Electronic Palliative Care Co-Ordination Systems: Information Governance Guidance

Size: px
Start display at page:

Download "Electronic Palliative Care Co-Ordination Systems: Information Governance Guidance"

Transcription

1 QIPP Digital Technology Electronic Palliative Care Co-Ordination Systems: Information Governance Guidance Author: Adam Hatherly Date: 26 th March 2013 Version: 1.1 Crown Copyright 2013 Page 1 of 19

2 Amendment Histor y: Version Date Amendment History /11/12 First draft work in progress version /11/12 Draft for internal review /01/13 Updates following internal and IG team review. Generalised to cover more areas added EPA-AUT-01, EPA-AUD-03, EPA-SEC-0X, EPA-CDY-04, EPA-CDY /02/13 Minor tweaks based on feedback from NEoLCP /03/13 Small changes based on feedback from NEoLCIN IG lead /03/13 Org change to HSCIC, tweaked wording on deletion Contents 1. Purpose Scope Intended Audience Document Conventions Disclaimer Background End of Life Care Workstream QIPP Digital Technology Team Approach for the development of this guidance Summary Information Governance Approach Data Sharing Sharing across the Core Team Managing changes to the Core Team Sharing with others outside the Core Team Recommended Implementation Approach Consent Recommended Requirements Audit and Security Recommended Requirements Confidentiality Recommended Requirements References Glossary of Terms Copyright 2013 Page 2 of 19

3 1. Purpose Where data is transferred between organisations, a secure legal basis for doing so is needed such as through consent. This should additionally be supported by data sharing agreements to ensure there are appropriate information governance safeguards in place. The purpose of this document is to provide some basic guidance on the IG considerations in relation to patient consent, audit and data sharing, in the context of an Electronic Palliative Care Co-Ordination System (EPaCCS) Scope For any technology solution to be implemented within a healthcare setting, a wide range of areas need to be considered. This document is not intended to cover every aspect of the delivery of a solution. The below diagram gives a general overview of some of the areas you may need to consider the areas that are addressed (at least in part) in this document are highlighted below: Service Management Change Management Clinical Safety Benefits Realisation Procurement / Contract Mgmt Implementation Professional Guidance Functional Requirements Non-Functional Requirements Architecture Business Scenarios Interoperability Infrastructure Security Accreditation / Assurance ISB Standards Clinical Coding / Terminology ITK Specifications Out of Scope Other aspects of information governance beyond consent and data sharing agreements are beyond the scope of this document (e.g. security, role based access, sealing / privacy marking, non-repudiation, encryption, etc) Intended Audience This document is intended to inform local organizations looking to procure or develop an EPaCCS system, or who are reviewing existing systems which may be adapted to carry out the function of an EPaCCS system. It will outline the specific considerations in relation to patient consent and data sharing agreements between organisations. Copyright 2013 Page 3 of 19

4 1.3. Document Conventions In order to aid clarity, a number of conventions have been followed in this document: Where additional sources of information are referenced in the text, a reference number will be provided linking it with the appropriate entry in the referenced section at the end of this document e.g. [Ref:1]. EPACCS-xxx-xxx: Requirements statements are in bold boxes The accompanying text provides supporting detail, background and rationale Source: Requirement source listed here [Ref: X] 1.4. Disclaimer Reference to any specific commercial product, process or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by the Health and Social Care Information Centre. The views and opinions of authors expressed within this document shall not be used for advertising or product endorsement purposes. Any party relying on or using any information contained in this document and/or relying on or using any system implemented based upon information contained in this document should do so only after performing a risk assessment. A correctly completed risk assessment enables an NHS organisation to demonstrate that a methodical process has been undertaken which can adequately describe the rationale behind any decisions made. Risk assessments should include the potential impact to live services of implementing changes. This means that changes implemented following this guidance are done so at the implementers risk. Misuse or inappropriate use of this information can only be the responsibility of the implementer. Copyright 2013 Page 4 of 19

5 2. Background Quality, Innovation, Productivity and Prevention (QIPP) is a large scale transformational programme within the NHS, involving all NHS staff, clinicians, patients and the voluntary sector [Ref:1]. It will improve the quality of care the NHS delivers whilst making up to 20billion of efficiency savings by , which will be reinvested in frontline care. At a regional and local level, organisations have been developing integrated QIPP plans that are supported by national QIPP workstreams, which are producing tools and programmes to help local change leaders in successful implementation End of Life Care Workstream The End of Life Care Work-stream [Ref:3], along with the National End of Life Care Programme [Ref:4], are both working to support more people to achieve their wishes and preferences for end of life care. The majority of people, given the right care and support, would prefer to die at home, yet only around 20% of people die at home, with a further 17% dying in a care home. The Healthcare Commission estimates that half of all acute hospital complaints are related to end of life care. For people nearing the end of life, the National End of Life Programme and QIPP End of Life Workstream aim to reduce: emergency attendances to hospital, subsequent bed days, unwanted treatments and complaints relating to end of life care. A key enabler for the above goals is capturing and sharing a patient s end of life preferences, and the national workstream is championing the use of Electronic Palliative Care Co-Ordination Systems (EPaCCS) to meet this goal. Copyright 2013 Page 5 of 19

6 2.2. QIPP Digital Technology Team QIPP Digital Technology has been established as a function under the QIPP programme to assist QIPP national workstreams and local teams to exploit digital technology in order to accelerate delivery of their QIPP priorities [Ref:2]. The function focuses on helping to overcome digital challenges and barriers, to accelerate delivery, to spread initiatives and to maximise the potential value from technology enabled healthcare delivery. Understand Business Drivers National QIPP Workstream Drivers National Initiatives: Digital First, 3millionlives, Commissioning Intelligence Identify Local Needs Engage with local teams to understand technology landscape and plans Create local roadmaps to identify technology needs and opportunities Deliver Enablers Targeted guidance to support local delivery of key drivers Guidance, Standards, Specifications, Best-Practice Disseminate and Support Share and support the use of enablers through web, , social media, conferences, events, etc. Share wider innovation and best-practice using an online initiatives register Figure 1: QIPP Digital Team Approach A core principle of this operating model is to ensure that any work conducted or national enablers provided, have direct traceability back to key business drivers, and that work is only undertaken where there is a local pull for national assistance Approach for the development of this guidance This guidance has been compiled based primarily on the IG guidance provided as part of the national information standard (ISB1580) [Ref:5], but also incorporating other IG best-practice and input from the national IG team. It also replicates the guidance previously produced by the QIPP Digital and IG teams around data sharing agreements for risk stratification [Ref:6], as the basic principles are equally applicable in the context of an EPaCCS system. Copyright 2013 Page 6 of 19

