Information Sharing Protocol

Size: px
Start display at page:

Download "Information Sharing Protocol"

Transcription

1 Information Sharing Protocol South Central PCTs, General Practices and Tribal Consulting Limited Commissioning Enablement Service (Analytics)

2 Document Control Date Version Author Comment 08/02/ A. Bonfield Initial Draft 17/02/ A. Bonfield Inclusion of comments from Jon Fistein & Wally Gowing (Tribal) 10/03/ A. Bonfield Inclusion of comments from Simon Hay, CES Team 16/03/ A. Bonfield 19/03/ A. Bonfield Inclusion of comments from NHS Oxfordshire & Beechcrofts Update following further feedback from Tribal 23/03/ A. Bonfield Rationalised version 24/03/ A. Bonfield 25/03/ A. Bonfield Final 15/09/ A. Bonfield Oxford & Tribal final comments included Updated to include General Practices SCPCTA ISP001 Information Sharing Protocol v1.1 2

3 Table of Contents 1. Introduction & Background Purpose of the Protocol Information covered by this Protocol Key Principles The Legal Framework Procedure for Sharing Information Responsibilities Governance and Compliance CES Analytics Toolset & Tribal s obligations...10 Appendix 1 ISP Agreement Signature Page...11 Appendix 2 Template Subject Specific Information Sharing Agreement (SSISA) SCPCTA ISP001 Information Sharing Protocol v1.1 3

4 1. Introduction & Background South Central PCT Alliance ("SCPCT Alliance") are working in collaboration with Tribal Consulting Limited ("Tribal") to develop a service that provides the world class information, tools and skills required to optimise patient care and reduce costs over the next four years. As part of this programme of work, Tribal will deliver a Commissioning Enablement Service (CES) that will enable South Central PCTs and General Practices to: analyse the quality and effectiveness of clinical services across South Central ensure that patients receive treatment in the best possible setting (e.g. at home, in their communities or in hospital) manage contracts and financial systems more effectively across the PCTs by avoiding duplicated effort, and understand the health profile of people in South Central, predict their future healthcare needs and plan for the resources that might be required. These improvements will help the PCTs, General Practitioners and clinicians to provide better care by identifying the patients who most need care, making sure they receive it at the right time and ensuring that the health service plans for the future. By working in this way, PCTs and General Practices can make sure they reduce waste and inefficiency at the same time as increasing standards of care. At the heart of the service is the principle that poor quality care wastes money. To facilitate the required analyses, it is imperative that there is access to good quality information from across the South Central area that can be interrogated and manipulated by the CES Analytics Service (initially a Tribal based team). Therefore there is a requirement to have a co-ordinated approach to information sharing between the PCTs, General Practices and Tribal to ensure that a consistent process is in place and managed appropriately. This Protocol, therefore, is an overarching framework that identifies the guidelines and principles under which sharing of information between the signatories will be undertaken to ensure that data is managed according to currently available best practice guidance on the protection and use of confidential information. This Protocol will be supported by Subject Specific Information Sharing Agreements (SSISAs), which will detail by dataset the items to be shared and the associated controls around their use and management. This document has been developed to be read in its entirety, it should be a publicly available document, accessible from each organisation s web site. SCPCTA ISP001 Information Sharing Protocol v1.1 4

5 2. Purpose of the Protocol The purpose of this Protocol is: To identify the categories of information that are covered by this agreement; To set out the principles which underpin the sharing of information. To confirm the legal framework obligations for the secure sharing of confidential information. To identify the process for initiating the sharing of datasets. To set out the responsibilities of all parties involved in this programme. To identify the governance arrangements in place to manage and maintain this Protocol 3. Information covered by this Protocol This Protocol refers to all information, in whatever form that is shared between the SCPCT Alliance, General Practices and Tribal in support of the CES Analytics Service. Data provided would constitute use under the Healthcare Medical and Non-Healthcare Medical purposes as defined by the Connecting for Health document NPFIT-FNT-TO- BPR , Pseudonymisation Implementation Project (PIP) Reference Paper 1, Guidance on Terminology dated 20/11/2009 see table 1 below; Table 1 Terminology Term Healthcare Medical Purpose Description Includes; the uses which directly contribute to the diagnosis, care and treatment of an individual and the Audit/Assurance of the quality of healthcare provided. In these cases person identifiable data can be used, but only the minimum amount of data should be used, and appropriate safeguards should be in place. Non-Healthcare Medical Purpose Includes; the Management of Health Care Services (PbR, World Class Commissioning). In these cases generally effectively anonymised data should be used, unless consent has been gained from the patient or there are special circumstances, such as an overriding public interest, or a route such as via Section 251 of the NHS Act 2006 or the Health Service (Control of Patient Information) Regulations Effectively Anonymised Data from which the recipient is unable to infer the identify of an individual without the application of unreasonable effort. SCPCTA ISP001 Information Sharing Protocol v1.1 5

