Incident Type. Non Complia nt Orgs as of 31st Mar 2012
|
|
- Roland Knight
- 8 years ago
- Views:
Transcription
1 Data Loss Indicator Information Governance/Data Loss Indicator This following table and graph provide details of incidents by month, broken down by type of incident, and the latest published IG Toolkit performance in terms of number of organisations that are a) fully compliant, b) compliant with key security requirements and c) non-compliant. Cluster LONDON Organisation Types Number of Orgs IG Toolkit Compliance Fully Complia nt Orgs as of 31st Mar 2012 Security Complia nt Only Orgs as of 31st Mar 2012 Non Complia nt Orgs as of 31st Mar 2012 Incident Type I Loss/Theft from secured IV Unauthorised II Loss/Theft from outside secured V Other III Unsecure disposal of data No of Incidents for the quarter ( to No of Incidents for Jul-11 to Jun-12 Jun-12) by Type I II III IV V I II III IV V Commissioner Provider Commissioner Provider NORTH Commissioner Provider SOUTH Commissioner Provider Other bodies where incidents have occurred Sub Total Total Key: Fully Compliant as of 31st Mar 2012: Organisations have achieved level 2 or 3 across all IGT Requirements Security Compliant Only as of 31st Mar 2012: Organisations have achieved level 2 or 3 across all Key Information Security Requirements Non Compliant as of 31st Mar 2012: Organisations have not met minimum level 2 on one or more requirements 1
2 ANNEX A Data Loss Incidents within the Quarter Apr - Jun 2012 Date of Incident Cluster Organisation Name ICO Grade (I, II, III, IV,V) Volume Format (Paper/Digital/Other) Summary of Incident NORTH Mid Yorkshire Hospitals NHS Trust 26 Paper Patient discharge details of 26 patients inadvertently included in discharge medication package. Bedford Hospital NHS Trust 111 Paper A Community midwife had her car stolen. Maternity records containing patient information were in the care. Birmingham And Solihull Mental Health NHS Foundation Trust 48 Paper A brief case was stolen from the boot of a CPN's car overnight, found in a local park and there is a possibility that a caseload list containing patient names and addresses has been taken. 2
3 Incident Cluster Organisation Name ICO Grade (I, II, III, IV,V) Volume Format (Paper/Digital/Other) Summary of Incident East of England Ambulance Service NHS Trust 1650 Digital 1650 patient identifiable records stored on the Falls Register distributed to 7 individuals internal and external to the Trust via secure NHS mail. However, this was an inappropriate distribution to the wrong individuals. Ipswich Hospital NHS Trust I - Loss/theft from secured Unknown Paper A patient list was left at a patient bedside and removed from the Trust site by a patient s relative. Peterborough And Stamford Hospitals NHS Foundation Trust 38 Paper A ward list containing 38 patient's personal and clinical details was included in a patient's take-home discharge information. The Royal Wolverhampton Hospitals NHS Trust 1 Paper Confidential child protection report of a patient was left in the home of another patient who lived in the same street. Worcestershire Acute Hospitals NHS Trust 13 Paper A sheet containing clinical/patient identifiable information found by a member of the public in the A&E Car Park. SOUTH BUPA Home Healthcare 40 Digital Loss of inadequately protected laptop from outside secured NHS. SOUTH Royal Cornwall Hospitals NHS Trust 70 Paper Midwifes notebook with 70 patient s SPD was stolen from her house. 3
4 Incident Cluster Organisation Name ICO Grade (I, II, III, IV,V) Volume Format (Paper/Digital/Other) Summary of Incident NORTH Bury PCT I - Loss/theft from secured 45 Digital USB stick used to transfer records from ultrasound machine to laptop is missing from AAA service at Wythenshawe Hospital. NORTH Southport and Ormskirk Hospital NHS Trust 32 Paper Trust vehicle stolen. It contained 4 patient s medical records 1 employee personnel record and 27 patient referral letters SOUTH Isle of Wight NHS PCT 100+ Paper Bag containing encrypted laptop and files with clinical/patient identifiable information found at bus stop by member of the public. LONDON NHS Shared Business Services Ltd obo The Royal Marsden NHS Trust I - Loss/theft from secured 1000 Paper Batch of payslips stolen from courier. NORTH Dr Moss and Partners I - Loss/theft from secured 25 Digital Lost USB stick containing 25 DS low risk data. Shrewsbury & Telford NHS Trust 1 Paper A patient was presented with a set of notes and consent form which belonged to a relative, disclosed in error by the fertility department. West Essex PCT Unknown Digital Member of staff put slightly amended patient details on Facebook. 4
5 Incident Cluster Organisation Name ICO Grade (I, II, III, IV,V) Volume Format (Paper/Digital/Other) Summary of Incident SOUTH Kent Community Health NHS Trust I - Loss/theft from secured 183 Paper Unable to locate 183 patient files (inc deceased patients). SOUTH Oxford Health NHS Foundation Trust Unknown Digital List of DS Sensitive data sent to all GP Practices in the area instead of separately per practice. SOUTH Southern Health NHS Foundation Trust Paper A4 ring binder left on pay machine at a multi storey car park. Jun-12 LONDON Camden PCT 207 Digital E mail to GP's including PD of other GP surgeries. Jun-12 NORTH Barnsley Hospital NHS Foundation Trust Unknown Paper Letters sent to patients instead of GP including letters about other patients. Jun-12 NHS Coventry V - Other Unknown Unknown Premature destruction of deceased patient records. Jun-12 Worcestershire Acute Hospitals NHS Trust 20 Paper Pathology reports containing sensitive results for 18 patients were inadvertently sent to a Payroll Department. Jun-12 SOUTH NHS Surrey III - Unsecure disposal of data 4650 Digital Hard drive sent to contractor for destruction sold on ebay. 5
6 Incident Cluster Organisation Name ICO Grade (I, II, III, IV,V) Volume Format (Paper/Digital/Other) Summary of Incident Jun-12 SOUTH Southern Health NHS Foundation Trust 30 Other Dictaphone lost in park containing details of therapy sessions. Jun-12 N/A General Medical Council Unknown Other Hearing transcript sent via to the wrong recipients. Jun-12 N/A The Leiston Surgery I - Loss/theft from secured 4 Other Missing video camera with footage of patients. 6