7 3. Summary This document outlines a series of recommendations for ensuring appropriate information governance controls are in place within EPaCCS systems, including consent, security and confidentiality controls. It also provides a suggested approach for implementing data sharing agreements to support EPaCCS. The recommended steps for establishing data sharing agreements are detailed in the document, but in summary they are: 1. Identify a Sponsor 2. Establish a Project Team or Stakeholder Group 3. Map the Data Flows 4. Agree a Purpose for Sharing Data 5. Obtain Stakeholder Agreement 6. Draft a Data Sharing Agreement 7. Formally Sign the Agreement 8. Management of the Agreement 9. Produce Communications Material and Inform Stakeholders Recommended IG requirements are elaborated in more detail later in this document, but in summary are: ID Level Description Consent EPA-CON-01 MUST Separate explicit consent MUST be gained to create and share an EPaCCS record EPA-CON-02 MUST The positive consent decision MUST be recorded EPA-CON-03 MUST An EPaCCS record MUST only be created if consent has been gained EPA-CON-04 MUST A record MUST NOT be accessible if a patient withdraws consent EPA-CON-05 SHOULD The patient SHOULD be able to request that information is removed when consent is withdrawn EPA-CON-06 SHOULD Patient consent SHOULD be sought to view records EPA-CON-07 MUST Secondary uses of PI data MUST be lawful Audit EPA-AUD-01 MUST All information captured or held MUST be auditable EPA-AUD-02 MUST Audit information MUST be accessible EPA-AUD-03 SHOULD A record of changes SHOULD be accessible EPA-AUD-04 SHOULD A report of record views without consent SHOULD be available Security EPA-SEC-01 MUST A secure authentication mechanism MUST be used EPA-SEC-02 MUST The system MUST be secure EPA-SEC-03 SHOULD Single Sign-On SHOULD be used EPA-SEC-04 MUST The system MUST meet IG Toolkit Requirements Confidentiality EPA-CDY-01 MUST Users MUST only see records for patients under their care EPA-CDY-02 SHOULD The patient SHOULD be able to request that named individuals should not be informed about their EPaCCS record EPA-CDY-03 SHOULD The patient SHOULD be able to prevent specific information being shared EPA-CDY-04 MUST Data sharing agreements MUST be in place EPA-CDY-05 MUST Role based access controls MUST be in place Copyright 2013 Page 7 of 19

8 4. Information Governance Approach Health records contain private and confidential information. It is essential that those setting up EPaCCS have a full understanding of information governance requirements to ensure that there are adequate data security and data protection measures in place, and that protection of personal information held about individuals is addressed. Undertaking a Privacy Impact Assessment (PIA) [Ref:7] is strongly recommended if the data is also to be used for secondary uses to ensure there is a secure legal basis for processing. It is recommended more generally to ensure that appropriate information governance controls, needed to mitigate identified potential risks to people s privacy, are in place. For example, clarifying which organisation has data controller responsibilities or if more than one organisation has these responsibilities, whether they are data controllers jointly or in common. This is important to ensure that there are appropriate contractual arrangements to provide information governance assurance in relation to any data processors. See A PIA is intended to identify privacy issues at the beginning of a project, before design solutions are agreed or anything put in place that can t be easily changed. If a PIA indicates certain data should not be collected and used, for example, it may be difficult to make changes if they re already implemented. In addition, existing information governance frameworks, policies and structures need to be reviewed to ensure that they reflect the needs of shared records. This should align with the requirements outlined within the Information Governance Toolkit [Ref:8] appropriate to the care setting. Copyright 2013 Page 8 of 19

9 5. Data Sharing 5.1. Sharing across the Core Team An important first step in defining a data sharing approach is to map out the core participants in the end of life care co-ordination process i.e. those that will need regular access to the information in the EPaCCS system. This core group is likely to comprise a range of different organisations, and therefore there is a need for formal data sharing agreements to be in place between these organisations, with each agreeing to share EPaCCS information with the others. This may also include unscheduled care services that would want to access this information for patients who present for care (e.g. OOH and Ambulance services). Note: Patients should be made overtly aware of the intent to share across this core team when they consent to create the EPaCCS record Managing changes to the Core Team Over time, the landscape of providers in an area is likely to change, with new providers being brought into the core team, and potentially other services such as social care and voluntary sector are more closely involved in coordinating care for patients as they approach the end of their life. Because these new providers are outside the group of organisations that have originally signed up to share EPaCCS data, to add them into the sharing agreement would require the agreement of all the other parties. This should therefore generally only be considered when the new service will be providing ongoing care for a range of patients on an ongoing basis. Some of the complexity of having to manage changes to data sharing agreements can potentially be eased by managing the agreements electronically in a single system. This system could potentially automate the approval workflow, and allow the services involved to review and sign the agreement electronically whenever a change is made (there is no requirement for a physical signature for a data sharing agreement) Sharing with others outside the Core Team Specific patients may have specific additional needs which require other professionals to be involved in their care, who may not form part of the core team. These may be other providers involved on an ad-hoc basis, and who would not expect to be given access to the EPaCCS system directly. Rather than bringing these additional parties into the data sharing agreement, it is generally preferable to handle the sharing with these additional individuals as a direct referral, and include relevant information from the EPaCCS record in the referral. As this is a direct clinical communication between professionals for a specific patient, a data sharing agreement is not required, as no access is being granted to the shared EPaCCS record Recommended Implementation Approach The QIPP Digital technology team, with the support of the national IG team recently did a piece of work to investigate approaches taken by teams who have successfully implemented data sharing agreements to support risk stratification solutions. The findings of this investigation are equally applicable for EPaCCS data sharing, so the main recommendations are reproduced here. The full details of the investigation, Copyright 2013 Page 9 of 19