6 4. Key Principles The parties recognise the importance of sharing information with each other in line with this Protocol and the law and agree to co-operate fully with each other in that respect. The parties agree to share information in accordance the Data Protection Act 1998 and the Caldicott guidelines on the protection and use of patient information. The obligations of both parties are given in the External Support Services Agreement (ESSA). For ease of reference, these are summarised below:: The Data Protection Act 1998 provides that data should be: fairly and lawfully processed; processed for limited purposes; sufficient and relevant; accurate; not stored for longer than is necessary; processed in line with the relevant individuals' rights; secure; and transferred only to countries with adequate security. The Caldicott guidelines reflect those key principles: Justify the purpose(s) of using person-identifiable and confidential information; Only use it when absolutely necessary; Use the minimum that is required; Access should be on a strict need-to-know basis; Everyone must understand his or her responsibilities; and Understand and comply with the law In compliance with these principles and the ESSA agreement in place between the SCPCT Alliance, General Practices and Tribal, the parties will ensure that: Data will only be shared where a SISSA has been signed by the relevant signatories. Data will only be used for the purpose detailed within the relevant SSISA. Data will be transmitted between parties via secure means in line with the requirements laid down in the SSISA, NHS Information Governance standards and ISO27002 Data will be held by Tribal in a secure data centre at McKesson Information Solutions UK Ltd, European Headquarters, Warwick Technology Park, Warwick, CV34 6NZ and the CES office in Reading and appropriately protected in line with NHS Information Governance and ISO27002 guidance. No data will at any time be processed or transferred outside of the data centre other than for back-up / disaster recovery purposes. In which case such data will be held in another McKesson secure Data Centre at Benfield Road, Newcastle upon Tyne, NE6 4PZ. To support the analytical programme, subsets of data will also be held at Tribal s secure site at Premier House, 60 Caversham Road, Reading, RG1 7EB. The prior written consent of the SCPCT Alliance is required for any arrangements other than those described in this paragraph; such consent may be granted by way of a fully executed SSISA which describes the alternative arrangements. SCPCTA ISP001 Information Sharing Protocol v1.1 6

7 Robust procedures will be developed by Tribal (and shared with the SCPCT Alliance) to manage the access and use of data when within the Tribal managed environment. The data lifecycle will be managed as per the SSISA Data sharing will operate within existing ethical and legal frameworks to ensure that the rights of the individual are protected. The information governance manager at NHS Oxfordshire (the "Information Governance Manager") will review and ensure compliance with these key principles and the parties are required to co-operate with the Information Governance Manager in that respect. 5. The Legal Framework Each signatory to this Protocol undertakes that it will adhere to the legal principles outlined in the ESSA when considering the sharing of information. These are listed here for convenience: Human Rights Act 1998 Data Protection Act 1998 Access to Health Records Act 1990 The Freedom of Information Act 2000 The Environmental Information Regulations 2004 Caldicott Guardian Manual 2006 Confidentiality NHS Code of Practice 2003 The Common Law Duty of Confidentiality The NHS Information Governance Toolkit It should be noted that Tribal will be undertaking the processing of data for which the individual PCTs and General Practices are the Data Controllers. Organisations must amend their Data Protection Act registrations to record the fact that Tribal will be acting as Data Processors for them. Additional legislation may need to be referenced when sharing specific information; this will be set out in the relevant SSISAs as required. 6. Procedure for Sharing Information In so far as possible, information will be deidentified before it is processed and care should be taken to ensure that deidentified data, whether alone or when read together with any other information in the possession of the recipient, does not identify an individual either directly or indirectly (i.e. to ensure that it is effectively anonymised ). Where it is not possible to use effectively anonymised information, consent from service users may be required. The parties acknowledge that any disclosure without consent will need to be fully considered to ensure compliance with the law. In order to facilitate the sharing of a specific dataset, a Subject Specific Information Sharing Agreement (SSISA) must be completed and signed by the nominated individuals SCPCTA ISP001 Information Sharing Protocol v1.1 7

