Data Protection Policy



Similar documents
Information Governance Policy

How To Ensure Information Security In Nhs.Org.Uk

INFORMATION GOVERNANCE POLICY

Business Continuity Policy

Business Continuity Policy

INFORMATION GOVERNANCE POLICY

Policy Document Control Page

Health and Safety Policy

Information Management Policy CCG Policy Reference: IG 2 v4.1

Risk Management Policy and Process Guide

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

Guidance for NHS commissioners on equality and health inequalities legal duties

CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY. December 2014

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

NHS Commissioning Board: Information governance policy

Information Governance Policy

Version Number Date Issued Review Date V1 25/01/ /01/ /01/2014. NHS North of Tyne Information Governance Manager Consultation

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

Information Governance Policy

INFORMATION GOVERNANCE STRATEGY

Data Protection Policy

Subject Access Request (SAR) Procedure

Information Governance Policy

Little Marlow Parish Council Registration Number for ICO Z

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

Grievance and Disputes Policy and Procedure. Document Title. Date Issued/Approved: 10 August Date Valid From: 21 December 2015

Data Protection Policy

Information Governance Strategy

The Newcastle upon Tyne Hospitals NHS Foundation Trust

HERTSMERE BOROUGH COUNCIL

How To Protect Your Personal Information At A College

Information Governance Strategy :

CCG Social Media Policy

PERFORMANCE REVIEW AND DEVELOPMENT POLICY HR07

JOB DESCRIPTION. Information Governance Manager

Information Governance Policy

How To Ensure Network Security

The Newcastle upon Tyne Hospitals NHS Foundation Trust. Employment Policies and Procedures

INFORMATION GOVERNANCE POLICY

BUSINESS CONTINUITY POLICY RM03

INFORMATION GOVERNANCE POLICY

SUBJECT ACCESS REQUEST PROCEDURE

CCG: IG06: Records Management Policy and Strategy

Introduction to UK Employment Laws for U.S. Employers

DATA PROTECTION POLICY

Your Application and Our Recruitment Process

BUCKINGHAMSHIRE COUNTY COUNCIL SCHOOLS GRIEVANCE POLICY AND PROCEDURE

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16

SOCIAL MEDIA POLICY. Senior Governance Officer, NHS North of England Commissioning Support Unit Reference No

Information Governance Strategy

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

NETWORK SECURITY POLICY

Data Protection Policy

Data Protection Breach Management Policy

SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES

The Newcastle upon Tyne Hospitals NHS Foundation Trust. Occupational Health Records Management and Retention Operational Policy

NHS England Equality Information Patient and Public Focus First published January 2014 Updated May 2014 Publication Gateway Reference Number: 01704

Information Governance Policy

SICKNESS ABSENCE POLICY. Version:

Student Debt Management Policy and Procedures

Information Governance and Risk Stratification: Advice and Options for CCGs and GPs

Type of change. V02 Review Feb 13. V02.1 Update Jun 14 Section 6 NPSAS Alerts

Information Governance Policy

DATA PROTECTION ACT 1998 COUNCIL POLICY

NHS 111 National Business Continuity Escalation Policy

Policy Document Control Page

Information Sharing Policy

Policies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1

Information Governance Strategy. Version No 2.0

DATA PROTECTION AUDIT GUIDANCE

Bring Your Own Device (BYOD) Policy

EQUALITY AND DIVERSITY POLICY & PROCEDURE MICHAEL W HALSALL (SOLICITORS)

Insert CCG Logo. Flexi Time Scheme

Fast Track Pathway Tool for NHS Continuing Healthcare

Merthyr Tydfil County Borough Council. Data Protection Policy

Exit Questionnaire and Exit Interview Procedure

Corporate ICT & Data Management. Data Protection Policy

DATA PROTECTION AND DATA STORAGE POLICY

Information & ICT Security Policy Framework

INFORMATION GOVERNANCE STRATEGY NO.CG02

Data Protection Policy

The Newcastle upon Tyne Hospitals NHS Foundation Trust. Claims Management Policy

Employment Law Guide

Appendix 1 EQUALITY IMPACT: SCREENING AND ASSESSMENT FORM

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

Transcription:

Issue Date: June 2014 Document Number: POL_1006 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading length; please depending delete other on line length; please delete Insert cover heading options depending once you other cover options once on have line length; chosen please one. 20pt delete you have chosen one. 20pt other cover options once you have chosen one. 20pt Status: Approved Next Review Date: May 2017 Page 2 of 12

Information Reader Box Directorate Medical Nursing Patients & Information Finance Purpose Tools Guidance Resources Consultations Operations Commissioning Development Policy Transformation & Corporate Operations Publications Gateway Reference 00149 Document Purpose Document Name Policy and High Level Procedures Publication Date April 2013 Target Audience Additional Circulation List Description Cross Reference Superseded Document Action Required Timing/Deadlines Author All NHS England staff n/a Policy and high level procedures for compliance with the Data Protection Act n/a n/a To Note n/a Carol Mitchell, Information Governance Senior Manager 5e40, Quarry House LEEDS Tel: 01132545935 E-mail: carol.mitchell5@nhs.net Status: Approved Next Review Date: May 2017 Page 3 of 12

Document Status This is a controlled document. Whilst this document may be printed, the electronic version posted on the intranet is the controlled copy. Any printed copies of this document are not controlled. As a controlled document, this document should not be saved onto local or network drives but should always be accessed from the intranet. Status: Approved Next Review Date: May 2017 Page 4 of 12