10 along with examples of local best practice for risk stratification data sharing are available from the QIPP DT web site [Ref:6]. The document outlines a nine point model with a check list of best practice for each point. Recommendation 1 Identify a Sponsor When starting a data sharing project identify a sponsor. The sponsor should be a clinical professional. The sponsor should have both professional and organisational credibility and status. Where the data sharing project will include health and social care data, consider having two joint sponsors one from health care and one from social care. Recommendation 2 Establish a Project Team or Stakeholder Group Have health care representation including representation from any local health care professional bodies such as LMC. Have social care representation if social care data will be shared. Have clinical safety representation (Clinical Safety Officer) Include a Senior Information Risk Owner (SIRO) Have IG representation including representation from any crossorganisational or cross-sector local IG groups, forums or committees. Have ICT representation including representation from any crossorganisational local ICT groups, forums or committees. Consider including a patient advocate or representative also. Have clear Terms of Reference. Recommendation 3 Map the Data Flows Identify the organisations that will be the data sources. Identify the organisations that will act as intermediaries. Identify the organisations that will be data users (and therefore Data Controllers for DPA purposes). Identify the data assets involved; this should include all the individual data items for each data asset. Formally document the full data flow normally a diagram with attached explanatory text. Identify potential (or realised) risks and issues for the documented data flow. For each risk or issue provide a proposed mitigation and/or exemption. Add the risks, issues, mitigations and exemptions as part of the data flow documentation. Seek Caldicott Guardian approval for proposed data flows. Recommendation 4 Agree a Purpose for Sharing Data Identify the purpose for sharing data be as exact and specific as possible. Identify the organisations and the groups or job roles within the organisations that will use the shared data. Define any time, locational, organisational or information processing system constraints that will restrict access to the shared data. Consider undertaking a Privacy Impact Assessment as a means of identifying and managing issues affecting individuals privacy (IG Toolkit standard 210 requires this). Document the purpose for sharing data. Copyright 2013 Page 10 of 19

11 Recommendation 5 Obtain Stakeholder Agreement Get the project team or stakeholder group to approve the documented data flow and the documented purpose for sharing data. Iterate data flow and purpose for sharing data if required to obtain stakeholder agreement. Recommendation 6 Draft a Data Sharing Agreement Where possible make use/reference to any existing over-arching data sharing agreement that covers generic issues. Create a System Specific Information Sharing Agreement (SSISA). Get the project team or stakeholder group to approve the data sharing agreement. Publish the approved data sharing agreement in electronic form on organisation web sites. Recommendation 7 Formally Sign the Agreement Maintain a list of all organisations that need to sign the data sharing agreement. Get all organisations on the list to formally sign the data sharing agreement. Caldicott Guardians are likely signatories for NHS organisations. Where formally signing is of a paper copy of the agreement, scan and securely store the signed paper copy. Where formally signing is via an online electronic form, securely store the transaction. Annotate the organisation list to show who has formally signed the agreement. Recommendation 8 Management of the Agreement If the purpose of the data sharing changes you must: o Agree the new purpose for sharing data o If the original purpose relied on patient consent then further consent must be obtained to cover the extended use. o Obtain stakeholder agreement again. o Draft a new data sharing agreement. o Get all organisations to formally sign the new agreement. If the listed parties to the agreement changes you must: o o Get new organisations to formally sign the agreement. Revoke signed agreements for organisations that withdraw from the agreement. Copyright 2013 Page 11 of 19

12 Recommendation 9 Produce Communications Material and Inform Stakeholders For all stages of a data sharing project produce clear and concise communications material. Tailor communications material to intended audience; for example patient, GP Practice and NHS Trust. Be proactive in using communications material to engage with all stakeholders to inform and reassure them of the legitimacy of data sharing and precautions taken to ensure its security. This final recommendation, Produce Communications Material and Inform Stakeholders, is the most important point in the whole process. It is considered essential to the success of an information sharing project to communicate with key stakeholders influential GPs as well as LMCs right from the beginning of the process as this will reassure them, as well as ensuring their concerns and issues are considered in the design of the processes right from the very start. Copyright 2013 Page 12 of 19

13 6. Consent The End of Life Care Co-ordination: Core Content Standard Specification [Ref:5] includes an explicit requirement about consent: Professionals MUST seek separate, explicit consent: I. To place a person on EPaCCS or other end of life care co-ordination system II. To share their information with relevant health and social care staff When possible professionals SHOULD seek consent each time the record is viewed. The consent process SHOULD be audited. This is supported by a number of other statements in the supporting documents that were published along with the specification including the End of Life Care Coordination Record Keeping Guidance [Ref:10], and the End of Life Care Coordination Implementation Guidance [Ref:9] Recommended Requirements The below requirements bring together the various statements relating to consent from the relevant documents, and frame them as a set of requirements for system implementation. Some of the requirements in the original documents have been elaborated or amended slightly to ensure they are clear and implementable in a system. These amendments have been made in consultation with the authors of the national information standard and the national IG team. An EPaCCS record must only be created if the patient has explicitly consented to being added to the system, and having their preferences shared: EPA-CON-01: Separate explicit consent MUST be gained to create and share an EPaCCS record Professionals MUST seek separate explicit consent: I. To place a person on EPaCCS or other end of life care coordination system II. To share their information with relevant health and social care staff The system MUST only create an EPaCCS record for a patient if both consents are gained (they do not need to be individually recorded). Source: ISB1580 Standard Specification, Section 2.2, Requirement 6 [Ref: 5] It is important that there is a well defined and consistent discussion with the patient to ensure they fully understand what they are consenting to, and that the consent includes the sharing of their end of life care preferences with other care and support professionals who are directly involved in their care as part of the core team the specific details of what should be covered in this conversation are beyond the scope of this document. In cases where a patient lacks capacity to consent, a best interests decision can be made on their behalf (for example by a lasting power of attorney). EPA-CON-02: The positive consent decision MUST be recorded The system MUST allow the capture of a consent decision that relates directly to creating and sharing an EPaCCS record. It should be possible to differentiate between two forms of consent: An explicit positive consent decision from a patient A best-interest decision in cases where the patient lacks capacity to consent Source: Best Practice. Copyright 2013 Page 13 of 19