8 from the relevant parties see Appendix 2. This document will identify the data items to be shared and the controls that will be in place to ensure the security and confidentiality of those data items. Once a SSISA has been signed, it must be forwarded to the Information Governance Manager at NHS Oxfordshire (via the CES Data Governance Lead), where it will be formally logged and filed. The Information Governance Manager will then facilitate the undertaking of the SSISA with colleagues within the SCPCT Alliance in accordance with the principles set out within this document and the requirements of the SSISA. After the data has been provided to Tribal, the Information Governance Manager will monitor the adherence of the details of the SSISA in relation to the use and lifecycle arrangements for the dataset. It should be noted that no data will be shared unless a signed SSISA has been received by the NHS Oxfordshire Information Governance Manager. 7. Responsibilities South Central PCTs and General Practices Confirm that the Caldicott Guardian will be the lead in respect of this Protocol. Ensure that Executive IG Leads, Caldicott Guardians, Practice Staff, Information Managers and Information Governance Managers are aware of this Protocol and the organisation s responsibilities. Ensure that there is a local procedure in place to expedite approval of requests for information sharing under this Protocol. Ensure that where required, queries relating to requests under this Protocol are identified and raised with the NHS Oxfordshire Information Governance Manager within 3 days of receipt of the request. Ensure that appropriate training and information is provided to the relevant members of their staff to ensure their compliance with this Protocol and that compliance is effectively monitored. Ensure that standards and procedures are in place for ensuring that, where required, consent to disclose personal data constitutes informed consent and is given freely. A written record should be kept of service users' consent given or withdrawn. Ensure efficient and effective procedures to address complaints relating to the disclosure or use of personal data are in place. Tribal Ensure that requests for information are raised through the Information Governance Manager in line with the procedure identified in this Protocol and the relevant SSISA. Ensure that data transmission is via N3 or other secure means (agreed in advance by all parties in the SSISA or otherwise in writing). Provide details of local procedures implemented to ensure the security and confidentiality of data residing within the Tribal environment. Provide details of the access controls processes in place to allow appropriate access to data for Tribal based staff Undertake annual IG Toolkit assessments SCPCTA ISP001 Information Sharing Protocol v1.1 8

9 Ensure that appropriate training and information is provided to the relevant members of its staff to ensure their compliance with this Protocol and that compliance is effectively monitored. Ensure that procedures are in place so that information is only accessed by those members of its staff that have a reasonable need to know such information, are aware of and are required to act in strict compliance with this Protocol. Appropriate audit controls should be in place to record who has accessed the data, what has been accessed, when such access took place and why. Notify the Information Governance Manager of any breach of confidentiality or incident involving a risk or breach of the security of information as soon as it has been identified and co-operate fully with the Information Governance Manager in that respect. Comply with its obligations under Paragraph 9 of this Protocol. SCPCT Alliance Information Governance Group Ensure that this Protocol is ratified and signed by all parties. Ensure that procedures are in place to review this Protocol. Ensure that procedures are in place to monitor compliance with this Protocol. Caldicott Guardian NHS Oxfordshire Act as the lead signatory on behalf of the SCPCT Alliance. Ensure that appropriate Information Governance assurances are undertaken on behalf of the SCPCT Alliance; to include; o Annual Tribal IG Toolkit Assessment o External Audit of Tribal IG infrastructure Information Governance Manager NHS Oxfordshire Act as the link between Tribal and the SCPCT Alliance in relation to all SSISA requests. Ensure requests received are logged and monitoring arrangements put in place Co-ordinate SCPCT Alliance SSISA sign-off Monitor the completion of IG Toolkit submission, external audit by Tribal. 8. Governance and Compliance This Protocol will be reviewed regularly by the Information Governance Group and will include consultation with SCPCT Alliance Caldicott Guardians. The first review will take place 6 months after implementation and annually thereafter. It will also be reviewed in line with updated or newly released legislation. Any of the signatories can request a review outside of this agreed time frame if they think it necessary and reasons are provided. NHS Oxfordshire will undertake to assess Tribal s compliance with the Information Governance Toolkit on behalf of the SCPCT Alliance annually or as reasonably required (including for instances where any breach of confidentiality has occurred in relation to service users' personal data). SCPCTA ISP001 Information Sharing Protocol v1.1 9

10 9. CES Analytics Toolset & Tribal s obligations Table 2 Description of CES Tools Tool Purpose Use InterQual Service Utilisation, Service Redesign, Performance Management Healthcare Medical InvComm Acute Invoice Validation (AIV) Healthcare Non-Medical Sollis Clarity Contract Management Healthcare Non-Medical HBI Performance Analytics, Healthcare Non-Medical Business Intelligence, Dashboards StratComm Geographical Analysis Healthcare Non-Medical ACGS Evidence Based Support for Risk Profiling, Predictive Modelling, Resource Allocation, Planning Healthcare Non-Medical & Healthcare Medical Technical and organisation measures and procedures Tribal is required to ensure that at all times: it has appropriate technical and organisational measures against accidental and unlawful destruction of data and loss, alteration, unauthorised or unlawful disclosure or access to data; it has adequate security programmes and procedures in place to prevent unauthorised access or processing of data; and provide the Information Governance Manager with a written description of these measures and procedures on request. The Information Governance Manager can on request, and exercised in line with Section 26 and Schedule 26 of the ESSA, access and audit such measures and procedures and Tribal's own audit logs to monitor whether they are sufficient to ensure that PCTs remain compliant with the law (including the Data Protection Act 1998). SCPCTA ISP001 Information Sharing Protocol v1.1 10

