request access to their personal information that is held by an organisation. The information can be health records, employment records, or records which hold information relating to them as the data subject. An organisation must ensure that it has a procedure in place to respond to Subject Access Requests under the Data Protection Act Purpose & Scope The Act gives data subjects the right, subject to certain exceptions, to request access and obtain copies of personal data about themselves that is held in either computerised or manual formats and any type of personal information that is recorded including photographs, x-rays, audio messages and CCTV images. Data subjects have access rights to their personal information irrespective of when the record was created. To exercise this right, an individual must make a written request for information. This is known as a subject access request. This procedure applies to all requests for access to personal data held by the CCG. This procedure applies to all staff employed by or working on behalf of the CCG including contracted, non-contracted, temporary, honorary, secondments, bank, agency, students, volunteers or locums. 3. Procedure Statement This procedure will provide a framework for the CCG to ensure compliance with the Data Protection Act This procedure matches the requirements identified by the Information Commissioner Subject Access Request Code of Practice August 2013 ( Author: GEM CSU IG 3 Approved January 2014

4 4. Principles Individuals have the right to request copies of their information that the CCG may hold and to also request certain information relating to the processing of their information including: A description of the information The purposes the information is used for The disclosures that are made or might be made The source of the data The CCG is required to respond to Subject Access requests promptly within 40 calendar days of receipt of the request. Failure to do so is a breach of the Act and could lead to a complaint to the Information Commissioner (ICO). If it is anticipated that a request will take longer than the 40-day period, the organisation must inform the applicant giving an explanation of the delay and agree a new deadline. Failure to comply with a request for subject access, without valid justification is treated as a serious matter and may be referred to the ICO. Such complaints are dealt with as a matter of priority and may lead to a full-scale investigation into an organisation s procedures and practices. 5. Who can make a request Subject access requests can be made by: The individual themselves Individuals requesting access on behalf of a child for whom they have parental responsibility A representative nominated by the individual to act their behalf such as solicitors or a relative, where there is valid consent by the individual granting this authority In certain situations a person granted an attorney or agent by the Court of Protection on behalf of an adult who is incapable of consent A request does not have to specifically state whether it is under the provisions of the Data Protection Act or Freedom of Information Act and individuals may sometimes confuse the two. It is the CCG s responsibility to ensure that any request is dealt with under the correct legislation 5.1 Individuals living abroad Patients or individuals who used to live in the UK who have records held by the CCG will still have the right to make a subject access request. The same procedure would apply as for an individual living in the UK. Author: GEM CSU IG 4 Approved January 2014

5 5.2 Access to Health Records A health record is defined as: consisting of information relating to the physical or mental health or condition of an individual and has been made by or on behalf of a health professional in connection with the care of that individual. 6 Roles & Responsibilities 6.1 Chief Officer The Chief Officer is the accountable officer and Data Controller for the CCG. The Chief Officer is responsible for ensuring compliance with the Data Protection Act GEM CSU IG Lead Greater East Midlands Commissioning Support Unit (GEM CSU) provide Information Governance expertise and support to all Nottinghamshire CCGs under a Service Level Agreement and will process requests received by individual CCGs. Requests received by CCG staff will be forwarded to the Information Governance Lead at GEM CSU for review and response. All request details will be entered into a log and this will be maintained to monitor compliance to ensure all requests are answered in a timely manner. The GEM CSU Lead is responsible for: Reviewing the request to determine whether it is a subject access request (or Freedom of Information request) and liaising with CCG staff where advice is required. Prior to the release of any information, the GEM CSU lead must be satisfied as to the identity of the person making the request. The CCG will not release any information until this identification has taken place. Providing advice to responsible staff in the CCG on the withholding of certain information requested under the Data Protection Act. Liaising with other organisations if relevant to process the access request in the event of shared records/data. The CCG remains responsible for their organisations compliance under the Data Protection Act and the GEM IG Lead will ensure adequate sign off from a responsible staff member or designated professional prior to release of any information under a subject access request. 6.3 All Staff All managers and staff will comply with any request for personal data forwarded by the GEM CSU Lead as quickly as possible, and will respond as soon as possible but before a deadline communicated by the IG Lead. Author: GEM CSU IG 5 Approved January 2014