14 EPA-CON-03: An EPaCCS record MUST only be created if consent has been gained A patient MUST only have an EPaCCS record if they have given their explicit consent or, in the case of someone who lacks capability, this is judged to be in their best interests Source: EPaCCS Record Keeping Guidance, Section 6.3 [Ref:10] EPA-CON-04: A record MUST NOT be accessible if a patient withdraws consent The system MUST prevent further access to a patient s EPaCCS record (except for IG audit purposes) if the patient withdraws their consent. Source: EPaCCS Record Keeping Guidance, Section 6.3 [Ref:10] EPA-CON-05: The patient SHOULD be able to request that information is removed when consent is withdrawn Where an EPaCCS record forms part of a wider clinical record, a discussion should be had with the patient about what (if any) information about their end of life preferences they would like removed (or made inaccessible) from the local record, and the system SHOULD support this. Source: Best Practice If a local organisation has an agreed deletion procedure for patient records, the use of this procedure could be considered for EPaCCS records also. There is a need, where practical, to ensure that professionals only view EPaCCS records where the patient agrees that they may do so: EPA-CON-06: Patient consent SHOULD be sought to view records When possible staff SHOULD seek consent each time the record is viewed. Source: ISB1580 Standard Specification, Section 2.2, Requirement 6 [Ref: 5] Secondary uses of EPaCCS data should use anonymised or pseudonymised data rather than patient identifiable (PI) data unless this is unavoidable: EPA-CON-07: Secondary uses of PI data MUST be lawful The system MUST prevent (as far as possible) patient identifiable (PI) data being used for secondary uses unless consent has been obtained for this use of patient data, or where there is an established legal basis or requirement to do so. Source: EPaCCS Implementation Guidance, Section 7.4 [Ref: 9] Copyright 2013 Page 14 of 19

15 7. Audit and Security The national information standard also sets out a series of audit and security controls that should be incorporated into EPaCCS solutions. Some of the requirements in the original documents have been elaborated or amended slightly to ensure they are clear and implementable in a system. These amendments have been made in consultation with the authors of the national information standard and the national IG team Recommended Requirements Audit As with all clinical systems, all activities within the system must be auditable: EPA-AUD-01: All information captured or held MUST be auditable All viewing/updating/deletion of data MUST be traceable back to the specific user or system who viewed/updated the record, including the date/time it occurred. This must include system extracts/messaging, etc. Source: ISB1580 Standard Specification, Section 2.2, Requirement 3 [Ref: 5] EPA-AUD-02: Audit information MUST be accessible It MUST be possible for Privacy Officers or Caldicott Guardians to access all audit information to support investigations into misuse, and also to support subject access and information requests. Source: ISB1580 Standard Specification, Section 2.2, Requirement 3 [Ref: 5] EPA-AUD-03: A record of changes SHOULD be accessible The history of changes to the record SHOULD be available to users of the system. Source: Best Practice. A system should not prevent access to records where patient consent has not been obtained to view the record, but equally there should be some controls in place to allow Caldicott Guardians or Privacy officer to identify and investigate misuse of EPaCCS systems: EPA-AUD-04: A report of record views without consent SHOULD be available The system SHOULD provide a specific report detailing instances where it is known that a record was viewed without patient consent. This report should be made available to a Caldicott Guardian and/or Privacy Officer so they can periodically review it to identify misuse. Source: Best Practice Security Secure controls must be in place to control access to the information in the EPaCCS: EPA-SEC-01: A secure authentication mechanism MUST be used Access to the system MUST be controlled using a secure authentication mechanism in-line with egif standards. NHS Smartcard authentication MAY be used to provide this secure mechanism. Source: ISB1580 Standard Specification, Section 3.3 [Ref: 5] Copyright 2013 Page 15 of 19

16 EPA-SEC-02: The system MUST be secure The system MUST comply with the NHS and legal requirements for information governance (including data security and confidentiality). All implementations MUST comply with information governance requirements for data security and confidentiality including ISO/IEC 27001:2005 [Ref: 11] Source: ISB1580 Standard Specification, Section 2.2, Requirement #3 [Ref: 5] EPA-SEC-03: Single Sign-On SHOULD be used An appropriate single-sign-on (SSO) mechanism SHOULD be supported to allow users who "click-through" from other systems to be transparently authenticated for access to the system. This MAY use the national SSO solution (NHS smartcards). Source: Best Practice EPA-SEC-04: The system MUST meet IG Toolkit Requirements The solution MUST comply with the relevant IG requirements in the Information Governance Toolkit [Ref: 8] Source: EPaCCS Implementation Guidance, Section 7.1 [Ref: 9] Copyright 2013 Page 16 of 19

17 8. Confidentiality The national information standard also sets out a series of confidentiality controls that should be incorporated into EPaCCS solutions. Some of the requirements in the original documents have been elaborated or amended slightly to ensure they are clear and implementable in a system. These amendments have been made in consultation with the authors of the national information standard and the national IG team Recommended Requirements EPA-CDY-01: Users MUST only see records for patients under their care The solution MUST only allow users to access the records for patients under their care (i.e. those with whom they have a legitimate relationship). Source: EPaCCS Implementation Guidance, Section 7.2 [Ref: 9] EPA-CDY-02: The patient SHOULD be able to request that named individuals should not be informed about their EPaCCS record If the patient does not wish named individuals to be informed that they have an EPaCCS record, there SHOULD be the capability to record this decision in the record (although it may be recorded as text). Source: EPaCCS Implementation Guidance, Section 7.4 [Ref: 9] EPA-CDY-03: The patient SHOULD be able to prevent specific information being shared At the request of the patient, the system SHOULD include the ability to prevent certain users accessing parts of the record within the system (e.g. based on their RBAC role), AND to prevent parts of the record being included in electronic messages sent to other systems. NOTE: Information about these specific preferences COULD be transmitted outside the system if required (although this could be in text form). Source: EPaCCS Record Keeping Guidance, Section 6.9 [Ref:10] EPA-CDY-04: Data sharing agreements MUST be in place Where data is shared between organisations, a data sharing agreement MUST be in place to ensure appropriate IG safeguards are in place. Source: EPaCCS Implementation Guidance, Section 7.3 [Ref: 9] EPA-CDY-05: Role based access controls MUST be in place Role Based access control MUST be used to ensure that the rights to view, create, edit or delete specified clinical content elements are limited to appropriate clinicians as defined by local clinical governance and IT safety leads. National RBAC linked to NHS Smartcards MAY be used to support this. Source: EPaCCS Implementation Guidance, Section 7.3 [Ref: 9] Copyright 2013 Page 17 of 19