11 Appendix 1 ISP Agreement Signature Page Please complete this form to indicate your acceptance of this Information Sharing Protocol on behalf of your organisation. ISP Reference: SCPCTA-ISP001 Information Sharing Protocol between the members of the South Central PCT Alliance, General Practices & Tribal Consulting Limited for the supply of data to support the CES Analytics Service Organisation: Address: Phone: Address: Designation: Signature: Date: Once completed, please return this a copy of this page to: Alan Bonfield, CES Data Governance, South Central PCT Alliance, Mid Hampshire Office, Unit Three Tidbury Farm, Bullington Cross, Sutton Scotney, Hants SO21 3QQ Or a scanned image of this page to : SCPCTA ISP001 Information Sharing Protocol v1.1 11

12 Appendix 2 Template Subject Specific Information Sharing Agreement (SSISA) E X A M P L E Subject Specific Information Sharing Agreement [Dateset Name] [Organisation] and Tribal Consulting Limited SCPCTA SSISA999 [Dataset Name] 12

13 Document Reference: Linked To: SCPCTA-SSISA999 SCPCTA-ISP001 Document Control Date Version Author Review Date Comment SCPCTA SSISA999 [Dataset Name] 13

14 Table of Contents 1. Introduction & Background Purpose for sharing the Information Justification of purpose Legislation Nominated Senior Professional Specific Instructions Access / Storage / Destruction Details Tribal Staff roles SC PCT Alliance contact details for compliance, advice and arbitration issues concerning this SSISA Data Transfer Procedure Audit trail details for this SSISA Agreed guidance for staff Any other Information...19 Appendix 1: [Dataset Field Layout]...20 Appendix 2: SSISA Agreement Signature Page...21 SCPCTA SSISA999 [Dataset Name] 14

15 1. Introduction & Background South Central PCT Alliance ("SCPCT Alliance") are working in collaboration with Tribal Consulting Limited ("Tribal") to develop a service that provides the world class information, tools and skills required to optimise patient care and reduce costs over the next four years. As part of this programme of work, Tribal will deliver a Commissioning Enablement Service (CES) that will enable South Central PCTs and General Practices to: analyse the quality and effectiveness of clinical services across South Central ensure that patients receive treatment in the best possible setting (e.g. at home, in their communities or in hospital) manage contracts and financial systems more effectively across the PCTs by avoiding duplicated effort, and understand the health profile of people in South Central, predict their future healthcare needs and plan for the resources that might be required. These improvements will help the PCTs, General Practitioners and clinicians to provide better care by identifying the patients who most need care, making sure they receive it at the right time and ensuring that the health service plans for the future. By working in this way, PCTs and General Practices can make sure they reduce waste and inefficiency at the same time as increasing standards of care. At the heart of the service is the principle that poor quality care wastes money. An over-arching Information Sharing Protocol (ISP) document reference SCPCTA-ISP001 has been implemented to facilitate the co-ordinated approach to managing information between South Central PCTs, General Practices and Tribal. The ISP sets out the operational framework for sharing of information and the required Information Governance controls/responsibilities. The ISP is supported by detailed Subject Specific Information Sharing Agreements (SSISAs) in relation to dataset requirements. This SSISA must be read in conjunction with the original ISP. SCPCTA SSISA999 [Dataset Name] 15

16 2. Purpose for sharing the Information 3. Justification of purpose 4. Legislation Please refer to section 5. The Legal Framework within the Information Sharing Protocol SCPCTA-ISP Nominated Senior Professional The Nominated Senior Professional for the CES Service is the Caldicott Guardian for NHS Oxfordshire. The Nominated Senior Professional is responsible for ensuring that documented agreement has been approved and received by all signatory organisations prior to any release of data. The Nominated Senior Professional in conjunction with the GP Practices and PCT s nominated Caldicott Guardians will receive reports of any information incident in relation to this SSISA and will monitor compliance with this agreement to confirm that the necessary actions are taken to keep patient information secure at all times 6. Specific Instructions SCPCTA SSISA999 [Dataset Name] 16

17 7. Access / Storage / Destruction Details 8. Tribal Staff roles Name of Party Role Contact details 9. SC PCT Alliance contact details for compliance, advice and arbitration issues concerning this SSISA. Name of party Job title of staff Contact details SCPCTA SSISA999 [Dataset Name] 17