6 7 Subject Access Requests the rights of individuals The Data Protection Act 1998 ensures the transparency of data processing by obliging organisations to explain to individuals how their data is used (Principle 1) and by providing the right of subject access under Section 7. Section 7 of the Act provides that individuals who request access to their data should: Be informed whether or not they are the subject of any data being processed by a data controller organisation; and Be provided with an understandable copy of the information held about them on request It should also be provided in a permanent form i.e. paper or electronic format that may be retained by the individual unless the provision of the information in a permanent form would involve disproportionate effort. Individuals also have the right to: A description of the personal data of which they are the data subject A description of the purposes for which the data are being processed or are to be processed this could be based on the information supplied to the Information Commissioners office during notification or on some information specific to the applicant; Any information available to an organisation on the source of the applicant s data; and Where the applicant specifically requests it, the logic involved in any fully automated decision-taking that has or may have a significant effect on the individual concerned, such as a decision in relation to risk stratification (except where the logic would constitute a trade secret or be regarded as commercially in confidence). 8 Consent Consent is not defined in the Data Protection Act. However, the European Data Protection Directive (to which the Act gives effect) defines an individual s consent as: any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed. Consent must be appropriate to the age and capacity of the individual and to the particular circumstances of the case. The Data Protection Act distinguishes between: the nature of the consent required to satisfy the first condition for processing; and the nature of the consent required to satisfy the condition for processing sensitive personal data, which must be explicit. In most cases the consent to access personal information will be provided by the individual who is requesting the information, however, there may be cases where the individual is unable to consent or the data subject is a child. Author: GEM CSU IG 6 Approved January 2014

7 When an applicant is not able to produce written consent from the data subject to access the information or is not able to evidence that he/she is entitled to access the information, the GEM CSU Lead will request further information from the applicant on the reason for the request to decide whether it would be justifiable to release the information to the applicant in any event. The GEM CSU IG Lead will liaise with the CCG staff holding the information to determine whether it is appropriate to release the information under these circumstances. In the event that the applicant is a solicitor the subject s written authority for release must be obtained. Where a person is unable to manage his/her own affairs then the application will only be accepted if evidence is presented that the representative is a person appointed by the Courts e.g. under the Court of Protection (or acting within the terms of a registered Lasting Power of Attorney - Health). Any individual over the age of 12 who is considered to be Fraser competent may exercise their right of access to his/her records under the Act. This is also in line with guidance issued by the Information Commissioner. However, care must be taken to verify that the young person has either initiated such a request or consented to such a request being made or that the young person s lack of understanding requires a parent or guardian to act on their behalf. Another important aspect may well be the nature of the personal information that will be supplied. This will be of particular significance where the information may contain reference to the parent or guardian within the young person s records: for example, where allegations of abuse have been made against the parent or guardian in a social work file. Requests from minors need to be handled carefully; consideration needs to be given to balancing the harm that might arise against the possible benefits of supplying the information and will involve the CCG s Designated Professionals in all such requests. 9 Shared Records There are situations where a subject access request involves a record that is shared between organisations. The modernisation and integration of health and social care will place a greater emphasis on shared records, both health and non-health records. The following principles will be followed where this is the case: Obligations under the Act are, in general placed on the holder of the record. If records are shared between two health or NHS bodies, they will be joint data controllers. Responsibility for ownership of the record rests with the Secretary of State for Health although essentially, where both organisations are joint data controllers for the shared record, both are controlling how they are used In order to deal with Subject Access requests effectively, the organisation receiving the Subject Access request will take responsibility for processing the request and for obtaining consent or refusal for the release of parts of the record relating to the other organisation The CCG takes responsibility for the access request and joint liability for their release where each organisation has authorised its release. Author: GEM CSU IG 7 Approved January 2014

8 If the CCG does not agree with the decision made by the other organisation to withhold data from release and subsequently releases that element of the record, it will accept full liability. The GEM CSU Lead must document the reasons for withholding certain information lawfully in the request log. The applicant may challenge the decision not to release information If there is a refusal to disclose the record from the partner organisation, the organisation dealing with the access request should, in their response to the applicant explain the reason for the refusal and refer them to the other partner organisation directly if they wish to contest the refusal. 9.1 Other Records In addition to health records, all other records held by the CCG containing individual s information are liable to subject access requests by those individuals or their representatives. This includes personnel, finance, complaints and administration records. Any third party content of the record must be referred to the originating organisation for consent to release. Where the CCG is the originator of the third party information the GEM CSU IG Lead will liaise with the designated professional in the CCG to determine whether the information should be redacted. 10 Deceased Patient Records The rights to access under the Data Protection Act 1998 extend only to living individuals. Requests for deceased patients records are made under the Access to Health Records Act Requests can only be made by: The patient s personal representative (usually the executor of the will or administrator of the estate) or Any person who may have a claim arising out of the patient s death- release of any information will only be the minimum necessary to process their claim. Only relevant information relating to any claim made should be released The same rules apply to third party information as with other health records. The CCG should afford the same level of confidentiality to deceased patient s records as for living ones. 11 Exemptions to the Release of Information The Data Protection Act 1998 makes provision for withholding information in certain circumstances which must be considered when a request is received. The GEMCSU IG Team will liaise with a designated professional holding the record to determine whether an exemption should be applied and document all decisions where this is the case. The reasons for withholding the information will be provided to the requester. Author: GEM CSU IG 8 Approved January 2014

