INFORMATION GOVERNANCE AND DATA PROTECTION POLICY
|
|
- Oswin Johnson
- 8 years ago
- Views:
Transcription
1 INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July
2 Document Control Sheet Name of Document: Information Governance & Data Protection Policy Version: 1 Held by Head of Corporate Affairs: Information File Location / Document Name: Governance & Data Protection Policy Date Of This Version: July 2013 Produced By: NHS Anglia Commissioning Support Unit Reviewed By: Head of Corporate Affairs Synopsis And Outcomes Of Equality and Diversity Impact Assessment: No adverse impact identified Ratified By (Committee): Audit Committee Date Ratified: 24 July 2013 Distribute To: West Norfolk CCG Council of Members, Governing Body Members, All Staff Date Due For Review: July 2014 Enquiries To: Head of Corporate Affairs Revision History Revision Date Summary of changes Author(s) Version Number Approvals This document requires the following approvals either individual(s), group(s) or board. Name Title Date of Issue Version Number WN CCG Information Governance & Data Protection Policy July
3 CONTENTS Part Description Page 1 Introduction 4 2 Scope 4 3 Data Protection Act 4/5 4 Information Governance Management Framework 7 5 Monitoring 10 Appendix A Definitions & Examples of Data Controllers, Data Subject and Data Processors 12 WN CCG Information Governance & Data Protection Policy July
4 1. INTRODUCTION This policy has been drafted by NHS Anglia Commissioning Support Unit (CSU) on behalf of NHS West Norfolk CCG (WN CCG). The Policy takes into account the evolving Commissioning Support Unit (CSU) and its role in providing support to CCGs in discharging their duties as outlined in the Health and Social Care Act 2012 Information is a vital asset and needs to be managed securely by NHS organisations. Appropriate policies, guidance, accountability and structures must be in place to support the governance and confidentiality of information in order to support the organisation s strategic business aims. Information Governance is defined as a framework for handling information in a confidential and secure manner to appropriate ethical and quality standards in a modern health service (Information Security Management: NHS code of Practice, 2007). 2. SCOPE This policy outlines the principles of information governance and Data Protection that are applied to WN CCG and its member practices. The policy applies to both manual and electronic records This policy applies to: all staff who work for WN CCG and the CSU, including consultants and voluntary staff; all members of WN CCG Governing Body and the CSU Board; WN CCG Councils of Members; WN CCG Governing Body sub committees. 3. DATA PROTECTION ACT WN CCG is committed to compliance with the requirements of the Data Protection Act 1998 ( the Act ) and will ensure that all employees, contractors, Governing Body members, agents, consultants and partners who have access to any personal data held by or on behalf of WN CCG are fully aware of and abide by their duties and responsibilities under the Act. In order to operate efficiently, WN CCG and the CSU on behalf of WN CCG have to collect and use information about people with whom it works, including patients, public, employees (current, past and prospective), clients and customers, and suppliers. In addition, it may be required by law to collect and use information in order to comply with the requirements of the Department of Health. This personal information must be handled WN CCG Information Governance & Data Protection Policy July
5 and managed appropriately, however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by any other means. The Data Protection Act 1998 governs how we collect, store, process and share data The Act dictates that information should only be disclosed on a need to know basis. Printouts and paper records must be treated carefully and disposed of in a secure manner. Staff must not disclose information outside their line of duty. Each organisation is required to register its data holdings with the Information Commissioner, identifying the purposes for holding the data, how it is used and to whom it may be disclosed. All applications/databases (identified as part of the IAO work) should be registered under the PCT s global registration, complying with this policy and the 8 Data Protection Principles. The Data Protection Act 1998 requires every data controller who is processing personal information in an automated form to notify, unless they are exempt. Failure to notify is a criminal offence. Register entries have to be renewed annually. If you are required to notify but don t renew your registration, you are committing a criminal offence. Any person or organisation that uses personal information is known as a data controller. WN CCG is legally a Data Controller in its own right. A data controller must comply with the 8 principles of the data protection act (see 3.6). The Information Governance Manager (the Head of Corporate Affairs) is the Data Protection Officer and manages the registration. The 8 Data Protection principles: Personal data shall be processed fairly and lawfully Personal data shall be obtained for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed Personal data shall be accurate and, where necessary, kept up to date Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act 1998 WN CCG Information Governance & Data Protection Policy July
6 Appropriate technical and organisational measures shall be taken against unauthorised and unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data Personal data shall not be transferred to a county or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal Data Subject Access The Data Protection Act also gives rights to a copy of the information held about a person. This is known as a subject access request An individual can request access to information regardless of the media in which it may be held Data Retention schedules are detailed in the DOH Records Management: NHS Code of Practice WN CCG will ensure that the general public, staff, including volunteers, locums, temporary employees and patients are aware of why the NHS needs information about them, how this is used and to whom it may be disclosed by the use of leaflets, the individual organisations web sites. Statements about Data Protection will be included on all forms requesting personal identifiable information. Information Sharing 3.5 There are Acts of Parliament that govern the disclosure/sharing of personal patient information - some make it a legal requirement to disclose and others that state information cannot be disclosed. WN CCG has signed up to an overall Norfolkwide Information Sharing Protocol and has a number of supporting sharing agreements with a wide range of third parties, reviewed regularly by the Audit Committee. The document is managed and held by Norfolk County Council who hold a current list of signatories. 4. INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK This IG Management Framework provides an overview of how WN CCG addresses the IG agenda and is formally approved by the Audit Committee, as delegated by the Governing Body. WN CCG Information Governance & Data Protection Policy July