7 Appendix A: ICO Action April 2011 to August 2012 Date of Prosecutions 12-Jan-12 A former health worker has pleaded guilty to unlawfully obtaining patient information by accessing the medical records of five members of her ex-husband s family in order to obtain their new telephone numbers A receptionist who unlawfully obtained her sister-in-law s medical records in order to find out about the medication she was taking has been found guilty of an offence under section 55 of the Data Protection Act. 01-Jun-11 A personal injury claims company employee has been prosecuted for illegally obtaining NHS patients information Monetary Penalties 06-Aug Jul Jun Jun Jun A monetary penalty of 175,000 was issued to Torbay Care Trust after sensitive personal information relating to 1,373 employees was published on the Trust s website. A monetary penalty of 60,000 was issued to St George s Healthcare NHS Trust after a vulnerable individual s sensitive medical details were sent to the wrong address. A monetary penalty notice of 225,000 has been served to Belfast Health and Social Care Trust following a serious breach of the Data Protection Act. The breach led to the sensitive personal data of thousands of patients and staff being compromised. The Trust also failed to report the incident to the ICO. A monetary penalty for 90,000 has been served to Telford & Wrekin Council for two serious breaches of the seventh data protection principle. A Social Worker sent a core assessment report to the child s sibling instead of the mother. The assessment contained confidential and highly sensitive personal data. Whilst investigating the first incident, a second incident was reported to the ICO involving the inappropriate of foster carer names and addresses to the children s mother. Both children had to be re-homed. A monetary penalty notice for 325,000 has been served on Brighton and Sussex University Hospitals NHS Trust following the discovery of highly sensitive personal data belonging to tens of thousands of patients and staff including some relating to HIV and Genito Urinary Medicine patients on hard drives sold on an Internet auction site in October and November A monetary penalty notice for 90,000 has been served on Central London Community Healthcare NHS Trust for a serious contravention of the DPA, which occurred when sensitive personal data was faxed to an incorrect and unidentified number. The contravention was repeated on 45 occassions over a number of weeks and compromised 59 data subjects' personal data. A monetary penalty of 70,000 was issued to the London Borough of Barnet following the loss of sensitive information relating to 15 vulnerable children or young people, during a burglary at an employee s home. 7
8 30-15-Feb Feb Feb Jan Dec Nov Nov Jun Feb Feb-11 A monetary penalty of 70,000 has been issued to the Aneurin Bevan Health Board following an incident where a sensitive report - containing explicit details relating to a patient s health - was sent to the wrong person. A monetary penalty of 80,000 has been issed to Cheshire East Council after an containing sensitive personal information about an individual of concern to the police was distributed to 180 unintended recipients. A monetary penalty of 100,000 has been issed to Croydon Council after a bag containing papers relating to the care of a child sex abuse victim was stolen from a London pub. A monetary penalty of 80,000 has been issed to Norfolk County Council for disclosing information about allegations against a parent and the welfare of their child to the wrong recipient. A monetary penalty of 140,000 was issued to Midlothian Council for disclosing sensitive personal data relating to children and their carers to the wrong recipients on five separate occasions. The penalty is the first that the ICO has served against an organisation in Scotland. A monetary penalty of 130,000 was issued to Powys County Council for a serious breach of the Data Protection Act after the details of a child protection case were sent to the wrong recipient. A monetary penalty of 60,000 was issued to North Somerset Council for a serious breach of the Data Protection Act where a council employee sent five s, two of which contained highly sensitive and confidential information about a child s serious case review, to the wrong NHS employee. A monetary penalty of 80,000 was issued to Worcestershire County Council for an incident where a member of staff ed highly sensitive personal information about a large number of vulnerable people to 23 unintended recipients. A monetary penalty of 120,000 was issued to Surrey County Council for a serious breach of the Data Protection Act after sensitive personal information was ed to the wrong recipients on three separate occasions. A monetary penalty of 80,000 was issued to Ealing Council following the loss of an unencrypted laptop which contained personal information. Ealing Council breached the Data Protection Act by issuing an unencrypted laptop to a member of staff in breach of its own policies. A monetary penalty of 70,000 was issued to Hounslow Council following the loss of an unencrypted laptop which contained personal information. Hounslow Council breached the Act by failing to have a written contract in place with Ealing Council. Hounslow Council also did not monitor Ealing Council s procedures for operating the service securely. Undertakings 13-Jul-12 West Lancashire Borough Council. This follows the theft of a business continuity bag containing emergency response documents and personal data relating to 370 council employees. 8