18 10. Data Transfer Procedure. 11. Audit trail details for this SSISA Both sending and receiving parties will keep an audit trail of their actions. The audit trail will include: Job role or Name of staff member accessing, collecting or sharing the information Organisation name Action [send/receive] Date sent or received Date of confirmation of receipt Identification of information shared Confirmation of secure disposal of fax How long the information is to be kept Secure disposal procedures SCPCTA SSISA999 [Dataset Name] 18

19 12. Agreed guidance for staff 13. Any other Information SCPCTA SSISA999 [Dataset Name] 19

20 Appendix 1: [Dataset Field Layout] [Dataset] Data Items Format Format (Identifiable / Pseudonymised / Aggregate) after load into Tribal system SCPCTA SSISA999 [Dataset Name] 20

21 Appendix 2: SSISA Agreement Signature Page By signing this document, I hereby give approval for the data detailed within the SSISA referenced to be released to Tribal in conjunction with the controls / restrictions set out within the SSISA and the Information Sharing Protocol (Reference: ISP001) SSISA Reference: SCPCTA-SSISA999 Dataset(s): Organisation: Address: Phone: Address: Designation: Signature: Date: Tribal Signature: Signature Name Date Once completed, please return this page only to: Alan Bonfield, CES Data Governance, South Central PCT Alliance, Mid Hampshire Office, Unit Three Tidbury Farm, Bullington Cross, Sutton Scotney, Hants SO21 3QQ Or a scanned image of this page to : SCPCTA SSISA999 [Dataset Name] 21

Information Sharing Policy

Information Sharing Policy Information Sharing Policy REFERENCE NUMBER IG 010 / 0v3 February 2013 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive Committee 5.2.13 REVIEW DUE DATE February 2016 West Lancashire CCG is committed

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):

More information

Final Version 1.0 December 2015

Final Version 1.0 December 2015 Final Version 1.0 December 2015 Contents Page 1 Introduction...2 2 Charter Principles...2 3 Scope...2 4 Partner Commitment...3 5 Governance...4 6 The Lawful basis and Legal Requirements...5 7 Personal

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version Version 1 Ratified By Date Ratified PROPOSED FOR APPROVAL 15/11/12 Author(s) Responsible Committee / Officers Date Issue November 2012 Review Date November 2013 Intended

More information

IG: Third Party Contracts and Contractors Policy

IG: Third Party Contracts and Contractors Policy IG: Third Party Contracts and Contractors Policy Document Summary This policy provides guidance on the Information Governance arrangements that need to be considered and / or implemented when engaging

More information

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE GUIDANCE 1 TITLE: INFORMATION GOVERNANCE FRAMEWORK 2 POLICY AREA: INFORMATION GOVERNANCE 3 ACCOUNTABLE DIRECTOR FOR POLICY AREA: DIRECTOR OF QUALITY AND GOVERNANCE 4 GUIDANCE DRAFTED BY: INTEGRATED GOVERNANCE

More information

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE

More information

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

Information Governance Plan

Information Governance Plan Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading

More information

Information Governance Strategy & Policy

Information Governance Strategy & Policy Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information

More information

Information Governance Policy

Information Governance Policy Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY

More information

NHS Commissioning Board: Information governance policy

NHS Commissioning Board: Information governance policy NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION

More information

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY Moorland is committed to ensuring that, as far as it is reasonably practicable, the way we provide services to the public and the way we treat

More information

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2. Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments

More information

Information Governance Strategy 2015/16

Information Governance Strategy 2015/16 Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

INFORMATION GOVERNANCE STRATEGY NO.CG02

INFORMATION GOVERNANCE STRATEGY NO.CG02 INFORMATION GOVERNANCE STRATEGY NO.CG02 Applies to: All NHS LA employees, Non-Executive Directors, secondees and consultants, and/or any other parties who will carry out duties on behalf of the NHS LA.

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: Revised: Consultation: Ratified by: 1.0 Information Governance Committee Governance Committee Date ratified: 19 March 2008 Name of originator/author: David McGrath

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):

More information

De-identification of Data using Pseudonyms (Pseudonymisation) Policy

De-identification of Data using Pseudonyms (Pseudonymisation) Policy De-identification of Data using Pseudonyms (Pseudonymisation) Policy Version: 2.0 Page 1 of 7 Partners in Care This is a controlled document. It should not be altered in any way without the express permission

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy

More information

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety

More information

Information Governance Policy

Information Governance Policy Information Governance Policy REFERENCE NUMBER IG 101 / 0v3 May 2012 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive 4.9.12 REVIEW DUE DATE May 2015 West Lancashire CCG is committed to ensuring

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

Information Governance Strategy :

Information Governance Strategy : Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update

More information

Information Governance Policy and Management Framework

Information Governance Policy and Management Framework Information Governance Policy and Management Framework Policy Number: IG01 Version: 3.0 Ratified by: Governing Body Date ratified: February 2016 Name of originator/author: Louise Chatwyn Information Governance