7 Senior roles Key Policies IG Management Framework The Senior Information Risk Owner, Caldicott Guardian and IG lead: Together they are accountable for:- ensuring effective management, accountability, compliance and assurance for all aspects of IG ensuring there is top level awareness and support for IG providing direction in formulating, establishing and promoting IG policies chairing and co-ordinating the IG committee ensuring assessments and audits for IG policies reporting regularly to the Governing Body on IG ensuring the approach to IG is communicated to all staff ensuring appropriate training is made available to staff ensuring compliance with law and national guidance promoting risk assessment and mitigation of IG/IT risks, using a risk management processes and escalating to the Corporate Risk Register and Governing Body Assurance Framework as required providing advice to staff on using, maintaining, transferring and sharing sensitive information act as the conscience of the organisation in relation to handling and sharing of patient identifiable information and advising on lawful and ethical processing of information Roles and responsibilities are outlined fully in the Information Governance Strategy. The following policies are in place or are being prepared and regularly reviewed Norfolk Overarching Sharing Protocol Information and IT Security Policies Health & Corporate Records Policy (Lifecycle management) Code of Confidentiality Disciplinary Policy Staff leavers Policy Data Quality Policy Incident Management Policy SUI Policy WN CCG Information Governance & Data Protection Policy July
8 Key Governance Bodies Resources Risk Management Policy FOI Policy RA Policy Homeworking Policy Information Governance and Data Protection Policy All policies and staff resources will be available on the staff intranet At WN CCG, the Audit Committee oversees the IG agenda, is chaired by the Lay Member (Audit) and is the main steering group for IG/Information Security. The Audit Committee reports to the Governing Body. Key staff (responsibilities highlighted in Job Descriptions):- Senior Information Risk Owner (SIRO) (Chief Financial Officer) Information Governance Manager (also the Data Protection Officer maintains the Data Protection registration with the Information Commissioner) and IG Facilitator (Head of Corporate Affairs) IT Security (Chief Financial Officer) Health & Corporate Records Head of Corporate Affairs oversees complaints Head of Business Intelligence is responsible for Data Quality RA Manager PALS for patients/public to raise queries on their health records/uses of their personal information and for subject access requests Information Asset Owners (IAOs) and Administrators (IAAs) Governance Framework Information Asset Owners (IAOs) will be identified, provided with training and support and will carry out risk assessments on the information assets, to protect against unauthorised access or disclosure, within their area to support the SIRO IAOs will ensure the integrity of information within their area; they will understand what information is held, what is added and what is removed, and who has access and why. As a result they will understand and address risks to the information. Information Asset Administrators are tasked with ensuring all Information Assets are recorded, mapped and risked assessed within their area. All third party contracts will be clear with regard to IG expectations WN CCG Information Governance & Data Protection Policy July
9 Training Guidance Incident Management & All managers and staff will have key IG responsibilities as part of their job descriptions and contracts. They will be familiar with the relevant policies, have attended appropriate training, support the IAOs and ensure that all patient/personal identifiable information is accurate, relevant, up-to-date and used appropriately, both electronic and manual and kept secure. The WN CCG Disciplinary policies clearly outline the procedures for managing breaches with contracts and policies. A failure to adhere to the Policy and its associated procedures may result in disciplinary action The Data Protection Work Programme ensures compliance with all aspects of the Data Protection Act and related provisions and promotes awareness throughout the organisation and ensures service users are provided with information on their rights under data protection legislation IG Mandatory e-learning training for all staff using the DH IG Training Tool (IGTT) available at Training is role-specific. Specialised IG and Data Protection Act training is available according to Training Needs analysis from annual appraisal and PDPs, including the Caldicott Guardian, SIRO and Information Asset Owners (IAOs) FOI training is available to all staff WN CCG intranet will have specific areas devoted to IG for all staff and regular newsletters and bulletins will be issued to support the IG culture. Newsletters and support will be provided to clients and member practices for all aspects of information governance and completion of their IG toolkits. WN CCG Staff have ready access to organisational IG policies and guidance on the shared drive. WN CCG training data is regularly reviewed by the Executive Team and a staff survey carried out to test knowledge and awareness. The Incident Management Policy outlines the WN CCG approach to reporting and investigating all incidents, including actual and potential breaches of confidential and person identifiable information, IT security issues, and RA incidents (including loss of Smartcards) in line with the guidance provided within the Checklist for Reporting, Managing and Investigation IG SUIs Gateway Lessons learnt are widely shared across the organisation. Data security loss and confidentiality breach incidents are reported in the WN CCG Information Governance & Data Protection Policy July