9 Mar Mar Mar Mar Feb Feb Feb Feb-12 the Aneurin Bevan Health Board. This follows an incident where a sensitive report - containing explicit details relating to a patient s health - was sent to the wrong person. This breach was also the subject of a monetary penalty. Leicestershire County Council, following the theft of a briefcase containing sensitive personal data from a social worker s home. Hertfordshire County Council. This follows the loss of an Attendance and Pupil Support consultation folder in January South London Healthcare NHS Trust. This follows the loss of two unencrypted memory sticks, the leaving of a clipboard with ward lists attached in a grocery store and a failure to adequately secure some patient paper files when not in use. All of the information was recovered. An Undertaking has been signed by Pharmacyrepublic Ltd following the theft of a patient medication system containing the medication details of 2000 patients. The system, which was supplied by another firm, should have been securely returned to them by Pharmacyrepublic Ltd before the were vacated. Community Integrated Care, a national social care charity. This follows the theft of an unencrypted laptop containing personal and sensitive personal data. An Undertaking to comply with the seventh data protection principle has been signed by London Borough of Croydon. This follows the theft of a bag belonging to a social worker from a public house in London. The bag contained a hard copy file of papers concerning a child who is in the care of the Council. This incident was also subject to a monetary penalty which was announced earlier this month. Dr Pervinder Sanghera of Arthur House Dental Care. This follows the discovery of an unencrypted memory stick containing personal and limited sensitive personal data relating to patients and employees of the practice. Healthcare provider Turning Point has signed an undertaking committing the organisation to take action after the loss of three service users files during an office relation. Five local authorities have signed undertakings to comply with the seventh data protection principle, following incidents where the councils failed to take appropriate steps to ensure that personal information was kept secure. Basingstoke and Deane Borough Council breached the Data Protection Act on four separate occasions during a two month period last year. The breaches included an incident in May when an individual was mistakenly sent information relating to 29 people who were living in supported housing. Brighton and Hove Council ed the details of another member of staff s annual salary - and the deductions made from this - to 2,821 council workers. A third party also informed the ICO of a historic breach which occurred in May 2009 when an unencrypted laptop was stolen from the home of a temporary employee. 9
10 10-Feb Jan Nov Nov Nov Oct Oct Oct Oct Sep Sep Sep-11 Undertakings have been signed by Dacorum Borough Council, Bolton Council and Craven District Council. Praxis Care Limited breached both the UK Data Protection Act and the Isle of Man Data Protection Act by failing to keep peoples data secure. An unencrypted memory stick, containing personal information relating to 107 Isle of Man residents and 53 individuals from Northern Ireland, was lost on the Isle of Man. An undertaking to comply with the seventh principle of the DPA has been signed by The London Borough of Southwark, further to the inappropriate disposal personal of an imac computer and paper records. The matter was brought to the attention of the ICO when the afore mentioned items were found by a member of the public in a skip being used to cleanse a decommissioned and vacant property, which was part of a complex previously owned by the data controller. A substantial volume of sensitive personal data relating to around 7,200 individuals was contained on the imac and within the paper records detailing ethnicity, medical history and criminal convictions. An undertaking has been signed by Central Essex Community Services after the loss of a birth book containing information about the general health of 249 mothers and their babies. The book which should have been stored in a locked filing cabinet was stored on top of the cabinet in a locked room due to no secure storage space being available. The book has never been recovered. the chief executive of Rochdale Metropolitan Borough Council. This follows an incident earlier this year in which an unencrypted USB stick containing some personal data relating to thousands of local residents was lost. An Undertaking to comply with the seventh data protection principle has been signed by University Hospitals Coventry & Warwickshire NHS Trust. This follows two separate incidents involving the loss of personal data by the Trust. Dumfries and Galloway Council. This follows the accidental online of current and former employee s personal data in response to a Freedom of Information (Scotland) Act request. An undertaking has been signed by Dartford and Gravesham NHS Trust following the accidental destruction of 10,000 archived records. The records which should have been kept in a dedicated storage area were put in a disposal room due to lack of space. An undertaking has also been signed by Poole Hospital NHS Foundation Trust after two diaries containing information relating to the care of 240 midwifery patients - were stolen from a nurse s car. The diaries included patients names, addresses and details of previous visits and were used by the nurse during out of hours duty. An undertaking to comply with the third and seventh data protection principles has been signed by Eastleigh Borough Council. This follows the potential of a document containing sensitive personal data. Royal Liverpool & Broadgreen University Hospitals NHS Trust. This follows two separate incidents involving the loss of personal data by the Trust. An Undertaking to comply with the seventh data protection principle has been signed by Eastern and Coastal Kent Primary Care Trust. This follows the loss of a CD containing personal data during a move of office. 10