9 12 Subject Access Request Process 12.1 Receiving an access request under the DPA Applications for access to personal data must be made in writing to the GEM CSU IG Lead and sent to: Information Governance Birch House Ransom Wood Business Park Southwell Road West Mansfield Notts NG21 0HJ or by to Applications must be signed and dated by the applicant (but the application process will be supported by GEMCSU who will undertake all relevant checks). Where an application is made on behalf of an individual, adequate authorisation documentation must accompany the written application. The application must clearly identify the person in question, and the records required, including the following details: Full name including previous names Address including previous address(es) NHS number (if available) Date of birth Dates of health/personnel records required 12.2 Provision of Information in response to a request Where requested the CCG will allow data subjects to view their data. The CCG (through the GEM CSU Lead) will provide a data subject with a copy of their information in an intelligible form i.e. the use of jargon, abbreviations or codes contained within the information must be explained. If the information is terminologically difficult or of a technical nature, the designated professional must offer to go through the information with the data subject to explain the meanings. The CCG must take into account the provisions of the Equality Act 2010 and offer information in large print or Braille format for data subjects with visual difficulties. Arrangements will be agreed with the data subject and relevant CCG Managers to facilitate this within the timescales allowed by the Act. Where an access request has previously been complied with under the Act, the CCG does not have to respond to a subsequent identical or similar request unless a reasonable interval has elapsed since the previous compliance (The Information Commissioner s office has Author: GEM CSU IG 9 Approved January 2014

10 defined a reasonable interval to be 12 months). Where the CCG does not hold the personal information requested, it will inform the applicant as quickly as possible Response Times for Disclosure Responses to request for access must be made within 40 days of the date of receipt of the request and/or the fee payable. Failure to do so is a breach of the Act and could lead to a complaint to the Information Commissioner. Failure to comply with a request for subject access, without valid justification is treated as a serious matter and is investigated by the Information Commissioner. Such complaints are dealt with as a matter of priority and may often lead to a full scale investigation into an organisation s procedures and practices. In exceptional circumstances, if it is not possible to comply with this period, the applicant should be informed. Where the CCG has decided to charge a fee for a subject access request, it will inform the applicant that a fee is payable and the amount requested. The CCG is not required to provide the information requested until such time as the fee has been paid. This process is known as stopping the clock and can only be applied where it has been decided to impose a charge e.g. if the charge is requested at day 20 of the process the clock is stopped at that point. Once the charge has been received the clock is restarted at day 20 and the CCG then has 20 days to provide the information that has been requested Charges The following charges apply: Viewing paper or Computer records Copying of only computer records Copying of paper records or a mix of computer and paper records 10 (Maximum charge) 10 (Maximum charge) 10 minimum charge up to a maximum of Data identifying a Third Party Where personal data relating to the applicant also identifies another individual, the applicant s right of access must be weighed against the other data subject s right to privacy. The GEM CSU Lead should attempt, where practicable, to seek the consent of the third party to the release of their data. Where consent is obtained then the information can be released Serious harm or adverse effect on health On inspection of the records the responsible person or CCG designated professional can advise that certain personal information is not released on the grounds that its release would be likely to cause serious harm to the physical or mental health of the person or to others. Author: GEM CSU IG 10 Approved January 2014

11 There is no definite requirement to inform the requestor or their representative that this information has not been released Other Agencies Records Letters or reports from another agency or person may be contained in records held by the CCG. Where this is the case the designated professional reviewing the records should consider the need to approach those agencies or persons to secure agreement for release of those records. If health information has been obtained from another NHS organisation and used for direct care purposes there is no obligation to contact the other organisation for permission to release (but there may be circumstances where this may need to be considered) Requests from public bodies and law enforcement agencies Section 29 of the Data Protection Act outlines the circumstances in which some public bodies have statutory powers that enable them to request access to personal information. The CCG as a data controller will be extremely careful when releasing personal data to such parties and will, following receipt of a request, check that the organisation requesting the disclosure is acting within its powers by asking the applicant to quote the authority on which its power is based. The CCG will only accept the request if it is made in writing and it is able to verify the source of the request and any necessary test of prejudice carried out prior to releasing any personal data through its legal channels if necessary. Law enforcement agencies can request personal information on behalf of and where written consent has been obtained from the individual. If members of staff come across any such requests, they must inform the GEM CSU Information Governance Lead immediately. 13. Incidents Any incident involving a potential breach of the Data Protection Act 1998 or the Access to Health Records Act 1990 should be reported as an incident using the appropriate CCG reporting system. The Caldicott Guardian and relevant line manager should also be informed of this and a decision will be taken whether it is necessary to report this as a Serious Incident under the Serious Incident Reporting and Management Policy and/or to the Information Commissioner. 14. Equality Impact Assessment The CCG aims to design and implement policy documents that meet the diverse needs of our services, population and workforce, ensuring that none are placed at a disadvantage over others. It takes into account current UK legislative requirements, including the Equality Act 2010 and the Human Rights Act 1998, and promotes equal opportunities for all. This document has been designed to ensure that no-one receives less favourable treatment due to their personal circumstances, i.e. the protected characteristics of their age, disability, sex (gender), gender reassignment, sexual orientation, marriage and civil partnership, race, religion or belief, pregnancy and maternity. Appropriate consideration has also been given to gender identity, socio-economic status, immigration status and the principles of the Human Rights Act. Author: GEM CSU IG 11 Approved January 2014

