Information Governance Strategic Management Framework

Size: px
Start display at page:

Download "Information Governance Strategic Management Framework"

Transcription

1 Information Governance Strategic Management Framework Susan Meakin Information Governance Manager June 2016 Information Governance

2 DOCUMENT CONTROL: Version: 2 Ratified by: Health Informatics Sub Group Date ratified: 11 July 2016 Name of originator/author: Information Governance Manager Name of responsible committee/individual: Information Governance and Records Management group Date issued: 2 September 2016 Review date: July 2018 Target Audience All trust staff Page 2 of 14

3 Contents Section Page No. 1.0 Introduction Strategic Aim Scope Duties and Key Responsibilities Board of Directors The Chief Executive Senior Information Risk Owner Caldicott Guardian IG Officer Information Asset Owner Information Governance Team All Staff Committee Structure Key Project Areas GDPR (General Data Protection Regulations) Data Protection/Privacy by Design Privacy Impact Assessment Information Governance Training Cyber Security Data Flow mapping Information Asset Management Unity Procedure/Implementation Monitoring Arrangements Privacy, Dignity and Respect Links to Associated Documents References 14 Page 3 of 14

4 1. Introduction Information plays a key part in the clinical and corporate governance of Rotherham Doncaster and South Humber NHS Foundation Trust (referred to hereinafter as the Trust ) and the quality in the provision of patient services, planning, performance measurement, assurance, and financial management relies upon accurate and available information. The aim of the Information Governance (IG) Team is to provide a high quality IG specialist advice and support service which broadly consists of IT/IG Security, Access to Information, Caldicott, Records Management, Freedom of Information Act, and Data Protection Act (from the 28 th July 2018 this will be known as the General Data Protection Regulations (GDPR). The Information Governance Assurance Framework (IGAF) is the national framework of standards that brings together all statutory, mandatory, and best practice requirements concerning information management. The standards are set out in the Information Governance Toolkit as a road map enabling organisations to plan and implement standards of best practice and to measure and report compliance on an annual basis. Performance against these standards is mandated by and reported to the Department of Health (DoH) and the Care Quality Commission (CQC) and forms part of the assurance processes associated with Risk Management Standards. Compliance is also required for the Quality Framework for Monitor. Robust Information Governance requires clear and effective management and accountability structures, governance processes, documented policies and procedures, trained staff and adequate resources. The way that an organisation chooses to deliver against these requirements is referred to within the Information Governance Toolkit as the organisation s Information Governance Management Framework (IGMF). The Information Governance Management Framework brings together all the requirements, standards and best practice that apply to the processing of personal information to ensure: Compliance with the law; Implementation of DoH guidelines; Planned year on year improvement; IG Toolkit requirements. This document also provides a summary / overview and sets out an overarching framework for the strategic Information Governance agenda within this Trust. National Context The NHS Information Governance Assurance Programme (IGAP) was established in February 2008 in response to the Cabinet Office Data Handling review. The Prime Minister commissioned the review following Page 4 of 14

5 the high-profile data losses in IGAP developed a number of principles to support and strengthen the existing Information Governance agenda. The principles are: All NHS organisations should be part of the same Information Governance Assurance Framework Information Governance should be as much as possible integrated into the broader governance of an organisation, and regarded as being as important as financial and clinical governance in organisational culture The Framework will provide assurance to the several audiences interested in the safe custody and use of sensitive personal information in healthcare. This involves greater transparency in organisational business processes around Information Governance IGAF to be built on the strong foundations of the existing Information Governance agenda and is the mechanism by which: 2. Strategic Aims o IG policies and standards are set o Regulators can check an organisation s compliance o An organisation can be performance managed This strategic framework sets out the approach taken by the Trust to provide clear and effective management and accountability structures, governance processes, documented policies and procedures, a comprehensive IG training programme and adequate resources to manage and embed Information Governance throughout the Trust. The Trust will satisfy IG by: Establishing robust IG processes that conform to NHS England and the Health and Social Care Information Centre (HSCIC) (to be known as NHS Digital from July 2016) standards and comply with relevant legislation. Establishing, implementing and maintaining policies for the effective management of information. Providing clear advice and guidance to staff to ensure that they understand and apply the principles of IG to their working practice. Sustaining an IG culture through increasing awareness and promoting IG, thus minimising the risk of breaches of confidentiality. Assessing the Trust s performance using the IG Toolkit and Internal Audits and developing and implementing action plans to ensure continued compliance. Completing the annual information governance assessment and gain sign off within set timescale. Developing an effective team dedicated to the promotion and implementation of the Information Governance agenda. Page 5 of 14