11 09-Sep Sep Sep Sep Aug Aug Jul Jul Jul Jul Jul Jul-11 Walsall Council. This follows the accidental disposal of postal vote statements in a skip by the council s data processor. The council did not have a written agreement with the data processor selected to store this personal data. London Ambulance Service NHS Trust. This follows the theft of a personal unencrypted laptop containing patient data. University Hospital of South Manchester NHS Foundation Trust. This follows the loss of an unencrypted memory stick containing personal information relating to approximately 87 patients. Luton Borough Council. This follows a self reported breach concerning a flaw in the encryption function of a number of Council issue memory sticks. The flaw could allow memory sticks to be formatted removing encryption protection. An undertaking to comply with the seventh principle of the DPA has been signed by the London Borough of Greenwich. This follows two incidents where sensitive personal data was inadvertently disclosed, due to the Council's failure to implement appropriate wording in their ICT policy, stating that the sending of sensitive personal data in business related s to external webmail addresses should be avoided. HCA International Limited. This follows the theft of two unencrypted laptops containing sensitive personal data from one of the group s hospitals in March. Kirklees Metropolitan Council. This follows the inappropriate of personal data by care workers contracted by Kirklees Metropolitan Council. Northamptonshire Healthcare NHS Foundation Trust. This follows the loss of one individual s medical records. Basildon and Thurrock University Hospitals NHS Foundation Trust. This follows the transmission of a fax containing sensitive personal data to the wrong recipient. An undertaking to comply with the seventh principle of the DPA has been signed by Dunelm Medical Practice, further to the inappropriate facsimilie transmission and subsequent of two patient's electronic discharge letters, which contained sensitive personal data, including medical information. East Midlands Ambulance Service NHS Trust. This follows the transmission of a fax containing sensitive personal data to the wrong recipient.. the Ipswich Hospital NHS Trust. This follows the discovery of 29 patient records containing sensitive personal data in a public place. 11
12 01-Jul Jun May May Apr Apr Apr Apr Apr Apr Apr Apr-11 Lancashire Teaching Hospitals NHS Foundation Trust. This follows the faxing of sensitive personal data to a member of the public on more than one occasion. North Lanarkshire Council. This follows the theft of hard copy documents containing sensitive personal data. the charity Asperger s Children & Carers Together (ACCT). This follows the theft of an unencrypted laptop containing sensitive personal data last Christmas. Somerset County Council. This is a result of a teenager s social care records having been sent to the wrong family. NHS Birmingham East and North. This follows the discovery that Trust employees could access electronic files unrelated to the department they worked in. An undertaking to comply with the seventh principle of the DPA has been signed by Norwich City College of Further and Higher Education, detailing two instances, where a total of 80 student files, some of which contained sensitive personal data including medical information, were inappropriately disposed of. the Borough of Poole. The Council reported that faxes had been sent to the wrong number on three occasions last year. University College London Hospitals NHS Foundation Trust. This follows the discovery of an unencrypted memory stick off Trust. The memory stick contained sensitive personal data relating to 750 Trust patients. NHS Liverpool Community Health has signed an undertaking after it breached the Data Protection Act (DPA) by losing papers relating to the medical history of 31 children and their birth mothers during a move in October last year. The ICO s investigation found that NHS Liverpool had no formal contract in place with the removal company to handle personal data - a requirement of the Act - and had no process in place to ensure personal data was kept secure throughout the move. In a separate incident, the ICO has also found the Council for Healthcare Regulatory Excellence (CHRE) in breach of the Act after the possible loss of documents from complaint review files containing sensitive personal data. However due to weaknesses in CHRE s document recording, administration and communication processes the organisation cannot be certain if the information was ever received or whether it was subsequently lost or destroyed. An undertaking to comply with the seventh principle of the DPA has been signed by City of York Council, further to the inappropriate of an individual s personal data, which occurred as a result of the information in question being errouneously included with documentation sent to an unrelated third party. Royal Cornwall Hospitals NHS Trust. This follows the inappropriate of third party sensitive personal data on two occasions, in response to a subject access request. 12
13 01-Apr-11 Warrington and Halton Hospitals NHS Foundation Trust. This follows the theft on an unencrypted laptop containing sensitive personal data relating to 110 patients. 13
Referrals to Local Authority Adoption Agencies from First4Adoption by region. Q4 January-March 2015
Referrals to Local Authority Adoption Agencies from FirstAdoption by region Q January-March 0 Yorkshire & The Humber LA Adoption Agencies North East LA Adoption Agencies Leeds City Council Barnsley Adoption
More informationHealthwatch Factsheet
Healthwatch Factsheet Independent Complaints Advocacy Service What is the funding available to local authorities for the provision of NHS complaints advocacy? Clause 185 of the Health & Social Care Bill
More informationData Breach Trends October 2015
Data Breach Trends October 2015 Introduction In October 2015 the Information Commissioner s Office (ICO) published the latest data breach trends including incidents by quarter, type of incident and incidents
More informationINFORMATION GOVERNANCE STAFF HANDBOOK
INFORMATION GOVERNANCE STAFF HANDBOOK Contents Why do YOU need to know about Information Governance (IG)?... 2 Keeping Information Safe... 2 Confidentiality... 2 Deciding to Communicate Important Information...