12 In carrying out its functions, the CCG must have due regard to the Public Sector Equality Duty (PSED). This applies to all the activities for which the organisation is responsible, including policy development, review and implementation Due Regard This policy has been reviewed in relation to having due regard to the Public Sector Equality Duty (PSED) of the Equality Act 2010 to eliminate discrimination, harassment, victimisation; to advance equality of opportunity; and foster good relations. 16 Policy Review This policy will be reviewed annually or where significant legal changes have occurred. Author: GEM CSU IG 12 Approved January 2014

13 APPENDIX A - REFERENCES AND BIBLIOGRAPHY Data Protection Act 1998 available from Access to Health Records Act 1990 available from Human Rights Act 1998 available from Freedom of Information available from Record Management available from Common Law of Confidentiality NHS Confidentiality- code of Practice available from PolicyAndGuidance/DH_ NHS For the Record available from dsmanagement/index.htm The Abortion Regulations Act 1991 available from The Computer Misuse Act 1990 available from The Census (Confidentiality) Act The Civil Evidence Act The Electronic Communications Act The Public Interest Disclosure Act Crime and Disorder Act NHS For the Record available from dsmanagement/index.htm NHS Retention of Records available from PolicyAndGuidance/DH_ Mental Capacity Act The National Health Service Act 2006 available from Author: GEM CSU IG 13 Approved January 2014

Subject Access Request (SAR) Procedure

Subject Access Request (SAR) Procedure Subject Access Request (SAR) Procedure East and North Hertfordshire Clinical Commissioning Group Page 1 of 16 DOCUMENT CONTROL SHEET Document Owner: Chief Finance Officer Document Author(s): Anne Ephgrave

More information

INFORMATION ASSURANCE DOCUMENTED PLAN

INFORMATION ASSURANCE DOCUMENTED PLAN INFORMATION ASSURANCE DOCUMENTED PLAN Document Reference: Document Purpose: IG20 Date Approved: Approving Committee: To provide guidance to all CCG staff about the CCG s documented plan for Information

More information

INFORMATION ASSURANCE DOCUMENTED PLAN

INFORMATION ASSURANCE DOCUMENTED PLAN NHS South West Lincolnshire Clinical Commissioning Group (CCG) INFORMATION ASSURANCE DOCUMENTED PLAN Document History: Document Reference: Document Purpose: IG18 To provide guidance to all CCG staff about

More information

Data Subject Access Request Procedure

Data Subject Access Request Procedure Data Subject Access Request Procedure Policy ID IG07 Version: 2.0 Ratified by: Executive Committee Name of originator/author: Justin Dix, Governing Body Secretary Name of responsible committee/individual:

More information

Bring Your Own Device (BYOD) Policy

Bring Your Own Device (BYOD) Policy Bring Your Own Device (BYOD) Policy Document History Document Reference: Document Purpose: Date Approved: Approving Committee: To set out the technical capabilities of the chosen security solution Airwatch

More information

Subject Access Request Policy Number ID ID # 2011 075 Author: Nicola Bateman Author Job Title: Information Governance Manager Division: Corporate Department: Clinical Informatics Version Number: 2.1 Ratifying

More information

ORBIT POLICY O-DPA01 DATA PROTECTION POLICY V1.1

ORBIT POLICY O-DPA01 DATA PROTECTION POLICY V1.1 ORBIT POLICY O-DPA01 DATA PROTECTION POLICY V1.1 1 Document Control Document Title DATA PROTECTION POLICY References O-DPA01 Version V1.1 Classification Unclassified Status Issued Last Review August 2011

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy

More information

ENC Li Subject Access Request Procedure

ENC Li Subject Access Request Procedure Subject Access Request Procedure Version: 1.0 Page 1 of 23 Document control Document Information Document Name: Location: Consultation: Initial approval: Supersedes: Description: Audience: Contact details

More information

Information Sharing Policy

Information Sharing Policy Information Sharing Policy REFERENCE NUMBER IG 010 / 0v3 February 2013 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive Committee 5.2.13 REVIEW DUE DATE February 2016 West Lancashire CCG is committed

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:

More information

Complaints Policy. Complaints Policy. Page 1

Complaints Policy. Complaints Policy. Page 1 Complaints Policy Page 1 Complaints Policy Policy ref no: CCG 006/14 Author (inc job Kat Tucker Complaints & FOI Manager title) Date Approved 25 November 2014 Approved by CCG Governing Body Date of next

More information

Subject Access Request Policy

Subject Access Request Policy Subject Access Request Policy Version Version 4.0 Ratified By Date Ratified 24th February 2015 Author(s) Responsible Committee / Officers Date Issue February 2015 Quality, Performance and Finance Committee

More information

Information Governance Policy

Information Governance Policy Information Governance Policy REFERENCE NUMBER IG 101 / 0v3 May 2012 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive 4.9.12 REVIEW DUE DATE May 2015 West Lancashire CCG is committed to ensuring