More information

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy. Title: Reference No: NHSNYYIG - 007 Owner: Author: INFORMATION GOVERNANCE POLICY Director of Standards First Issued On: September 2010 Latest Issue Date: February 2012 Operational Date: February 2012 Review

More information

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff. Information Governance Policy 1 SUMMARY This policy is intended to ensure that staff are fully aware of their Information Governance (IG) responsibilities, so that they can effectively manage and best

More information

INFORMATION GOVERNANCE POLICY & FRAMEWORK

INFORMATION GOVERNANCE POLICY & FRAMEWORK INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger

More information

SALISBURY NHS FOUNDATIONTRUST

SALISBURY NHS FOUNDATIONTRUST SALISBURY NHS FOUNDATIONTRUST PAPER SHC 1738 TITLE Information Governance Policy PURPOSE OF PAPER The Information Governance Policy was first approved in April 2005. It is currently due for review to ensure

More information

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing

More information

Information Governance Policy

Information Governance Policy BEXLEY CARE TRUST MANAGEMENT MANUAL Title: INFORMATION GOVERNANCE POLICY Originating Department: IT DEPARTMENT Authorised by: Risk Management Committee June 2008 Reference no: CA12 Date of Issue: JANUARY

More information

Information Security Policy

Information Security Policy Information Security Policy JUNE 2014 Author Responsibility Lynda Harris, Head of Information Governance, Central Eastern CSU, Bedfordshire and Luton All staff Effective Date June 2014 Review Date June

More information

A Question of Balance

A Question of Balance A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What

More information

Barnet Partnership Information Sharing Protocol

Barnet Partnership Information Sharing Protocol Barnet Partnership Information Sharing Protocol Information Sharing Protocol V1_0C - FINAL Page 1 of 52 Version 1.0 (FINAL) Contents 1 Background... 4 1.1 The need to share information... 4 2 Scope...

More information

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE.

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE. Title: Information Governance Policy Date Approved: Approved by: Date of review: Policy Ref: Issue: January 2015 Information Governance Group Division/Department: January 2016 Policy Category: ISP-04 5

More information

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs NOTE: This is a CONTROLLED Document. Any documents appearing in paper

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

Newcastle Safeguarding Children Board Multi-agency information sharing agreement

Newcastle Safeguarding Children Board Multi-agency information sharing agreement Newcastle Safeguarding Children Board Multi-agency information sharing agreement March 2016 Introduction Newcastle Safeguarding Children Board (NSCB) is the strategic body for promoting and safeguarding

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY ENFIELD CLINICAL COMMISSIONING GROUP INFORMATION GOVERNANCE POLICY PLEASE DESTROY ALL PREVIOUS VERSIONS OF THIS DOCUMENT Enfield CCG Information Governance Policy Information Governance Policy (Policy

More information

JOB DESCRIPTION. Information Governance Manager

JOB DESCRIPTION. Information Governance Manager JOB DESCRIPTION POST TITLE: Information Governance Manager DIRECTORATE: ACCOUNTABLE TO: BAND: LOCATION: CSS Head of Information Governance 8a CSS Job Purpose The Information Governance Manager will ensure

More information

D-CRIS Information Governance Assurance

D-CRIS Information Governance Assurance D-CRIS Information Governance Assurance Date: 05 08 2013 Version: 1.0 Author: Murat Soncul Contents 1. Introduction... 3 2. CRIS Security Model... 3 3. SLaM Information Governance Framework... 4 4. Roles

More information

Trust Board Meeting: Wednesday 12 November 2014 TB

Trust Board Meeting: Wednesday 12 November 2014 TB Trust Board Meeting: Wednesday 12 November 2014 Title Update on Information Governance: Mid-Year Selfassessment against Information Governance Toolkit Status History For discussion Bi-annual Update Board

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

INFORMATION GOVERNANCE HANDBOOK

INFORMATION GOVERNANCE HANDBOOK INFORMATION GOVERNANCE HANDBOOK SECTION ONE Author Tracey Burrows Role Information Governance Manager (CSCSU) Date / Version February 2015 Version FINAL V1.0 Approved by IM&T Board Date 27 February 2015

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval

More information

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South

More information

Trust Informatics Policy. Information Governance. Information Governance Policy

Trust Informatics Policy. Information Governance. Information Governance Policy Trust Informatics Policy Information Governance Policy Reference: TIP/IG/IGP I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/ - 1 Document Control Policy Title Author/Contact Document Reference

More information

Data Sharing Protocol

Data Sharing Protocol Data Sharing Protocol Agreement for Sharing Data Between Partners of the South Dublin Childrens Services Committee Version 0.4 Final Draft June 2009 Contents 1 Preface...3 2 Introduction & Overview...3