18 9. References These resources will provide additional information, and are referenced in the relevant sections in this document. Sharing in Risk Stratification _html#guidance-on-data-sharing 7 Privacy Impact Assessments Guidance (ICO) _protection/topic_guides/privacy_impact_ass essment.aspx 8 IG Toolkit https://nww.igt.connectingforhealth.nhs.uk/ 9 ISB Standard Implementation Guidance 10 ISB Standard Record Keeping Guidance 11 ISO/IEC 27001:2005 Information technology -- Security techniques -- Information security management systems Requirements Ref no Title Location 1 QIPP Digital Technology Website 2 NHS Networks: QIPP Digital Technology and Vision 3 DH: End of Life Care Workstream Page ndproductivity/qippworkstreams/dh_ National End of Life Care Programme 5 ISB Standard: End of Life Care Co-ordination, Core Content 6 QIPP DT Guidance on Data mber=42103 Copyright 2013 Page 18 of 19

19 10. Glossary of Terms The below list defines the various terms used in this document. Term Definition DPA Data Protection Act DT Digital Technology EPaCCS Electronic Palliative Care Co-Ordination System ICO Information Commissioners Office ICT Information and Communication Technology IG Information Governance ISO International Organisation for Standardisation LMC Local Medical Committee LR Legitimate Relationship OOH Out of Hours PI Patient Identifiable PIA Privacy Impact Assessment QIPP Quality, Innovation, Productivity and Prevention QIPP Quality Innovation Productivity and Prevention RBAC Role Based Access Control SIRO Senior Information Risk Owner SSISA System Specific Information Sharing Agreement Copyright 2013 Page 19 of 19

A Question of Balance

A Question of Balance A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What

More information

Information Governance Strategy :

Information Governance Strategy : Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update

More information

Informatics: The future. An organisational summary

Informatics: The future. An organisational summary Informatics: The future An organisational summary DH INFORMATION READER BOX Policy HR/Workforce Management Planning/Performance Clinical Document Purpose Commissioner Development Provider Development Improvement

More information

Governance. Information. Bulletin. Welcome to the nineteenth edition of the information governance bulletin

Governance. Information. Bulletin. Welcome to the nineteenth edition of the information governance bulletin Welcome to the nineteenth edition of the information governance bulletin Our regular bulletin about information governance and the work of the IG transition programme Publication Gateway Reference: 02465

More information

INFORMATION GOVERNANCE STRATEGY NO.CG02

INFORMATION GOVERNANCE STRATEGY NO.CG02 INFORMATION GOVERNANCE STRATEGY NO.CG02 Applies to: All NHS LA employees, Non-Executive Directors, secondees and consultants, and/or any other parties who will carry out duties on behalf of the NHS LA.

More information

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE

More information

A joint plan to foster a healthy and vibrant Healthcare IT market. Intellect & DH Informatics Directorate. Initial Issue

A joint plan to foster a healthy and vibrant Healthcare IT market. Intellect & DH Informatics Directorate. Initial Issue A joint plan to foster a healthy and vibrant Healthcare IT market Intellect & DH Informatics Directorate Initial Issue Crown Copyright 2012 Page 1 of 8 Amendment History: Version Date Amendment History

More information

Information Governance Framework and Strategy. November 2014

Information Governance Framework and Strategy. November 2014 November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date

More information

E-Mail, Calendar and Messaging Services Good Practice Guideline

E-Mail, Calendar and Messaging Services Good Practice Guideline E-Mail, Calendar and Messaging Services Good Practice Guideline Programme NPFIT Document Record ID Key Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0017.01 Prog. Director Mark Ferrar Status

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date

More information

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE GUIDANCE 1 TITLE: INFORMATION GOVERNANCE FRAMEWORK 2 POLICY AREA: INFORMATION GOVERNANCE 3 ACCOUNTABLE DIRECTOR FOR POLICY AREA: DIRECTOR OF QUALITY AND GOVERNANCE 4 GUIDANCE DRAFTED BY: INTEGRATED GOVERNANCE

More information

Information Sharing Protocol

Information Sharing Protocol Information Sharing Protocol South Central PCTs, General Practices and Tribal Consulting Limited Commissioning Enablement Service (Analytics) Document Control Date Version Author Comment 08/02/10 0.1 A.

More information

NHS Commissioning Board: Information governance policy

NHS Commissioning Board: Information governance policy NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION

More information

Policies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1

Policies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1 Policies for: Information Governance Information Quality Information Management Information Security Approved by: None this version Date approved: Name of originator/author: Ade Oduntan, Mike Hellier,

More information

The EDGE 2014 User Conference Information Governance Workshop

The EDGE 2014 User Conference Information Governance Workshop The EDGE 2014 User Conference Information Governance Workshop Monday 17 th March 2014 Debbie Terry Agenda What is Information Governance? New developments in legislation Your questions answered Caldicott

More information

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs NOTE: This is a CONTROLLED Document. Any documents appearing in paper

More information

TERMS OF REFERENCE: REVIEW OF THE INFORMATION GOVERNANCE TOOLKIT

TERMS OF REFERENCE: REVIEW OF THE INFORMATION GOVERNANCE TOOLKIT TERMS OF REFERENCE: REVIEW OF THE INFORMATION GOVERNANCE TOOLKIT The Information Governance Professional Leadership Group hosted by the NHS Commissioning Board is committed to conducting a strategic review