More information

Leeds College of Music. Meeting the Public Sector Equality Duty (PSED)

Leeds College of Music. Meeting the Public Sector Equality Duty (PSED) Leeds College of Music Meeting the Public Sector Equality Duty (PSED) This report provides a review of the actions taken and being taken to meet the requirements of the Public Sector Equality Duty, as

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September

More information

Equality & Diversity Policy Version number 3.0

Equality & Diversity Policy Version number 3.0 Equality & Diversity Policy Version number 3.0 Lead executive Name / title of author: Janet Wilkinson, Director of HR & OD Juliette Tait, Employee Relations Lead Date reviewed: Target audience: Policy

More information

Access to Health Records

Access to Health Records Access to Health Records Crown Heights Medical Centre Procedure Access to Health Records ACCESS TO MEDICAL RECORDS (DATA PROTECTION) POLICY INTRODUCTION The Access to Health Records Act 1990 gave individuals

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

Information Governance Policy

Information Governance Policy Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version

More information

Subject Access Requests Policy

Subject Access Requests Policy Subject Access Requests Policy This Policy provides guidance on the processes that are to be followed when dealing with requests for access to personal information under section 7 of the Data Protection

More information

CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE

CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE This document is uncontrolled once printed. Please check on the CCG s Intranet site for the most up to date version CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE Document Title: Contracts

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version

More information

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy NHS Hardwick Clinical Commissioning Group Business Continuity Policy Version Date: 26 January 2016 Version Number: 2.0 Status: Approved Next Revision Due: January 2017 Gordon Stevens MBCI Corporate Assurance

More information

Human Resources and Data Protection

Human Resources and Data Protection Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council

More information

Subject Access Request Policy

Subject Access Request Policy Trust Policy Subject Access Request Policy Department / Service: Corporate Originator: Company Secretary Accountable Director: Director of Nursing Approved by: Information Governance Steering Group Trust

More information

Information Security Policy

Information Security Policy Information Security Policy JUNE 2014 Author Responsibility Lynda Harris, Head of Information Governance, Central Eastern CSU, Bedfordshire and Luton All staff Effective Date June 2014 Review Date June

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Version: V1 Ratified by: Operational Management Executive Committee Date ratified: 26 September 2013 Name and Title of originator/author(s): Chris Brady, FOI, Data Protection and

More information

Equality and Diversity Policy. Deputy Director of HR Version Number: V.2.00 Date: 27/01/11

Equality and Diversity Policy. Deputy Director of HR Version Number: V.2.00 Date: 27/01/11 Equality and Diversity Policy Author: Deputy Director of HR Version Number: V.2.00 Date: 27/01/11 Approval and Authorisation Completion of the following signature blocks signifies the review and approval

More information

CCG CO25 Social Media Policy

CCG CO25 Social Media Policy Corporate CCG CO25 Social Media Policy Version Number Date Issued Review Date V1 21 January 2016 January 2018 Prepared By: Consultation Process: Formally Approved: 20/01/2016 Senior Governance Manager,

More information

Child and Adult Services Subject Access Requests Guidance

Child and Adult Services Subject Access Requests Guidance Child and Adult Services Subject Access Requests Guidance This Guidance is not applicable to Access to Information requests about Adoption. For requests about Adoption please consult the Adoption and Children

More information

Equality and Diversity Policy

Equality and Diversity Policy Equality and Diversity Policy Introduction 1 Our aim is to be a fair regulator, and a fair employer. Our Equality and Diversity Strategy explains more about how we are trying to meet this aim. 2 We have

More information

WHAT DOES EQUALITY MEAN FOR ME? Equality in Nottingham City and Nottinghamshire County

WHAT DOES EQUALITY MEAN FOR ME? Equality in Nottingham City and Nottinghamshire County WHAT DOES EQUALITY MEAN FOR ME? Equality in Nottingham City and Nottinghamshire County WHAT DOES EQUALITY MEAN FOR ME? Equality in Nottingham City and Nottinghamshire New Regulations take effect New regulations

More information

SOCIAL MEDIA POLICY. Senior Governance Officer, NHS North of England Commissioning Support Unit Reference No

SOCIAL MEDIA POLICY. Senior Governance Officer, NHS North of England Commissioning Support Unit Reference No SOCIAL MEDIA POLICY Ratified Governance & Risk Committee 08/2015 Status Final Issued August 2015 Approved By Governance and Risk Committee Consultation Governance and Risk Committee Equality Impact Assessment

More information

Subject Access Request, Procedure, Guidance and Information

Subject Access Request, Procedure, Guidance and Information Subject Access Request, Procedure, Guidance and Information Updated: July 2015 Page 1 of 61 CONTENTS 1. Introduction 5 2. Legal Context 5 3. Subject Access Request to Personal Records Guidance 6 Guidance

More information

CCG: IG06: Records Management Policy and Strategy

CCG: IG06: Records Management Policy and Strategy Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of