Contents Information Reader Box... 3 Document Status... 4 Contents... 5 1. Introduction... 6 2. Scope... 7 3. Roles and Responsibilities... 7 4. Distribution and Implementation... 9 5. Monitoring... 9 6. Equality Impact Assessment... 9 7. Associated Documents... 10 Version Control Tracker... 11 Status: Approved Next Review Date: May 2017 Page 5 of 12

1. Introduction 1.1 Background 1.1.1 NHS England needs to collect personal information about people with whom it deals in order to carry out its business and provide its services. Such people include patients, employees (present, past and prospective), suppliers and other business contacts. The information includes name, address, email address, data of birth, private and confidential information, sensitive information. In addition, we may occasionally be required to collect and use certain types of such personal information to comply with the requirements of the law. No matter how it is collected, recorded and used (e.g. on a computer or on paper) this personal information must be dealt with properly to ensure compliance with the Data Protection Act 1998 (the Act). 1.1.2 The lawful and proper treatment of personal information by NHS England is extremely important to the success of our business and in order to maintain the confidence of our service users and employees. We ensure that the NHS England treats personal information lawfully and correctly. 1.2 Data Protection Principles 1.2.1 NHS England fully supports and complies with the eight principles of the Act which are summarised below: 1. Personal data shall be processed fairly and lawfully. 2. Personal data shall be obtained/processed for specific lawful purposes. 3. Personal data held must be adequate, relevant and not excessive. 4. Personal data must be accurate and kept up to date. 5. Personal data shall not be kept for longer than necessary. 6. Personal data shall be processed in accordance with rights of data subjects. 7. Personal data must be kept secure. 8. Personal data shall not be transferred outside the European Economic Area (EEA) unless there is adequate protection. Status: Approved Next Review Date: May 2017 Page 6 of 12

2. Scope 2.1 Staff of the following NHS England areas are within the scope of this document: National Teams; Regional Teams; Area Teams; All Commissioning Support Units; NHSIQ; Leadership Academy; Sustainable Development Unit; Strategic Clinical Networks; Clinical Senates and, Staff working in or on behalf of NHS England (this includes contractors, temporary staff, secondees and all permanent employees). 3. Roles and Responsibilities 3.1 NHS England will:- ensure that there is always one person with overall responsibility for data protection. Currently this person is the Information Governance Senior Manager, Transformation & Corporate Operations Directorate. provide training for all staff members who handle personal information provide clear lines of report and supervision for compliance with data protection carry out regular checks to monitor and assess new processing of personal data and to ensure the NHS England notification to the Information Commissioner is updated to take account of any changes in processing of personal data Status: Approved Next Review Date: May 2017 Page 7 of 12

develop and maintain DPA procedures to include: roles and responsibilities, notification, subject access, training and compliance testing 3.2 Employee Responsibilities 3.2.1 All employees will, through appropriate training and responsible management: Observe all forms of guidance, codes of practice and procedures about the collection and use of personal information. Understand fully the purposes for which the NHS England uses personal information. Collect and process appropriate information, and only in accordance with the purposes for which it is to be used by the NHS England to meet its service needs or legal requirements. Ensure the information is correctly input into the NHS England systems. Ensure the information is destroyed (in accordance with the provisions of the Act) when it is no longer required. On receipt of a request from an individual for information held about them by or on behalf of immediately notify their line manager. Not send any personal information outside of the United Kingdom without the authority of the Caldicott Guardian. Understand that breaches of this Policy may result in disciplinary action, including dismissal. Status: Approved Next Review Date: May 2017 Page 8 of 12

4. Distribution and Implementation 4.1 Distribution Plan 4.1.1 This document will be made available to all Staff via the NHS England internet site. 4.1.2 A global notice will be sent to all Staff notifying them of the release of this document. 4.1.3 A link to this document will be provided from the Policy Directorate intranet site. 4.2 Training Plan 4.2.1 A training needs analysis will be undertaken with Staff affected by this document. 4.2.2 Based on the findings of that analysis appropriate training will be provided to Staff as necessary. 4.2.3 Guidance will be provided on the Transformation & Corporate Operations Directorate intranet site. 5. Monitoring 5.1 Compliance with the policies and procedures laid down in this document will be monitored via the Information Governance team, together with independent reviews by both Internal and External Audit. 5.2 The Information Governance Senior Manager is responsible for the monitoring, revision and updating of this document on a 3 yearly basis or sooner if the need arises. 6. Equality Impact Assessment 6.1 This document forms part of NHS England s commitment to create a positive culture of respect for all staff and service users. The intention is to identify, remove or minimise discriminatory practice in relation to the protected characteristics (race, disability, gender, sexual orientation, age, religious or other belief, marriage and civil partnership, gender reassignment and pregnancy and maternity), as well as to promote positive practice and value the diversity of all individuals and communities. Status: Approved Next Review Date: May 2017 Page 9 of 12

6.2 As part of its development this document and its impact on equality has been analysed and no detriment identified. 7. Associated Documents 7.1 The following documents will provide additional information: REF NO DOC REFERENCE NUMBER TITLE VERSION Freedom of Information Policy 1.0 Information Governance Policy 2.0 Confidentiality Policy 2.0 Document and Records Management Policy 3.0 Information Security Policy 2.0 Information Sharing Policy 1.0 Status: Approved Next Review Date: May 2017 Page 10 of 12

Version Control Tracker Version Number Date Author Title Status Comment/Reason for Issue/Approving Body Information 1.0 April 2013 Governance Approved New policy Senior Manager Information Updated to reflect change of Policy 2.0 June 2014 Governance directorate to Transformation & Senior Manager Corporate Operations directorate Status: Approved Next Review Date: May 2017 Page 11 of 12

NHS England 2014 First published April 2013 Status: Approved Next Review Date: May 2017 Page 12 of 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information