More informationAssessment Notices under the Data Protection Act 1998 Extension of the Information Commissioner s Powers
Assessment Notices under the Data Protection Act 1998 Extension of the Information Commissioner s Powers Consultation Paper CP9/2013 This consultation begins on 25 March 2013 This consultation ends on
More informationPeople Registered Deaf or Hard of Hearing Year ending 31 March 2007, in England
People Registered Deaf or Hard of Hearing Year ending 31 March 2007, in England Adult Social Services Statistics Price: Free Published by The Information Centre Part of the Government Statistical Service
More informationFindings from ICO audits and reviews of community healthcare providers. June 2013 to December 2014
Findings from ICO audits and reviews of community healthcare providers June 2013 to December 2014 Introduction The Information Commissioner s Office (ICO) is the regulator responsible for ensuring that
More informationInformation Governance
CONTROLLED Information Governance Caldicot Version-Workbok Non Caldicott Version - Workbook Version 12 January 2015 40 1 Don t Get Bitten by the Data Demon Notes Using this Workbook The objective of this
More informationPATIENT SAFETY ALERTS: IMPLEMENTATION; MONITORING; AND REGULATION IN ENGLAND
PATIENT SAFETY ALERTS: IMPLEMENTATION; MONITORING; AND REGULATION IN ENGLAND FEBRUARY 2014 Background Patient Safety Alerts are instructions on how to limit the risk of known repeated problems which cause
More informationDATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff
DATA PROTECTION IT S EVERYONE S RESPONSIBILITY An Introductory Guide for Health Service Staff 1 Message from Director General Dear Colleagues The safeguarding of and access to personal information has
More informationData Protection Policy
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
More informationTables showing the number of reported physical assaults on NHS staff in 2014/15 National Summary by Sector Type
Tables showing the number of reported physical assaults on NHS staff in 2014/15 National Summary by Sector Type Sources (1) NHS Protect Physical Assault Statistics 2014/15 (2) Physical assaults at (1)
More informationDATA PROTECTION WHY YOU NEED IT. Michael Brophy CEO London, 8 th November, 2013
DATA PROTECTION WHY YOU NEED IT Michael Brophy CEO London, 8 th November, 2013 OVERVIEW: Data Protection Why You Need It What has gone wrong in other organizations (ICO Sept 2011 to Sept 2012) What has
More informationThe Hardship Fund An applicant s guide
The Hardship Fund An applicant s guide Criminal Injuries Compensation Authority November 26, 2012 Crown Copyright 2012 You may re-use this information (excluding logos) free of charge in any format or
More informationIG Toolkit Version 8. Information Security Assurance. Requirement 322. Detailed Guidance on Secure Transfers
IG Toolkit Version 8 Information Security Assurance Requirement 322 Detailed Guidance on Secure Transfers IG Toolkit Version 8 Requirement 322: Detailed guidance on secure transfers Page 1 of 7 All transfers
More informationInformation Security Policy London Borough of Barnet
Information Security Policy London Borough of Barnet DATA PROTECTION 11 Document Control POLICY NAME Document Description Information Security Policy Policy which sets out the council s approach to information
More informationComplaints about acute trusts 2013-14 and Q1, Q2 2014-15
Complaints about acute trusts 2013-14 and Q1, Q2 2014-15 Contents Foreword 2 Introduction 3 Complaints about the NHS 4 Overview of about acute trusts 6 Reasons for 7 Complaint volumes for each acute trust
More informationChecklist Guidance for Reporting, Managing and Investigating Information Governance Serious Incidents Requiring Investigation
Checklist Guidance for Reporting, Managing and Investigating Information Governance Serious Incidents Requiring Investigation 1 st June 2013 Version 2.0 Revision History Version Date Summary of Changes
More informationSchools. Applying for a sch.uk. Fees. Where to apply
Schools Schools in the UK are eligible to register a.sch.uk domain name of their choice. These domains follow the format school name.area.sch.uk. For example a.sch.uk domain name could look like st-marys.oxon.sch.uk
More informationData Protection and Information Security Policy and Procedure
Data Protection and Information Security Policy and Procedure Document Detail Category: Data Protection Authorised By: Full Governing Body Author: School Business Manager Version: 1 Status: Approved May
More informationPAPER RECORDS SECURE HANDLING AND TRANSIT POLICY
PAPER RECORDS SECURE HANDLING AND TRANSIT POLICY CORPORATE POLICY Document Control Title Paper Records Secure Handling and Transit Policy Author Information Governance Manager ** Owner SIRO/CIARG Subject
More informationOLDER PEOPLE IN HAMMERSMITH AND FULHAM - FUTURE NURSING HOME PROVISION
AGENDA ITEM NO. 5 HEALTH AND ADULT SOCIAL CARE SCRUTINY COMMITTEE 16 November 2006 SUBJECT OLDER PEOPLE IN HAMMERSMITH AND FULHAM - FUTURE NURSING HOME PROVISION WARD/S ALL CONTRIBUTORS PCT SYNOPSIS This
More informationSo the security measures you put in place should seek to ensure that:
Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.