More information

GRIEVANCE POLICY. Human Resources Service

GRIEVANCE POLICY. Human Resources Service GRIEVANCE POLICY Human Resources Service NB. This policy is available on the University of Cumbria website and it should be noted that any printed copies are uncontrolled and cannot be guaranteed to constitute

More information

Newcastle Safeguarding Children Board Multi-agency information sharing agreement

Newcastle Safeguarding Children Board Multi-agency information sharing agreement Newcastle Safeguarding Children Board Multi-agency information sharing agreement March 2016 Introduction Newcastle Safeguarding Children Board (NSCB) is the strategic body for promoting and safeguarding

More information

JOB DESCRIPTION. Information Governance Manager

JOB DESCRIPTION. Information Governance Manager JOB DESCRIPTION POST TITLE: Information Governance Manager DIRECTORATE: ACCOUNTABLE TO: BAND: LOCATION: CSS Head of Information Governance 8a CSS Job Purpose The Information Governance Manager will ensure

More information

The Equality Act 2010

The Equality Act 2010 The Equality Act 2010 The Equality Act 2010 came into force on 1 October 2010 and strengthens and streamlines 40 years of equalities legislation. The stated aim of the Act is to reform and harmonise discrimination

More information

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection

More information

St Margaret s CE Primary school, Withern Data Protection Policy

St Margaret s CE Primary school, Withern Data Protection Policy St Margaret s CE Primary school, Withern Data Protection Policy Reference Points Data Protection Act 1998 See https://www.gov.uk/data-protection/the-data-protection-act Information Commissioners' Office

More information

DATA PROTECTION ACT 1998 COUNCIL POLICY

DATA PROTECTION ACT 1998 COUNCIL POLICY DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations

More information

Equality & Diversity Strategy

Equality & Diversity Strategy Equality & Diversity Strategy April 2014 - March 2017 1 Contents Foreword 1. Introduction. 2. Organisational context. 3. Communities we serve. 4. The Equality Delivery System. 5. Our Equality Objectives.

More information

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety

More information

Policy against Bullying, Harassment and Victimisation (Incorporating Dignity at Work)

Policy against Bullying, Harassment and Victimisation (Incorporating Dignity at Work) Policy against Bullying, Harassment and Victimisation (Incorporating Dignity at Work) Version: Version 1 Aim / Scope: The College believes that every member of staff has the right to work in a supportive

More information

West Sussex County Council. Guidance on Information Law for Schools

West Sussex County Council. Guidance on Information Law for Schools This guidance recognises that schools already deal with a great variety and number of requests for information and provides a straightforward approach to compliance with the following legislation: Education

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Date approved by Heads of Service 3 June 2014 Staff member responsible Director of Finance and Corporate Services Due for review June 2016 Data Protection Policy Content Page 1 Purpose

More information

CCG Social Media Policy

CCG Social Media Policy Corporate CCG Social Media Policy Version Number Date Issued Review Date 2 25/03/2015 25/03/2017 Prepared By: Consultation Process: Formally Approved: Governance Manager, North of England Commissioning

More information

2012 No. 1204 POLICE, ENGLAND AND WALES. The Police (Complaints and Misconduct) Regulations 2012

2012 No. 1204 POLICE, ENGLAND AND WALES. The Police (Complaints and Misconduct) Regulations 2012 STATUTORY INSTRUMENTS 2012 No. 1204 POLICE, ENGLAND AND WALES The Police (Complaints and Misconduct) Regulations 2012 Made - - - - 1st May 2012 Laid before Parliament 3rd May 2012 Coming into force - -

More information

Equality, Diversity and Human Rights Policy

Equality, Diversity and Human Rights Policy Equality, Diversity and Human Rights Policy Approval Date approved: 04 April 2014 Date Effective from Related documents Owner (Executive Director) Author External references Date of approval Performance

More information

Scope: All employees. The principles apply to all workers, secondees, contractors, job applicants, customers and clients.

Scope: All employees. The principles apply to all workers, secondees, contractors, job applicants, customers and clients. Title: Equality and Diversity Policy Type: Policy Version: 2.1 Directorate : Workforce Aim: To develop and promote a culture where all individuals receive fair and equal treatment in all aspects of employment

More information

WEST MIDLANDS POLICE Force Policy Document

WEST MIDLANDS POLICE Force Policy Document WEST MIDLANDS POLICE Force Policy Document POLICY TITLE: POLICY REFERENCE NO: POLICE STAFF DISCIPLINARY PROCEDURE HR/06 Executive Summary The Force expects certain standards of conduct to be maintained

More information

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY Version 3.0 DATA PROTECTION ACT 1998 POLICY CONTENTS 1. INTRODUCTION... 3 2. PROVISIONS OF THE ACT... 4 3. SCOPE... 4 4. GENERAL POLICY STATEMENT...