More information

Information Governance Strategy. Version No 2.0

Information Governance Strategy. Version No 2.0 Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent

More information

NHS Waltham Forest Clinical Commissioning Group Information Governance Policy

NHS Waltham Forest Clinical Commissioning Group Information Governance Policy NHS Waltham Forest Clinical Commissioning Group Information Governance Policy Author: Zeb Alam & David Pearce Version 3.0 Amendments to Version 2.1 Updates made in line with National Guidance and Legislation

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:

More information

IAPT Data Standard. Frequently Asked Questions

IAPT Data Standard. Frequently Asked Questions IAPT Data Standard Frequently Asked Questions Version 1.0 March 2012 IAPT FAQs 1.0-1 - Contents Section 1: About the IAPT Data Standard.. 3 Section 2: Who is responsible for doing what?. 5 Section 3: How

More information

Information Security Policy

Information Security Policy Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September

More information

CCG: IG06: Records Management Policy and Strategy

CCG: IG06: Records Management Policy and Strategy Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of

More information

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY Report to the Trust Board 22 September 2015 Sponsoring Director: Author: Purpose of the report: Key Issues and Recommendations: Director

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting

More information

Information Governance and Data Protection Policy

Information Governance and Data Protection Policy Information Governance and Data Protection Policy Page 1 of 21 Document Control Sheet Name of document: Version: Owner: File location / Filename: Information Governance and Data Protection Policy Final

More information

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT 9.7 Date of the meeting 15/07/2015 Author Sponsoring Clinician Purpose of Report Recommendation J Green - Head

More information

Electronic Palliative Care Co-Ordination Systems: Information Governance Guidance

Electronic Palliative Care Co-Ordination Systems: Information Governance Guidance QIPP Digital Technology Electronic Palliative Care Co-Ordination Systems: Information Governance Guidance Author: Adam Hatherly Date: 26 th March 2013 Version: 1.1 Crown Copyright 2013 Page 1 of 19 Amendment

More information

Lancashire County Council Information Governance Framework

Lancashire County Council Information Governance Framework Appendix 'A' Lancashire County Council Information Governance Framework Introduction Information Governance provides a framework for bringing together all of the requirements, standards and best practice

More information

Policy: D9 Data Quality Policy

Policy: D9 Data Quality Policy Policy: D9 Data Quality Policy Version: D9/02 Ratified by: Trust Management Team Date ratified: 16 th October 2013 Title of Author: Head of Knowledge Management Title of responsible Director Director of

More information

Information Governance Policy

Information Governance Policy Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

The Leeds Teaching Hospitals NHS Trust. Research & Development Department DATA PROTECTION IN RESEARCH GUIDANCE NOTES FOR RESEARCHERS

The Leeds Teaching Hospitals NHS Trust. Research & Development Department DATA PROTECTION IN RESEARCH GUIDANCE NOTES FOR RESEARCHERS The Leeds Teaching Hospitals NHS Trust Research & Development Department DATA PROTECTION IN RESEARCH GUIDANCE NOTES FOR RESEARCHERS 1. Introduction The Research Governance Framework for Health & Social

More information

Remote Data Extraction Policy and Procedure

Remote Data Extraction Policy and Procedure Remote Data Extraction Policy and Procedure Prepared by PRIMIS June 2015 The University of Nottingham. All rights reserved. Contents 1. Introduction... 3 2. Purpose and scope... 3 3. Policy Statement...

More information

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Final No impact Document Ratified/Approved By Hartlepool

More information

Information Governance Policy

Information Governance Policy Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:

More information

Information Governance Policy

Information Governance Policy Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact

More information

Business Continuity Policy and Business Continuity Management System

Business Continuity Policy and Business Continuity Management System Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain

More information

Trust Operational Policy. Information Security Department. Third Party Remote Access Policy

Trust Operational Policy. Information Security Department. Third Party Remote Access Policy Trust Operational Policy Information Security Department Policy Reference: 3631 Document Control Document Title Author/Contact Document Reference 3631 Pauline Nordoff-Tate, Information Assurance Manager

More information

Information Management for Medical Revalidation in England

Information Management for Medical Revalidation in England Information Management for Medical Revalidation in England www.revalidationsupport.nhs.uk Contents Page 1. Introduction 3 2. Information flows 4 The doctor 5 The appraiser 5 The responsible officer 6 New

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY NWAS Information Governance Policy Page: Page 1 of 10 Date of Issue: January 2014 Date of Review February 2015 Recommended by Approved by Information Governance Management

More information

This is consistent with our guidance in Good medical practice, which says:

This is consistent with our guidance in Good medical practice, which says: 26 August 2014 Bill Rogers Competition and Markets Authority Dear Bill Rogers, Draft Order Thank you for meeting my colleague Catherine Thomas to discuss your Order. This letter is our formal response.