More informationData Security and Extranet
Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:
More informationEveryone in the workplace has a legal duty to protect the privacy of information about individuals. AEP/BELB/LJ/2010 Awareness Session
Everyone in the workplace has a legal duty to protect the privacy of information about individuals AEP/BELB/LJ/2010 Awareness Session During 2007 alone, 36,989,300 people in the UK have had their private
More informationProfessional Training in Complaints Handling and Investigations
Professional Training in Complaints Handling and Investigations A range of one-day courses and a nationally recognised qualification equipping staff with the essential skills and knowledge to undertake
More informationMobility and Young London Annex 4: Sharing Information Securely
Young London Matters April 2009 Government Office For London Riverwalk House 157-161 Millbank London SW1P 4RR For further information about Young London Matters contact: younglondonmatters@gol.gsi.gov.uk
More informationBARNSLEY CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLICY
Putting Barnsley People First BARNSLE CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLIC Version: 2.0 Approved By: Governing Body Date Approved: Feb 2014 (initial approval), March
More informationInformation Governance Manual Training Booklet
Information Governance Manual Training Booklet Introduction This booklet is aimed at staff who do not access a computer whilst working for the Trust. If you have access to a computer, you must complete
More informationTHE NEWCASTLE UPON TYNE HOSPITALS NHS FOUNDATION TRUST BEST PLACES TO WORK IN THE NHS 2015
THE NEWCASTLE UPON TYNE HOSPITALS NHS FOUNDATION TRUST BEST PLACES TO WORK IN THE NHS 2015 Agenda item A7(ii) 1. INTRODUCTION On 7 th July 2015, the Health Service Journal and its sister title Nursing
More informationImproving services for substance misuse Diversity, and inpatient and residential rehabilitation services
Improving services for substance misuse Diversity, and inpatient and residential rehabilitation services Joint service review January 2009 Commission for Healthcare Audit and Inspection. This document
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3
More informationInformation Governance
Information Governance Safe Haven Procedures; Guidance for all BHR CCG Staff Fax Machines Email Postage Telephone Conversations Fax Machines Confidential information faxed in emergency situations only
More informationCorporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
More informationHow To Understand The Data Protection Act
DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and
More informationDATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE
DATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE 1. INTRODUCTION Annex C 1.1 Surrey Heath Borough Council (SHBC) processes personal data and must respond appropriately against unauthorised or unlawful
More informationSomerset County Council - Data Protection Policy - Final
Organisation Title Author Owner Protective Marking Somerset County Council Data Protection Policy - Final Peter Grogan Information Governance Manager Unclassified POLICY ON A PAGE Somerset County Council
More informationList of approved programmes approved mental health professionals
Education and Training Committee 12 June 2012 List of approved programmes approved mental health professionals Executive summary and recommendations This paper provides Committee with an update on the
More informationSecurity Awareness. A Supplier Guide/Employee Training Pack. May 2011 (updated November 2011)
Security Awareness A Supplier Guide/Employee Training Pack May 2011 (updated November 2011) Contents/Chapters 1. How do I identify a DWP asset 2. Delivering on behalf of DWP - Accessing DWP assets 3. How
More informationInformaon Governance eassessment FACT SHEET
Based on the Core Skills Framework Informaon Governance eassessment FACT SHEET Wrien by Developed in collaboraon with Information Governance and Health Records Audit and Compliance Manager Data protecon
More informationData controllers and data processors: what the difference is and what the governance implications are
ICO lo : what the difference is and what the governance implications are Data Protection Act Contents Introduction... 3 Overview... 3 Section 1 - What is the difference between a data controller and a
More informationInformation Incident Management. and Reporting Policy
Information Incident Management and Reporting Policy Policy ID IG10 Version: 1 Date ratified by Governing Body 21/3/2014 Author South CSU Date issued: 21/3/2014 Last review date: N/A Next review date:
More informationPolicy: IG01. Information Governance Incident Reporting Policy. n/a. Date ratified: 16 th April 2014
Policy: IG01 Information Governance Incident Reporting Policy Version: IG01/01 Ratified by: Trust Management Team Date ratified: 16 th April 2014 Title of Author: Head of Governance Title of responsible
More informationData Protection Policy
Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's
More informationMerthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
More informationTrade union office space
Research Note 141 17 October 2014 Trade union office space By Harry Phibbs and Alex Wild Previous TaxPayers Alliance research has shown how trade unions received a subsidy of at least 108 million from
More informationThe Director of Social Services Chief Executive - Care Trusts Chief Executive - Strategic Health Authorities
Local Authority Circular LAC(DH)(2012)03 To: The Chief Executive County Councils } Metropolitan District Councils } England Shire Unitary Councils } London Borough Councils Common Council of the City of
More informationPortable Devices and Removable Media Acceptable Use Policy v1.0
Portable Devices and Removable Media Acceptable Use Policy v1.0 Organisation Title Creator Oxford Brookes University Portable Devices and Removable Media Acceptable Use Policy Information Security Working
More informationAT&T Global Network Client for Windows Product Support Matrix January 29, 2015
AT&T Global Network Client for Windows Product Support Matrix January 29, 2015 Product Support Matrix Following is the Product Support Matrix for the AT&T Global Network Client. See the AT&T Global Network
More informationDATA PROTECTION POLICY
Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection
More informationIncident reporting procedure