More information

Data Quality Policy SH NCP 2. Version: 5. Summary:

Data Quality Policy SH NCP 2. Version: 5. Summary: SH NCP 2 Summary: Keywords (minimum of 5): (To assist policy search engine) Target Audience: The Trust provides a framework to ensure all data that is recorded by the Trust is accurate and complies to

More information

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT 9.7 Date of the meeting 15/07/2015 Author Sponsoring Clinician Purpose of Report Recommendation J Green - Head

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:

More information

Accessing Personal Information on Patients and Staff:

Accessing Personal Information on Patients and Staff: Accessing Personal Information on Patients and Staff: A Framework for NHSScotland Purpose: Enabling access to personal and business information is a key part of the NHSScotland Information Assurance Strategy

More information

Information Sharing Policy

Information Sharing Policy Information Sharing Policy REFERENCE NUMBER IG 010 / 0v3 February 2013 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive Committee 5.2.13 REVIEW DUE DATE February 2016 West Lancashire CCG is committed

More information

Information Security Assurance Plan 2015/16

Information Security Assurance Plan 2015/16 Information Security Assurance Plan 2015/16 Policy number: N/A Version 2.0 Approved by Name of author/originator Owner (Exec Director) Date of approval August 2015 Date of last review July 2015 Next due

More information

Health and Social Care Information Centre

Health and Social Care Information Centre Health and Social Care Information Centre Information Governance Assessment Customer: Clinical Audit Support Unit of the Health and Social Care Information Centre under contract to the Royal College of

More information

INFORMATION SHARING AGREEMENT. Multi-Disciplinary Team (MDT): Service Information Sharing

INFORMATION SHARING AGREEMENT. Multi-Disciplinary Team (MDT): Service Information Sharing INFORMATION SHARING AGREEMENT Multi-Disciplinary Team (MDT): Service Information Sharing SCOPE NAME OF LEAD Multi-Disciplinary Team (MDT) for high risk people: this agreement is for the patient and management

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version Version 1 Ratified By Date Ratified PROPOSED FOR APPROVAL 15/11/12 Author(s) Responsible Committee / Officers Date Issue November 2012 Review Date November 2013 Intended

More information

Information and technology for better care. Health and Social Care Information Centre Strategy 2015 2020

Information and technology for better care. Health and Social Care Information Centre Strategy 2015 2020 Information and technology for better care Health and Social Care Information Centre Strategy 2015 2020 Information and technology for better care Information and technology for better care Health and

More information

Recommendations from Industry on Key Requirements for Building Scalable Managed Services involving Telehealth, Telecare & Telecoaching

Recommendations from Industry on Key Requirements for Building Scalable Managed Services involving Telehealth, Telecare & Telecoaching Recommendations from Industry on Key Requirements for Building Scalable Managed Services involving Telehealth, Telecare & Telecoaching Contacts: Angela Single, Chair, Industry Working Group: angela.single@3millionlives.co.uk

More information

D-CRIS Information Governance Assurance

D-CRIS Information Governance Assurance D-CRIS Information Governance Assurance Date: 05 08 2013 Version: 1.0 Author: Murat Soncul Contents 1. Introduction... 3 2. CRIS Security Model... 3 3. SLaM Information Governance Framework... 4 4. Roles

More information

Information Governance Plan

Information Governance Plan Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.

More information

Information governance in the Department of Health and the NHS

Information governance in the Department of Health and the NHS Information governance in the Department of Health and the NHS Harry Cayton, National Director for Patients and the Public, Chair, Care Record Development Board. Introduction I was asked by the Programme

More information

Information Governance Policy and Management Framework

Information Governance Policy and Management Framework Information Governance Policy and Management Framework Policy Number: IG01 Version: 3.0 Ratified by: Governing Body Date ratified: February 2016 Name of originator/author: Louise Chatwyn Information Governance

More information

Barnet Partnership Information Sharing Protocol

Barnet Partnership Information Sharing Protocol Barnet Partnership Information Sharing Protocol Information Sharing Protocol V1_0C - FINAL Page 1 of 52 Version 1.0 (FINAL) Contents 1 Background... 4 1.1 The need to share information... 4 2 Scope...

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

Privacy Impact Assessment: care.data

Privacy Impact Assessment: care.data High quality care for all, now and for future generations Document Control Document Purpose Document Name Information Version 1.0 Publication Date 15/01/2014 Description Associated Documents Issued by

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:

More information

Secure Requirement Submission

Secure  Requirement Submission Title Secure Email Requirement Submission Document ID ISB 1596 Amd 34/2012 Director Mark Reynolds Status Final Owner Jon Calpin Version 1.1 Author Mark Reynolds Version Date 03/12/2012 Secure Email Requirement

More information

Information Governance Strategy Includes Information risk & incident management methodology

Information Governance Strategy Includes Information risk & incident management methodology Version 2.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality & Governance Committee Ratification date: May 2014 Review date: May

More information

Information Governance and Risk Stratification: Advice and Options for CCGs and GPs

Information Governance and Risk Stratification: Advice and Options for CCGs and GPs Information Governance and Risk Stratification: Advice and Options for CCGs and GPs 1 NHS England INFORMATION READER BOX Directorate Medical Operations Patients and Information Nursing Policy Commissioning

More information

QIPP Digital Technology. Online Meeting Services: Information Governance Guidance

QIPP Digital Technology. Online Meeting Services: Information Governance Guidance QIPP Digital Technology Online Meeting Services: Information Governance Guidance Author: Richard Trusson Date: March 2012 Version: 1.0 Crown Copyright 2012 Page 1 of 22 Contents 1. Executive Summary...