10 Governance Statement and in the Annual Report, in accordance with SIRO guidance, Gateway 9571 and the IG toolkit requirement 302. There is an up to date business continuity plan for the organisation, including specific plans for IT and information systems. 5. MONITORING The Audit Committee formally monitors the implementation of the IG Strategy and supporting policies. It regularly reviews progress against the IG Toolkit (toolkit action plan), discusses IG risk mitigation plans and internal/external audit recommendations. The Audit Committee reviews the mitigation of information governance and security risks, ensures a programme of internal/external audit reviews (including audit of the IG toolkit self-assessment) and monitors implementation of recommendations from internal/external auditors. The Governing Body signs off the IG Toolkit submission. Breaches of data and information security, and of this policy, must be reported using the Incident Reporting system (see Incident Management Policy) and/or Serious Incident Policy (depending on severity). Incident trend reports are regularly reviewed by the Audit Committee. There is an annual programme of internal and external audits in place which provides validation and assurance of the information governance systems. The SIRO receives an annual review of information risk to support their written advice to the Accountable Officer, as detailed in the Governance Statement. A programme of record audits is in place to review compliance with the respective Records management Policy. Business continuity plans for IT and information systems are regularly tested and reported to the Audit Committee WN CCG uses the complaints system to effectively respond to complaints in connection with the Data Protection Act and information governance. If the WN CCG Information Governance & Data Protection Policy July
11 complainant is dissatisfied with the conduct of the CCG, then they can be referred to the Information Commissioner and Health Service Ombudsman. Training data is regularly reviewed by the Audit Committee and executive team and a staff survey carried out annually to test knowledge and awareness. WN CCG Information Governance & Data Protection Policy July
12 Appendix A Definitions & Examples of Data Controllers, Data Subject and Data Processors Data Controller means a person who [either alone or jointly or in common with other persons] determines the purpose for which, and the manner in which any personal data are, or are to be, processed. A data controller must be a person recognised in law, that is to say: individuals; organisations; and other corporate and unincorporated bodies of persons. Data controllers will usually be organisations, but can be individuals, for example selfemployed consultants. Even if an individual is given responsibility for data protection in an organisation, they will be acting on behalf of the organisation, which will be the data controller. In relation to data controllers, the term jointly is used where two or more persons (usually organisations) act together to decide the purpose and manner of any data processing. The term in common applies where two or more persons share a pool of personal data that they process independently of each other. Data controllers must ensure that any processing of personal data for which they are responsible complies with the Act. Failure to do so risks enforcement action, even prosecution, and compensation claims from individuals. Example A network of town-centre CCTV cameras is operated by a local council jointly with the police. Both are involved in deciding how the CCTV system is run and what the images it captures are used for. The council and the police are joint data controllers in relation to personal data processed in operating the system. Example A government department sets up a database of information about every child in the country. It does this in partnership with local councils. Each council provides personal data about children in its area, and is responsible for the accuracy of the data it provides. It may also access personal data provided by other councils (and must comply with the data protection principles when using that data). The government department and the councils are data controllers in common in relation to the personal data on the database. WN CCG Information Governance & Data Protection Policy July
13 Data Subject means an individual who is the subject of personal data. In other words, the data subject is the individual whom particular personal data is about. The Act does not count as a data subject an individual who has died or who cannot be identified or distinguished from others. Data processor, in relation to personal data, means any person [other than an employee of the data controller] who process the data on behalf of the data controller WN CCG Information Governance & Data Protection Policy July
Information Governance and Data Protection Policy
Information Governance and Data Protection Policy Page 1 of 21 Document Control Sheet Name of document: Version: Owner: File location / Filename: Information Governance and Data Protection Policy Final
More informationINFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK
INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire
More informationBarnsley Clinical Commissioning Group. Information Governance Policy and Management Framework
Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of
More informationInformation Governance Strategy :
Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update
More informationInformation Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs
Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs NOTE: This is a CONTROLLED Document. Any documents appearing in paper
More informationInformation Governance Policy
Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route
More informationINFORMATION GOVERNANCE STRATEGY
INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying
More informationInformation Governance Plan
Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.