6 Evidencing lessons learnt through internal and external sources and new initiatives by proactively ensuring policies and procedures reflect the latest requirements and by directing Trust wide cultural change. Supporting the provision of high quality care by promoting the ethical, legal, effective and appropriate use of information and the development of wider sharing agreements. Supporting the Trust in completing its Local Digital Road Map. 3. Scope The Information Governance Strategic framework is to be adhered to by anyone processing information for or on behalf of the Trust, including all staff employed by the Trust or on an Honorary contract, Non-Executive Directors, Governors, Contracted Third Parties (including Agency Staff), Students and Trainees, Secondees, Locum staff and Other Staff on temporary placements within the Trust, and Staff of Partner Organisations with approved access, Agencies who may gain access to data, such as Volunteers, Visiting Professionals or Researchers, and Companies providing IT services to the Trust. 4. Duties Key Responsibilities 4.1 The Board of Directors In his communications with NHS Trusts Chief Executives, the NHS Chief Executive has made it clear that ultimate responsibility for IG in the NHS rests with the Board of each organisation, who should note that; The major NHS organisations must update the Toolkit assessment at three intervals during the year (end of July, October and March) to enable performance and actions to be tracked by commissioners and other monitoring bodies. The NHS Operating Framework requires organisations to achieve level 2 performance against all key requirements identified in the Information Governance Toolkit. Organisations must provide assurance that they are meeting these key requirements and must have robust improvement plans to address any shortfalls against other requirements. Details of serious incidents involving actual or potential loss of personal data or breach of confidentiality must be published in annual reports and reported via HSCIC to the Information Commissioner s Office. 4.2 The Chief Executive The Trust s Accountable Officer is the Chief Executive who has overall responsibility for ensuring that information risks are assessed and mitigated to an acceptable level. Information risk is handled in a similar manner to other risks such as financial, legal and reputational risks. Reference to the management of information risks and associated IG practice is now required Page 6 of 14

7 in the Statement of Internal Control which the Accounting Officer is required to sign annually. 4.3 Senior Information Risk Owner (SIRO) The SIRO for the Trust is the Executive Director of Health Informatics. The role is accountable for the overall development and maintenance of information governance throughout the Trust, which includes; Promoting a culture for protecting and using data; Provides a focal point for managing information risk and incidents; Is concerned with the management of all information assets. Reporting the management of information risk directly to the Board The SIRO chairs the Information Governance and records Management Group. 4.4 Caldicott Guardian The Caldicott Guardian also holds the position of the Trust s Medical Director. The Caldicott Guardian role: Is advisory; Is the conscience of the organisation; Provides a focal point for patient confidentiality and information sharing; Is concerned with the management of patient information. The Caldicott Guardian is the person with overall responsibility for protecting the confidentiality of person identifiable data (PID). The Caldicott Guardian plays a key role in ensuring that the Trust abides by the highest level in standards for handling PID and ensures that PID is shared in an appropriate and secure manner and in accordance with relevant legislation. The Caldicott Guardian is a member of the Information Governance and Records Management Group. 4.5 Information Governance Manager The IG Manager is responsible for ensuring the Trust complies with all aspects of IG and the Data Protection Act. The IG Manager will ensure all tasks are undertaken in order to meet the required standards. Key tasks will include:- Developing and maintaining the currency of comprehensive and appropriate documentation that demonstrates commitment to and ownership of IG responsibilities, for example, the production of an overarching high level framework document supported by relevant policies and procedures; Page 7 of 14