More information

Emailing and Texting with Patients

Emailing and Texting with Patients Emailing and Texting with Patients Trust Board Meeting - Part 1 Item: 8.4 25 September 2013 Enclosure: I Purpose of the Report: This paper explores the use of email and texting in certain forms of communication

More information

Information Governance Framework

Information Governance Framework Information Governance Framework Authorship: Chris Wallace, Information Governance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date: March

More information

Information Governance

Information Governance Attach 8 Information Governance CCG Accredited Safe Haven Application Information Governance CCG Accredited Safe Haven Application 1 1. Introduction 1.1. From the 1st April 2013 new information governance

More information

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff. Information Governance Policy 1 SUMMARY This policy is intended to ensure that staff are fully aware of their Information Governance (IG) responsibilities, so that they can effectively manage and best

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY Report to the Trust Board 22 September 2015 Sponsoring Director: Author: Purpose of the report: Key Issues and Recommendations: Director

More information

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of

More information

Data Management Strategy

Data Management Strategy Scope Data Management Strategy (v1.0, February 2015) 1. This document focuses primarily on the internal data management objectives of the CCG over the next three years. Due to the evolving nature of legislation

More information

JOB DESCRIPTION. Information Governance Manager

JOB DESCRIPTION. Information Governance Manager JOB DESCRIPTION POST TITLE: Information Governance Manager DIRECTORATE: ACCOUNTABLE TO: BAND: LOCATION: CSS Head of Information Governance 8a CSS Job Purpose The Information Governance Manager will ensure

More information

IAPT Data Standard. Frequently Asked Questions

IAPT Data Standard. Frequently Asked Questions IAPT Data Standard Frequently Asked Questions Version 1.0 March 2012 IAPT FAQs 1.0-1 - Contents Section 1: About the IAPT Data Standard.. 3 Section 2: Who is responsible for doing what?. 5 Section 3: How

More information

Securing excellence in IT Services. Operating model for offender health care

Securing excellence in IT Services. Operating model for offender health care Securing excellence in IT Services Operating model for offender health care February 2013 Table of Contents 01 Glossary of terms 02 Introduction Purpose of document Background 03 Offender Health IT Commissioning

More information

NATIONAL HEALTH SERVICE, ENGLAND

NATIONAL HEALTH SERVICE, ENGLAND D I R E C T I O N S NATIONAL HEALTH SERVICE, ENGLAND The Health and Social Care Information Centre (Establishment of Information Systems for NHS Services: Collection and Analysis of Primary Care Data)

More information

BOARD PAPER - NHS ENGLAND. Title: Publication of Directions to Health and Social Care Information Centre for the collection of primary care data

BOARD PAPER - NHS ENGLAND. Title: Publication of Directions to Health and Social Care Information Centre for the collection of primary care data Paper NHSE130903 BOARD PAPER - NHS ENGLAND Title: Publication of Directions to Health and Social Care Information Centre for the collection of primary care data Clearance: Tim Kelsey, Director of Patients

More information

Information Management Policy

Information Management Policy Title Information Management Policy Document ID Director Mark Reynolds Status FINAL Owner Neil McCrirrick Version 1.0 Author Deborah Raven Version Date 26 January 2011 Information Management Policy Crown

More information

NHS Waltham Forest Clinical Commissioning Group Information Governance Policy

NHS Waltham Forest Clinical Commissioning Group Information Governance Policy NHS Waltham Forest Clinical Commissioning Group Information Governance Policy Author: Zeb Alam & David Pearce Version 3.0 Amendments to Version 2.1 Updates made in line with National Guidance and Legislation

More information

Information Security and Governance Policy

Information Security and Governance Policy Information Security and Governance Policy Version: 1.0 Ratified by: Information Governance Group Date ratified: 19 th October 2012 Name of organisation / author: Derek Wilkinson Name of responsible Information

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting

More information

Offshore and Internet Connection Addendum to the. Data Sharing Agreement. Version 1.3

Offshore and Internet Connection Addendum to the. Data Sharing Agreement. Version 1.3 Offshore and Internet Connection Addendum to the Data Sharing Agreement Version 1.3 Document Control Owners IEP User Group Author Steve Jessop Document Preparation Date Version Author Comment 11/01/12

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Page 1 of 46 Policy Title: Executive Summary: Information Governance Policy This policy seeks to identify the actions required to ensure that information is appropriately

More information

NATIONAL INFORMATION BOARD

NATIONAL INFORMATION BOARD NATIONAL INFORMATION BOARD Paper Ref: NIB 0403-009 BOARD PAPER National Information Board Leadership Meeting MARCH 2015 Title: Work stream 4: Build and sustain public trust: Deliver roadmap to consent

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

The Urgent Care Clinical Dashboard Implementation Guide. Supporting your team to develop and implement locally

The Urgent Care Clinical Dashboard Implementation Guide. Supporting your team to develop and implement locally The Urgent Care Clinical Dashboard Implementation Guide Supporting your team to develop and implement locally Welcome The Urgent Care Clinical Dashboard Implementation guide is intended to be your first

More information

Information Governance Management Framework

Information Governance Management Framework Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date

More information

Focus on Subject Access Requests for insurance purposes. August 2015 (updated further to July 2015 guidance)

Focus on Subject Access Requests for insurance purposes. August 2015 (updated further to July 2015 guidance) Focus on Subject Access Requests for insurance purposes August 2015 (updated further to July 2015 guidance) Focus on Subject Access Requests for insurance purposes August 2015 Introduction The BMA has

More information

IG: Third Party Contracts and Contractors Policy

IG: Third Party Contracts and Contractors Policy IG: Third Party Contracts and Contractors Policy Document Summary This policy provides guidance on the Information Governance arrangements that need to be considered and / or implemented when engaging

More information

Use of tablet devices in NHS environments: Good Practice Guideline

Use of tablet devices in NHS environments: Good Practice Guideline Use of Tablet Devices in NHS environments: Good Practice Guidelines Programme NPFIT Document Record ID Key Sub-Prog / Project Technology Office Prog. Director Chris Wilber Status APPROVED Owner James Wood

More information

Information Security Policy

Information Security Policy Information Security Policy JUNE 2014 Author Responsibility Lynda Harris, Head of Information Governance, Central Eastern CSU, Bedfordshire and Luton All staff Effective Date June 2014 Review Date June