More information

Information Management Policy CCG Policy Reference: IG 2 v4.1

Information Management Policy CCG Policy Reference: IG 2 v4.1 Information Management Policy CCG Policy Reference: IG 2 v4.1 Document Title: Policy Information Management Document Status: Final Page 1 of 15 Issue date: Nov-2015 Review date: Nov-2016 Document control

More information

Summary of the Employment Equity Act, 55 of 1998, issued in terms of Section 25(1)

Summary of the Employment Equity Act, 55 of 1998, issued in terms of Section 25(1) Employment Equity Amended Act, 2014: (1 August 2014) Summary of the Employment Equity Act, 55 of 1998, issued in terms of Section 25(1) (An abbreviated version can be found on www.labourinfo.co.za) 1.

More information

HOW YOU CAN OBTAIN ACCESS TO YOUR PERSONAL RECORDS Notes to accompany Application Form

HOW YOU CAN OBTAIN ACCESS TO YOUR PERSONAL RECORDS Notes to accompany Application Form HOW YOU CAN OBTAIN ACCESS TO YOUR PERSONAL RECORDS Notes to accompany Application Form Your right to request access to your personal records: The gives living individuals the right to request access to

More information

SUBJECT ACCESS REQUEST PROCEDURE

SUBJECT ACCESS REQUEST PROCEDURE This document is uncontrolled once printed. Please check on the CCG s Intranet site for the most up to date version SUBJECT ACCESS REQUEST PROCEDURE DOCUMENT CONTROL Type of Document Document Title Description:

More information

Data Protection Policy

Data Protection Policy London Borough of Enfield Data Protection Policy Author Mohi Nowaz Classification UNCLASSIFIED Date of First Issue 10/08/2012 Owner IGB Issue Status DRAFT Date of Latest Re-Issue 12/09/2012 Version 0.6

More information

Work Experience Policy. Sue Ellis Director of Workforce. Final. 9 March March April April 2019

Work Experience Policy. Sue Ellis Director of Workforce. Final. 9 March March April April 2019 Work Experience Policy Author (s) Corporate Lead Eilidh MacDonald Leeds Community Healthcare NHS Trust Sue Ellis Director of Workforce Document Version Date approved by Joint Negotiating Consultative Forum

More information

Information Governance Strategy 2015/16

Information Governance Strategy 2015/16 Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal

More information

SINGLE EQUALITY POLICY

SINGLE EQUALITY POLICY SINGLE EQUALITY POLICY BUILDING FUTURES CHANGING LIVES We are committed to Equality and Diversity and to selection on merit. We welcome applications from all sections of society. Legislative Framework

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: Revised: Consultation: Ratified by: 1.0 Information Governance Committee Governance Committee Date ratified: 19 March 2008 Name of originator/author: David McGrath

More information

Equality & Diversity (Policy & Guidance)

Equality & Diversity (Policy & Guidance) Equality & Diversity (Policy & Guidance) Publication Scheme Y/N Can be published on Force Website Department of Origin Human Resources (HR) Policy Holder Head of Community Engagement Unit (CEU) Author

More information

Mental Health Act Code of Practice. Professions and Care Standards Liz Johnson - Head of Equality and Inclusion. Group

Mental Health Act Code of Practice. Professions and Care Standards Liz Johnson - Head of Equality and Inclusion. Group Policy: Equality and Human Rights Executive or Associate Director lead Policy author/ lead Feedback on implementation to Liz Lightbown - Executive Director of Nursing, Professions and Care Standards Liz

More information

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing

More information

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South

More information

Berkshire West Clinical Commissioning Groups

Berkshire West Clinical Commissioning Groups Berkshire West Clinical Commissioning Groups Corporate Policy 1 (CP1) CCG Policy for the Handling of Complaints Version: 1 Ratified by: Date ratified: April 2013 Name of originator/author: Name of responsible

More information

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 1. Introduction and Scope 1.1 The Data Protection Act 1998 is the law that protects personal privacy and applies to any school

More information

Glyncoed Primary School. Data Protection Policy

Glyncoed Primary School. Data Protection Policy Glyncoed Primary School Data Protection Policy Date agreed: March 2015 Review date: March 2017 1 Data Protection Policy Glyncoed Primary School collects and uses personal information about staff, pupils,

More information

SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES

SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES 1 1 Definitions In these conditions:- We means Scotland s Commissioner for Children and Young People,

More information

Exit Questionnaire and Exit Interview Procedure

Exit Questionnaire and Exit Interview Procedure Exit Questionnaire and Exit Interview Procedure Procedure Reference Number: 2009.51 Approved: Name Date Author: Susan Poole 12/02/13 HR Advisor, Policy and Development Produced: 12/02/13 Review due: 3

More information

IG: Third Party Contracts and Contractors Policy

IG: Third Party Contracts and Contractors Policy IG: Third Party Contracts and Contractors Policy Document Summary This policy provides guidance on the Information Governance arrangements that need to be considered and / or implemented when engaging

More information

EQUALITY & DIVERSITY. Title. Equality & Diversity Author

EQUALITY & DIVERSITY. Title. Equality & Diversity Author EQUALITY & DIVERSITY Title Equality & Diversity Author Employment Relations Document Policy Effective Date 20/04/2015 Review Date 20/04/2017 Version 1.1 This policy supercedes all previous policies, circulars