More informationINFORMATION GOVERNANCE POLICY & FRAMEWORK
INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger
More informationInformation Governance Strategy. Version No 2.0
Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent
More informationInformation Governance Strategy
Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationINFORMATION GOVERNANCE POLICY
Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):
More informationINFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK
INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic
More informationInformation Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.
Information Governance Policy 1 SUMMARY This policy is intended to ensure that staff are fully aware of their Information Governance (IG) responsibilities, so that they can effectively manage and best
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval
More informationNHS Waltham Forest Clinical Commissioning Group Information Governance Policy
NHS Waltham Forest Clinical Commissioning Group Information Governance Policy Author: Zeb Alam & David Pearce Version 3.0 Amendments to Version 2.1 Updates made in line with National Guidance and Legislation
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying
More informationINFORMATION GOVERNANCE POLICY
ENFIELD CLINICAL COMMISSIONING GROUP INFORMATION GOVERNANCE POLICY PLEASE DESTROY ALL PREVIOUS VERSIONS OF THIS DOCUMENT Enfield CCG Information Governance Policy Information Governance Policy (Policy
More informationInformation Governance Policy
Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):
More informationInformation Governance Framework and Strategy. November 2014
November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date
More information1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.
Title: Reference No: NHSNYYIG - 007 Owner: Author: INFORMATION GOVERNANCE POLICY Director of Standards First Issued On: September 2010 Latest Issue Date: February 2012 Operational Date: February 2012 Review
More informationJOB DESCRIPTION. Information Governance Manager
JOB DESCRIPTION POST TITLE: Information Governance Manager DIRECTORATE: ACCOUNTABLE TO: BAND: LOCATION: CSS Head of Information Governance 8a CSS Job Purpose The Information Governance Manager will ensure
More informationINFORMATION GOVERNANCE HANDBOOK
INFORMATION GOVERNANCE HANDBOOK SECTION ONE Author Tracey Burrows Role Information Governance Manager (CSCSU) Date / Version February 2015 Version FINAL V1.0 Approved by IM&T Board Date 27 February 2015
More informationNHS Commissioning Board: Information governance policy
NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION
More informationInformation Incident Management and Reporting Procedures
Information Incident Management and Reporting Procedures Compliance with all policies, procedures, protocols, guidelines, guidance and standards is a condition of employment. Breach of policy may result
More informationInformation Governance Framework
Information Governance Framework Authorship: Chris Wallace, Information Governance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date: March
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy
More informationInformation Governance Policy
Information Governance Policy REFERENCE NUMBER IG 101 / 0v3 May 2012 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive 4.9.12 REVIEW DUE DATE May 2015 West Lancashire CCG is committed to ensuring
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Name of Policy Author: Name of Review/Development Body: Ratification Body: Ruth Drewett Information Governance Steering Group Committee Trust Board : April 2015 Review date:
More informationBEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE
GUIDANCE 1 TITLE: INFORMATION GOVERNANCE FRAMEWORK 2 POLICY AREA: INFORMATION GOVERNANCE 3 ACCOUNTABLE DIRECTOR FOR POLICY AREA: DIRECTOR OF QUALITY AND GOVERNANCE 4 GUIDANCE DRAFTED BY: INTEGRATED GOVERNANCE
More informationInformation Governance Policy
Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:
More informationINFORMATION RISK MANAGEMENT POLICY
INFORMATION RISK MANAGEMENT POLICY DOCUMENT CONTROL: Version: 1 Ratified by: Steering Group / Risk Management Sub Group Date ratified: 21 November 2012 Name of originator/author: Manager Name of responsible
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Version Version 1 Ratified By Date Ratified PROPOSED FOR APPROVAL 15/11/12 Author(s) Responsible Committee / Officers Date Issue November 2012 Review Date November 2013 Intended
More informationNHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety
More informationInformation Governance Strategy. Version No 2.1
Livewell Southwest Information Governance Strategy Version No 2.1 Notice to staff using a paper copy of this guidance. The policies and procedures page of LSW Intranet holds the most recent version of
More informationINFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER
INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE
More informationInformation Governance Strategy
Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:
More informationInformation Governance Policy
Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting
More informationInformation Governance Strategy
Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:
More informationInformation Governance Standards in Relation to Third Party Suppliers and Contractors
Information Governance Standards in Relation to Third Party Suppliers and Contractors Document Summary Ensure staff members are aware of the standards that should be in place when considering engaging
More informationInformation Governance Policy
Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September
More informationInformation Governance Policy
Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups
More informationNHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Final No impact Document Ratified/Approved By Hartlepool
More informationInformation Governance Policy (incorporating IM&T Security)
(incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationTrust Informatics Policy. Information Governance. Information Governance Policy
Trust Informatics Policy Information Governance Policy Reference: TIP/IG/IGP I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/ - 1 Document Control Policy Title Author/Contact Document Reference
More informationInformation Governance Policy
Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact
More informationInformation Governance Strategic Management Framework 2015-2017
Document Summary Information Governance Strategic Management Framework 2015-2017 This framework sets out the Cumbria Partnership NHS Foundation Trust (the organisation) Strategic Management Framework and
More informationInformation Incident Management. and Reporting Policy
Information Incident Management and Reporting Policy Policy ID IG10 Version: 1 Date ratified by Governing Body 21/3/2014 Author South CSU Date issued: 21/3/2014 Last review date: N/A Next review date:
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title
More informationInformation Governance Strategy 2015/16
Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal
More informationInformation Governance Management Framework
Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date
More informationInformation Governance Policy
Information Governance Policy Version: Revised: Consultation: Ratified by: 1.0 Information Governance Committee Governance Committee Date ratified: 19 March 2008 Name of originator/author: David McGrath
More informationDATA PROTECTION POLICY
Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection
More informationHERTSMERE BOROUGH COUNCIL
HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act
More informationNHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing
More informationAll CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.
Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,
More informationInformation Governance Policy
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
More informationInformation Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.
Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments
More informationMOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY
MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY Moorland is committed to ensuring that, as far as it is reasonably practicable, the way we provide services to the public and the way we treat
More informationData Protection Policy
Data Protection Policy Version: V1 Ratified by: Operational Management Executive Committee Date ratified: 26 September 2013 Name and Title of originator/author(s): Chris Brady, FOI, Data Protection and
More informationA Question of Balance
A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What
More informationNHS Waltham Forest Clinical Commissioning Group Information Governance Strategy
NHS Waltham Forest Clinical Commissioning Group Governance Strategy Author: Zeb Alam, CCG IG Lead, (NELCSU) David Pearce, Head of Governance, WFCCG Version 3.0 Amendments to Version 2.1 Annual Review Reference
More informationVersion Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation
Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South
More informationPolicy: D9 Data Quality Policy
Policy: D9 Data Quality Policy Version: D9/02 Ratified by: Trust Management Team Date ratified: 16 th October 2013 Title of Author: Head of Knowledge Management Title of responsible Director Director of
More informationInformation Governance Strategy & Policy
Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information
More informationInformation Governance Policy
Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading
More informationInformation Governance Strategy
Policy No: IG01 Version: 3.0 Name of Policy: Information Governance Strategy Effective From: 02/06/2015 Date Ratified 06/05/2015 Ratified Health Informatics Assurance Group (HIAG) Review Date 01/05/2017
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3
More informationInformation Sharing Policy
Information Sharing Policy REFERENCE NUMBER IG 010 / 0v3 February 2013 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive Committee 5.2.13 REVIEW DUE DATE February 2016 West Lancashire CCG is committed
More informationDate of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE.