More information

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South

More information

Date: 30 th May 2013. Agenda Item: 5.5. Ian Mackenzie Director of Information and Estates REPORT AUTHOR:

Date: 30 th May 2013. Agenda Item: 5.5. Ian Mackenzie Director of Information and Estates REPORT AUTHOR: TRUST BOARD IN PUBLIC Date: 30 th May 2013 Agenda Item: 5.5 REPORT TITLE: Information Governance Annual Report EXECUTIVE SPONSOR: Ian Mackenzie Director of Information and Estates REPORT AUTHOR: Sarah

More information

Information Management Policy CCG Policy Reference: IG 2 v4.1

Information Management Policy CCG Policy Reference: IG 2 v4.1 Information Management Policy CCG Policy Reference: IG 2 v4.1 Document Title: Policy Information Management Document Status: Final Page 1 of 15 Issue date: Nov-2015 Review date: Nov-2016 Document control

More information

Information: To Share or not to Share. Government Response to the Caldicott Review

Information: To Share or not to Share. Government Response to the Caldicott Review Information: To Share or not to Share Government Response to the Caldicott Review September 2013 You may re-use the text of this document (not including logos) free of charge in any format or medium, under

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September

More information

JOB DESCRIPTION. Contract Management and Business Intelligence

JOB DESCRIPTION. Contract Management and Business Intelligence JOB DESCRIPTION DIRECTORATE: DEPARTMENT: JOB TITLE: Contract Management and Business Intelligence Business Intelligence Business Insight Manager BAND: 7 BASE: REPORTS TO: Various Business Intelligence

More information

HSCIC Audit of Data Sharing Activities:

HSCIC Audit of Data Sharing Activities: Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 26/10/2015 HSCIC Audit of Data Sharing

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

Information Governance Policy

Information Governance Policy BEXLEY CARE TRUST MANAGEMENT MANUAL Title: INFORMATION GOVERNANCE POLICY Originating Department: IT DEPARTMENT Authorised by: Risk Management Committee June 2008 Reference no: CA12 Date of Issue: JANUARY

More information

Corporate Information Security Policy

Corporate Information Security Policy Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives

More information

The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking

The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking The Information Commissioner has responsibility for promoting and enforcing the

More information

The Care Record Guarantee Our Guarantee for NHS Care Records in England

The Care Record Guarantee Our Guarantee for NHS Care Records in England The Care Record Guarantee Our Guarantee for NHS Care Records in England January 2011, version 5 Introduction In the National Health Service in England, we aim to provide you with the highest quality of

More information

Information Governance. and what it means for you

Information Governance. and what it means for you Information Governance and what it means for you 1 Content Introduction 3 Who are we? 4 What is Information Governance? 4 Purpose of Holding Information 5 Confidentiality and Security 5 Accuracy of Information

More information

Summary of feedback on Big data and data protection and ICO response

Summary of feedback on Big data and data protection and ICO response Summary of feedback on Big data and data protection and ICO response Contents Introduction... 2 Question 1... 3 Impacts and benefits; privacy impact assessments (PIAs)... 3 New approaches to data protection...

More information

Trust Board Meeting: Wednesday 12 November 2014 TB

Trust Board Meeting: Wednesday 12 November 2014 TB Trust Board Meeting: Wednesday 12 November 2014 Title Update on Information Governance: Mid-Year Selfassessment against Information Governance Toolkit Status History For discussion Bi-annual Update Board

More information

Lancashire County Council Information Governance Framework

Lancashire County Council Information Governance Framework Appendix 'A' Lancashire County Council Information Governance Framework Introduction Information Governance provides a framework for bringing together all of the requirements, standards and best practice

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

HSCIC Audit of Data Sharing Activities:

HSCIC Audit of Data Sharing Activities: Directorate / Programme Data Dissemination Services Project / Work Data Sharing Audits Status Final Acting Director Chris Roebuck Version 1.0 Owner Rob Shaw Version issue date 19-Jan-2015 HSCIC Audit of

More information

Information Governance Management System

Information Governance Management System Information Governance Management System Comprising of policies on: Use of Personal Information Information Quality Security of information (including Forensic readiness) Management of Records - Overview

More information

NATIONAL INFORMATION BOARD WORK STREAM 4 ROADMAP

NATIONAL INFORMATION BOARD WORK STREAM 4 ROADMAP NATIONAL INFORMATION BOARD Personalised Health and Care 2020 WORK STREAM 4 ROADMAP Build and sustain public trust Deliver roadmap to consent based information sharing and assurance of safeguards June 2015

More information

Urgent & Emergency Care Network specification

Urgent & Emergency Care Network specification Urgent & Emergency Care Network specification May 2015 Transforming London s health and care together Contents Contents...2 Introduction...3 Background: Urgent and Emergency Care Review...3 Development

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying

More information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route

More information

Information Governance Strategy Includes Information risk & incident management methodology

Information Governance Strategy Includes Information risk & incident management methodology Version 3.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality Assurance Group Ratification date: March 2015 Review date: March 2016

More information

Income, innovation and investment Contents

Income, innovation and investment Contents Income, innovation and investment Contents Part one Policy... 2 Chapter 1 Definitions... 3 Income... 4 Innovation and ideas... 6 Investment... 6 Chapter 2 Principles... 7 VAT... 9 Part two Policy procedure...

More information

Information Governance and Data Protection Policy

Information Governance and Data Protection Policy Information Governance and Data Protection Policy Page 1 of 21 Document Control Sheet Name of document: Version: Owner: File location / Filename: Information Governance and Data Protection Policy Final

More information

Information Governance Policy

Information Governance Policy Information Governance Policy REFERENCE NUMBER IG 101 / 0v3 May 2012 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive 4.9.12 REVIEW DUE DATE May 2015 West Lancashire CCG is committed to ensuring

More information

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2. Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments

More information

Information Governance Strategy & Policy

Information Governance Strategy & Policy Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY Policy approved by: Audit and Governance Committee Date: 4 th December 2014 Next Review Date: December 2016 Version: 1 Information Security Policy Page 1 of 17 Review and Amendment

More information