More information

Sample Agreement for External Responsible Officer Services

Sample Agreement for External Responsible Officer Services Sample Agreement for External Responsible Officer Services Version 1.0 May 2012 www.revalidationsupport.nhs.uk 1. Introduction This document contains a sample agreement which designated bodies in England

More information

General Practice Extraction Service (GPES)

General Practice Extraction Service (GPES) General Practice Extraction Service (GPES) Customer: Health and Social Care Information Centre (HSCIC) Requirement: Patient Objections Management (POM) Customer Requirement Reference Number: NIC-228038-V5Z0L

More information

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY RECORDS MANAGEMENT POLICY Version 8.0 Purpose: For use by: This document is compliant with /supports compliance with: To outline the lifecycle of a record and to provide guidance on retention and disposal

More information

Information Governance and Risk Stratification: Advice and Options for CCGs and GPs

Information Governance and Risk Stratification: Advice and Options for CCGs and GPs Information Governance and Risk Stratification: Advice and Options for CCGs and GPs 1 NHS England INFORMATION READER BOX Directorate Medical Operations Patients and Information Nursing Policy Commissioning

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:

More information

Information Governance Strategy Includes Information risk & incident management methodology

Information Governance Strategy Includes Information risk & incident management methodology Version 2.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality & Governance Committee Ratification date: May 2014 Review date: May

More information

Records Management and Information Lifecycle Strategy

Records Management and Information Lifecycle Strategy LINCOLNSHIRE PARTNERSHIP NHS FOUNDATION TRUST Records Management and Information Lifecycle Strategy DOCUMENT VERSION CONTROL Document Type and Title: Strategy New or Replacing: Revised/Updated Version

More information

Content. 3. Who? Who has to carry out an information governance assessment?

Content. 3. Who? Who has to carry out an information governance assessment? Introduction to Information Governance (IG) & the IG Toolkit Content 1. What? What is Information Governance, IG Toolkit, Data, Personal Data, Sensitive Data 2. Why? Information Governance 3. Who? Who

More information

An Approach to Records Management Audit

An Approach to Records Management Audit An Approach to Records Management Audit DOCUMENT CONTROL Reference Number Version 1.0 Amendments Document objectives: Guidance to help establish Records Management audits Date of Issue 7 May 2007 INTRODUCTION

More information

Information Governance Strategy. Version No 2.1

Information Governance Strategy. Version No 2.1 Livewell Southwest Information Governance Strategy Version No 2.1 Notice to staff using a paper copy of this guidance. The policies and procedures page of LSW Intranet holds the most recent version of

More information

General Register Office for Scotland information about Scotland s people. Paper NHSCR GB 1/08. NHSCR Scotland Information Governance Standards

General Register Office for Scotland information about Scotland s people. Paper NHSCR GB 1/08. NHSCR Scotland Information Governance Standards General Register Office for Scotland information about Scotland s people Paper NHSCR GB 1/08 NHSCR Scotland Information Governance s This is a draft on which the Board s comments would be welcome. Contents

More information

INFORMATION GOVERNANCE

INFORMATION GOVERNANCE INFORMATION GOVERNANCE Information Asset Owners and Information Asset Administrator/ Data Custodians Handbook November 2016 November 2016 1 Subject and version number of document: Serial number: Information

More information

Gloucestershire Hospitals

Gloucestershire Hospitals Gloucestershire Hospitals NHS Foundation Trust TRUST POLICY In the case of hard copies of this policy the content can only be assured to be accurate on the date of issue marked on the document. The Policy

More information

Non ASPH Trust Staff - DATA ACCESS REQUEST Page 1/3

Non ASPH Trust Staff - DATA ACCESS REQUEST Page 1/3 Paper 9 Non ASPH Trust Staff - DATA ACCESS REQUEST Page 1/3 Please ensure that all THREE pages of this contract are returned to: Information Governance Manager, Health Informatics, Chertsey House, St Peter

More information

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.

More information

BOARD PAPER - NHS ENGLAND. Title: Publication of Directions to Health and Social Care Information Centre for the collection of primary care data

BOARD PAPER - NHS ENGLAND. Title: Publication of Directions to Health and Social Care Information Centre for the collection of primary care data Paper NHSE130903 BOARD PAPER - NHS ENGLAND Title: Publication of Directions to Health and Social Care Information Centre for the collection of primary care data Clearance: Tim Kelsey, Director of Patients

More information

Information Security Policy

Information Security Policy Information Security Policy v2.0 Target Audience: Policy Endorsed by: ESCC Staff, members and other agencies handling ESCC information Governance Committee Final V2.0 Page 1 of 13 Information Security

More information