Title: Information Governance Policy Date Approved: Approved by: Date of review: Policy Ref: Issue: January 2015 Information Governance Group Division/Department: January 2016 Policy Category: ISP-04 5
More informationData Protection Policy
Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages
More informationInformation Governance Toolkit Policy
Information Governance Toolkit Policy UNIQUE REF NUMBER: AC/IG/014/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT
More informationDATA PROTECTION POLICY
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control Information Title Data Protection Policy Version V1.0 Author Diana Watt Date Approved 21 February 2013 Review Date Annually, on the anniversary
More informationPolicy Checklist. Head of Information Governance
Policy Checklist Name of Policy: Information Governance Policy Purpose of Policy: To provide guidance to all staff on their responsibilities regarding information governance and to ensure that the Trust
More informationIslington Data Protection Policy. A council-wide information policy Version 1.1 June 2014
A council-wide information policy Version 1.1 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document is distributed under the Creative Commons Attribution 2.5 license.
More informationLancashire County Council Information Governance Framework
Appendix 'A' Lancashire County Council Information Governance Framework Introduction Information Governance provides a framework for bringing together all of the requirements, standards and best practice
More informationInformation Incident Management and Reporting Procedures
` Information Incident Management and Reporting Procedures Compliance with all CCG policies, procedures, protocols, guidelines, guidance and standards is a condition of employment. Breach of policy may
More informationSOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager
SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY Report to the Trust Board 22 September 2015 Sponsoring Director: Author: Purpose of the report: Key Issues and Recommendations: Director
More informationINFORMATION GOVERNANCE
This document is uncontrolled once printed. Please refer to the Trusts Intranet site (Procedural Documents) for the most up to date version INFORMATION GOVERNANCE NGH-PO-233 Ratified By: Procedural Document
More informationInformation Governance Training Plan v13
Information Governance Training Plan To meet requirements of IGT v13 Lincolnshire East Clinical Commissioning Group Page 1 of 17 Contents Introduction Page 3 Training Provision Page 4 Staff Induction Awareness
More informationInformation Governance Strategy
Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching
More informationUSE OF PERSONAL MOBILE DEVICES POLICY
Policies and Procedures USE OF PERSONAL MOBILE DEVICES POLICY Date Approved by Information Strategy Group Version Issue Date Review Date Executive Lead Information Asset Owner Author 15.04.2014 1.0 01/08/2014
More informationINFORMATION GOVERNANCE HANDBOOK
INFORMATION GOVERNANCE HANDBOOK Information Governance Handbook_V1.0 1 Information Reader Box Function Purpose Document Purpose Document Name Author Corporate Governance Guidance Procedures Information
More informationInformation Governance Management Framework
Information Governance Management Framework Document Status: Approved Version: v 1.3 DOCUMENT CHANGE HISTORY Version Date Comments (i.e. viewed, or reviewed, amended, approved by person or committee v1.0
More informationInformation Governance Policy
Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version
More informationInformation Governance Policy
Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY
More informationPolicies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1
Policies for: Information Governance Information Quality Information Management Information Security Approved by: None this version Date approved: Name of originator/author: Ade Oduntan, Mike Hellier,
More informationCONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE
This document is uncontrolled once printed. Please check on the CCG s Intranet site for the most up to date version CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE Document Title: Contracts
More informationCorporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
More informationINFORMATION GOVERNANCE STRATEGY NO.CG02
INFORMATION GOVERNANCE STRATEGY NO.CG02 Applies to: All NHS LA employees, Non-Executive Directors, secondees and consultants, and/or any other parties who will carry out duties on behalf of the NHS LA.
More informationMerthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
More informationData Protection Policy
1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The
More informationInformation Governance Toolkit Assessment 2009/10
Information Governance Toolkit Assessment 2009/10 Document Reference: Version: Ratified by: Date ratified: Name of originator/author: Name of responsible committee/individual: Document owner: Document
More informationNETWORK SECURITY POLICY
NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Page 1 of 46 Policy Title: Executive Summary: Information Governance Policy This policy seeks to identify the actions required to ensure that information is appropriately
More informationStandard Operating Procedure for the Management of Information Governance Serious Incidents Requiring Investigation (IG SIRI)
Standard Operating Procedure for the Management of Information Governance Serious Incidents Requiring Investigation (IG SIRI) DOCUMENT CONTROL: Version: V1 Ratified by: Risk Management Sub Group Date ratified:
More information