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):

More information

Records Management Policy

Records Management Policy Records Management Policy Document information Document type: Operational Policy Document title: Records Management Policy Document date: November 2014 Author: NHS South Commissioning Support Unit, Information

More information

Guidance for Access to Health Records Requests

Guidance for Access to Health Records Requests Guidance for Access to Health Records Requests February 2010 1 DH INFORMATION READER BOX Policy HR / Workforce Management Planning / Clinical Document Purpose Gateway Reference Title Estates Commissioning

More information

Equality and Diversity Policy

Equality and Diversity Policy Equality and Diversity Policy Version: 1.0 Date: October, 2012 Digital Nomads Limited Page 1 of 9 Contents Policy Statement... 3 Legislative Background... 4 Objectives... 5 Definitions... 5 Roles and Responsibilities...

More information

Data Protection Policy

Data Protection Policy Issue Date: June 2014 Document Number: POL_1006 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading length; please depending delete other on line length;

More information

Code of practice for employers Avoiding unlawful discrimination while preventing illegal working

Code of practice for employers Avoiding unlawful discrimination while preventing illegal working Code of practice for employers Avoiding unlawful discrimination while preventing illegal working [xx] April 2014 Presented to Parliament pursuant to section 23(1) of the Immigration, Asylum and Nationality

More information

Non-absolute exemptions (subject to Substantial Prejudice Test and/or Public

Non-absolute exemptions (subject to Substantial Prejudice Test and/or Public EXEMPTIONS to the release or provision of information under Freedom of Information (Scotland) Act 2002 Contents Information Does not have to be Provided Definition of Information Held by the Council Absolute

More information

Annual Leave Policy. Document Owner East and North Herts Clinical Commissioning Group. 2 supercedes all previous Annual Leave Policies

Annual Leave Policy. Document Owner East and North Herts Clinical Commissioning Group. 2 supercedes all previous Annual Leave Policies Annual Leave Policy Document Owner Document Author East and North Herts Clinical Commissioning Group Anne Ephgrave Version Directorate Authorised By 2 supercedes all previous Annual Leave Policies Human

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information

More information

School Policy. Data Protection Policy and Procedures

School Policy. Data Protection Policy and Procedures School Policy Data Protection Policy and Procedures Introduction Our school gathers and uses personal information about staff, pupils, parents and other individuals who come into contact with the school

More information

Surrey & Sussex Healthcare NHS Trust

Surrey & Sussex Healthcare NHS Trust Surrey & Sussex Healthcare NHS Trust An Organisation-wide Policy for Information Governance (IG) Version 1.3 Status Ratified Date Ratified March 2008 Name of Owner Name of Sponsor Group Name of Ratifying

More information

Claims Management Policy

Claims Management Policy Claims Management Policy April 2015 Author: Responsibility: Janet Young, Governance & Risk Manager All Staff should adhere to this policy Effective Date: April 2015 Review Date: April 2017 Reviewing/Endorsing

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Approved by Governors Date: 15 March 2016 Signed Chair of Governors Date of Review: Introduction Blessed Trinity RC College collects and uses personal information about staff, pupils,

More information

Hardwick Clinical Commissioning Group AGREEMENT FOR THE JOINT HANDLING OF HEALTH AND SOCIAL CARE COMPLAINTS

Hardwick Clinical Commissioning Group AGREEMENT FOR THE JOINT HANDLING OF HEALTH AND SOCIAL CARE COMPLAINTS Hardwick Clinical Commissioning Group AGREEMENT FOR THE JOINT HANDLING OF HEALTH AND SOCIAL CARE COMPLAINTS Agreement for the joint handling of health and social care Name / Title Summary Agreement for

More information

Sharpe Pritchard Non-discrimination, Equality and Diversity Policy with Regard to Services and Personnel

Sharpe Pritchard Non-discrimination, Equality and Diversity Policy with Regard to Services and Personnel Sharpe Pritchard Non-discrimination, Equality and Diversity Policy with Regard to Services and Personnel 1. The firm s general commitment 1.1. The firm is committed to avoiding discrimination, harassment

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages

More information

CONDUCT & DISCIPLINE POLICY & PROCEDURE

CONDUCT & DISCIPLINE POLICY & PROCEDURE CONDUCT & DISCIPLINE POLICY & PROCEDURE This policy and procedure is a copy of BCC s Conduct and Discipline (3 rd May 2014). Audience All Staff & Governors Date for renewal/updates/review May 2017 Named

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection

More information

Information Governance Policy

Information Governance Policy Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY

More information

NHS Commissioning Board: Information governance policy

NHS Commissioning Board: Information governance policy NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION

More information

Information Governance Policy and Management Framework

Information Governance Policy and Management Framework Information Governance Policy and Management Framework Policy Number: IG01 Version: 3.0 Ratified by: Governing Body Date ratified: February 2016 Name of originator/author: Louise Chatwyn Information Governance

More information

Information Governance Policy

Information Governance Policy Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its

More information