Incident reporting procedure Responsible Officer Author Date effective from Aug 2009 Date last amended Aug 2009 Review date July 2012 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance
More informationInformation Governance Serious Incident Requiring Investigation Policy and Procedure
Information Governance Serious Incident Requiring Investigation Policy and Procedure Document Control Sheet Name of document: Information Governance Serious Incident Requiring Investigation (SIRI) Policy
More informationCancer Patient Experience Survey: Insight Report and League Table 2012 13
Cancer Patient Experience Survey: Insight Report and League Table 2012 13 September 2013 Macmillan Cancer Support, registered charity in England and Wales (261017), Scotland (SC039907) and the Isle of
More informationDean Bank Primary and Nursery School. Data Protection Policy
Dean Bank Primary and Nursery School Data Protection Policy January 2015 Data Protection Policy Dean Bank Primary and Nursery School handles increasing amounts of personal information and have a statutory
More informationBexley 020 8269 8692 bexleynhscomplaints@advocacyforall.org.uk
Local Authority Telephone Contact details Barking & Dagenham 0300 330 5454 nhscomplaints@voiceability.org Barnet 0300 330 5454 nhscomplaints@voiceability.org Barnsley 01226 240273 diailbarnsley.org.uk
More informationInformation Governance Checklist and Privacy Impact Assessments
Information Governance Checklist and Privacy Impact Assessments Authorship: Committee Approved: Chris Wallace Information Governance Manager Quality and Clinical Governance Committee Approved date: 1 Feb
More informationInformation and Data Security
Information and Data Security Guidance for Knowsley Schools Version 4.0 Version Control Record: Revision Date Author Summary of Changes V1.0 19 th November 2008 L Hornsby V2.0 18 February 2010. Maria Bannister
More informationData Transfer Policy London Borough of Barnet
London Borough of Barnet DATA PROTECTION 11 Document Control Document Description Data Transfer Policy Version v.2 Date Created December 2010 Status Authorisation Name Signature Date Prepared By: IS Checked
More informationInformation Governance in Commissioning. Mental Health Commissioners Collaborative
Information Governance in Commissioning Mental Health Commissioners Collaborative Introduction David Stone Head of Information Governance Apira Limited david.stone@apira.co.uk 07947 052704 2011/12 Standard
More informationHOT!! Privacy Issues:
September, 2015 HOT!! Privacy Issues: Handle with care................... Micheal Harding Legislative & Policy Analyst Legislative Unit Manitoba Health, Healthy Living and Seniors By the end of 2016, the
More informationProcedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom
Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom Indirani 02/11/2009 Draft 2 Include JG s comments Jackie Groom
More informationGood Practice in Records Management and Information Security
Good Practice in Records Management and Information Security BELB LJ Schools 2013 How Valuable are Records & Documents? Valuable only because of the information they contain. Usable if they can be accessed
More informationPhotography and filming in schools Code of Practice
Photography and filming in schools Code of Practice Data Protection compliance September 2010 Photography and filming in schools September 2010 1 Contents 1. About this code 3 2. Complying with the Data
More informationIncident Reporting Procedure
Incident Reporting Procedure Version: Version 1 Ratified by: HEE Board Date ratified: 20 March 2014 Name and Title of Mike Jones, Corporate Secretary originator/author(s): Name of responsible Director:
More informationDATA PROTECTION AUDIT GUIDANCE
DATA PROTECTION AUDIT GUIDANCE CONTENTS Section I: Section II: Audit of Processing of Personal Data Audit Procedure Appendices: A B C D E Audit Form List of Purposes List of data subjects List of data
More informationOnce more unto the breach... Dealing with Personal Data Security Breaches. Helen Williamson Information Governance Officer
Once more unto the breach... Dealing with Personal Data Security Breaches Helen Williamson Information Governance Officer Aims of the session What are we going to look at? What is a data security breach?
More informationHuman Resources Policy documents. Data Protection Policy
Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and
More informationInformation Management Policy CCG Policy Reference: IG 2 v4.1
Information Management Policy CCG Policy Reference: IG 2 v4.1 Document Title: Policy Information Management Document Status: Final Page 1 of 15 Issue date: Nov-2015 Review date: Nov-2016 Document control
More informationFEATURES LIST 2012. Simon Quantrill Sharon Quantrill m: 07825 186873 m: 07825 290418 e: simon@q2design.co.uk e: sharon@q2design.co.uk.
FEATURES LIST 2012 Simon Quantrill Sharon Quantrill m: 07825 186873 m: 07825 290418 e: simon@q2design.co.uk e: sharon@q2design.co.uk t: 01789 730833 www.q2design.co.uk FEATURES: january 2012 Midlands Business
More informationComplaints Annual Report 2011/2012
Complaints Annual Report 2011/2012 This report incorporates complaints handling for Basingstoke and North Hampshire NHS Foundation Trust and Winchester and Eastleigh Healthcare Trust for the period 1 April
More informationInformation Governance Framework and Strategy. November 2014
November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date
More informationCorporate Data Protection Policy
Corporate Data Protection Policy September 2010 Records Management Policy RMP-09 GOLDEN RULE When you think about Data Protection remember that we are all data subjects. Think about how appropriately and
More informationElectronic health records: data protection issues in Europe
Electronic health records: data protection issues in Europe By Clare Sellars and Dr Amanda Easey IPM&T Group, McDermott Will & Emery UK LLP This article has been published in the April 2008 issue of BNAI
More informationGuidance in Relation to Requirements of the Abortion ACT 1967. For all those responsible for commissioning, providing and managing service provision
Guidance in Relation to Requirements of the Abortion ACT 1967 For all those responsible for commissioning, providing and managing service provision May 2014 Title: Guidance in Relation to Requirements
More informationDATA PROTECTION AND DATA STORAGE POLICY
DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether
More informationSecurity Incident Management Policy
Security Incident Management Policy January 2015 Document Version 2.4 Document Status Owner Name Owner Job Title Published Martyn Ward Head of ICT Business Delivery Document ref. Approval Date 27/01/2015
More informationDATA MANAGEMENT POLICY AND GUIDANCE FOR SAFEGUARDERS
DATA MANAGEMENT POLICY AND GUIDANCE FOR SAFEGUARDERS Contents 1. Introduction... 3 2. The purpose of this guidance... 4 3. Data protection and safeguarders registering as Data Controllers... 4 4. How to
More informationInformation Governance Management Framework
Information Governance Management Framework Document Status: Approved Version: v 1.3 DOCUMENT CHANGE HISTORY Version Date Comments (i.e. viewed, or reviewed, amended, approved by person or committee v1.0
More informationChild Obesity Statistics for PCT Clusters
Child Obesity Statistics for PCT Clusters September 2011 Delivered by NOO on behalf of the Public Health Observatories in England Obesity prevalence Introduction and methods Introduction The (NCMP) measures
More informationPrivacy Impact Assessment and Information Governance Checklist
Privacy Impact Assessment and Information Governance Checklist Review and Amendment Log / Control Sheet Responsible Officer: Clinical Chief Officer Clinical Lead: Author: Dr. Dave Mitchell Medical Director/Caldicott
More informationNon ASPH Trust Staff - DATA ACCESS REQUEST Page 1/3
Paper 9 Non ASPH Trust Staff - DATA ACCESS REQUEST Page 1/3 Please ensure that all THREE pages of this contract are returned to: Information Governance Manager, Health Informatics, Chertsey House, St Peter
More informationPrevention and early Diagnosis of Type 2 DiaBetes LET S GET IT RIGHT
Prevention and early Diagnosis of Type 2 DiaBetes THE NHS HEALTH CHECK PROGRAMME LET S GET IT RIGHT CONTENTS Foreward 3 summary 4 nhs health check programme 6 APPENDIX: National and regional statistics
More informationData protection policy
Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data
More informationAssessment and management of Cirrhosis Stakeholders
Assessment and management of Cirrhosis Stakeholders 5 Boroughs Partnership NHS Foundation Trust AbbVie Advisory Group on Hepatitis Allocate Software PLC Association for Clinical Biochemistry and Laboratory
More informationData Protection and Information Security. Procedure for reporting a breach of data security. April 2013
Data Protection and Information Security Procedure for reporting a breach of data security April 2013 Page 1 of 6 Created on: 01/04/2009 Contents 1 Introduction... 3 2 Data Classification... 3 3 What Is
More informationINFORMATION GOVERNANCE AND DATA PROTECTION POLICY
INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy
More informationAtopic eczema in under 12s: diagnosis and management Stakeholders
Atopic eczema in under 12s: diagnosis and management Stakeholders A.Menarini Pharma U.K. S.R.L. AAH Pharmaceuticals Action for Sick Children Airsonett UK Limited Alder Hey Children's NHS Foundation Trust
More informationCouncil, 14 May 2015. Information Governance Report. Introduction
Council, 14 May 2015 Information Governance Report Introduction 1.1 The Information Governance function within the Secretariat Department is responsible for the HCPC s ongoing compliance with the Freedom
More informationInformation Management Handbook for Schools. Information Management Handbook for Schools London Borough of Barnet
Information Management Handbook for Schools London Borough of Barnet Document Name Document Description Information Management Handbook for Schools This document is intended for use by Barnet Borough Schools.
More informationwww.informationlaw.org.uk Information Law Training and Advice Access to Deceased Persons Records under the Freedom of Information Act 2000
First published in World Data Protection Report (November 2007) Access to Deceased Persons Records under the Freedom of Information Act 2000 The dead can t sue or so the saying goes. But do they have a
More informationNIGB. Information Governance Untoward Incident Reporting and Management Advice for Local Authorities
Information Governance Untoward Incident Reporting and Management Advice for Local Authorities March 2013 Contents Page 1. The Role of the NIGB.....3 2. Introduction...4 3. Background Information...6 4.
More informationSafe Haven Policy. Equality & Diversity Statement:
Title: Safe Haven Policy Reference No: 010/IT Owner: Deputy Chief Officer Author Information Governance Lead First Issued On: November 2012 Latest Issue Date: March 2015 Operational Date: March 2015 Review
More informationSecure Storage, Communication & Transportation of Personal Information Policy Disclaimer:
Secure Storage, Communication & Transportation of Personal Information Policy Version No: 3.0 Prepared By: Information Governance, IT Security & Health Records Effective From: 20/12/2010 Review Date: 20/12/2011
More informationNHS Sickness Absence Rates. January 2014 to March 2014 and Annual Summary 2009-10 to 2013-14
NHS Sickness Absence Rates January 2014 to March 2014 and Annual Summary 2009-10 to 2013-14 Published 22 July 2014 We are the trusted source of authoritative data and information relating to health and
More informationGuidance on data security breach management
ICO lo Guidance on data security breach management Data Protection Act Contents... 1 Data Protection Act... 1 Overview... 1 Containment and recovery... 2 Assessing the risks... 3 Notification of breaches...
More informationFive Year Rental Index 2008 to 2012
Five Year Rental Index 2008 to 2012 Contents Belvoir Rental Index 2008 to 2012... 3 Introduction... 3 Report Highlights... 5 National Rental Trends... 6 Rents from a Tenant s perspective... 7 Rents from
More informationInformation governance
Information governance Staff handbook RDaSH 88 02 Information governance Introduction to information governance Overview 88 03 Information governance or IG - includes information security and confidentiality,
More informationINFORMATION MANAGEMENT & TECHNOLOGY SECURITY POLICY
Information Management & Technology Security Policy INFORMATION MANAGEMENT & TECHNOLOGY SECURITY POLICY POLICY NO IM&T 003 DATE RATIFIED October 2010 NEXT REVIEW DATE October 2013 POLICY STATEMENT/KEY
More informationData Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014
Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware
More information