8 Ensuring that there is top level awareness and support for IG resourcing and implementation of improvements within the Trust; Establishing working groups, to co-ordinate the activities of staff given IG responsibilities and progress initiatives; Ensuring annual assessments and audits of IG and other related policies are carried out, documented and reported; Ensuring that the annual assessment and improvement plans are prepared for approval by Health Informatics Sub Committee in a timely manner; Ensuring that the approach to information handling is communicated to all staff and made available to the public; Ensuring that appropriate training is made available to staff and completed as necessary to support their duties. Liaising with other committees, working groups and programme boards in order to promote and integrate IG standards; Monitoring information handling activities to ensure compliance with law and guidance; Providing a focal point for the resolution and / or discussion of IG issues. 4.6 Information Asset Owners Information Asset Owners are responsible for: Providing assurance that information risk is managed effectively in relation to information assets that they are responsible for; Identifying and documenting all information assets they own; Identifying and documenting all information flows within their teams. Taking ownership of their local asset control, risk assessment and management process for the information assets they own; Providing support to the Senior Information Risk Owner to maintain awareness of risk to information assets; Ensuring that staff are aware of and comply with information governance and record management standards for the effective use of information assets. 4.7 Information Governance Team Staff roles which support the Information Governance agenda are identified in the organisation chart. Page 8 of 14

9 Information Governance Manager IG Security Specialist IG Officer x2 Records Manager The Team provide a valuable service to both Trust staff and external agencies providing support and advice on current legislation. The team processes, as a central point all Freedom of Information requests and requests made under the Data Protection Act (GDPR) on behalf of the Trust. All information sharing agreements with external providers are monitored through the team. The IG Security Specialist role creates a bridge between IG and the Information Technology team. The Records Manager provides a single point of access for all records management queries for both in-trust held records and off-site held records. Other lead roles to support the IG agenda are as follows. Senior Information Risk Owner Caldicott Guardian RA Team: smart card, access controls and ID card services Human Resources Head of Workforce Emergency Planning Officer Head of Procurement and Purchase Ledger Clinical Systems and Business Change Manager Senior Information Analyst Network and Service Manager IT Support Manager Information Systems Development Manager 4.8 All Staff It is the responsibility of all staff to adhere to the principles set out in this document and any relevant policy/procedure to help maintain the availability, effectiveness, security and confidentiality of information. Page 9 of 14

10 4.9 Committee Structures Finance and Performance Committee Health Informatics Sub Committee The SIRO, IG Manager, IG Security Specialist are all members. Information Governance and Records Management Group The SIRO chairs the meeting with key IG Team members attending Organisational Learning Forum Attended by both the IG Manager and Records Manager Forum for discussing Lessons Learnt Records Management Co-ordinators Group Chaired by the Records Manager 5.0 Key Project Areas/Workstreams 5.1 GDPR (General Data Protection Regulations The GDPR comes in to force on the 28 th May 2018 and will support the current Data Protection Act 1998 regulation. The Trust has started to identify key areas of work which will need to be carried out ensure that it is able to adopt the new regulation in 2018, these currently are; Provide awareness training across the Trust. Review the data processing that is undertaken by the Trust and identify a legal basis. Review all processing and sharing which relies on consent to establish if it will meet the requirements of the GDPR. Consider the implications to children s data which the Trust holds under the GDPR Page 10 of 14

11 Review the data breach notification process Create a culture of Data Protection/Privacy by design and undertaking Privacy Impact Assessments (PIAs) Data Protection/Privacy by Design Taking a DP/Privacy by design approach is an essential tool in minimising privacy risks and building trust. Designing projects, processes, products or systems with privacy in mind at the outset can lead to benefits which include: Potential problems are identified at an early stage, when addressing them will often be simpler and less costly. The Trust is more likely to meet their legal obligations and less likely to breach the Data Protection Act/GDPR. Actions are less likely to be privacy intrusive and have a negative impact on individuals Privacy Impact Assessments Privacy Impact Assessments (PIAs) are to be an integral part of taking a Data Protection/Privacy by Design approach. Privacy Impact Assessments (PIAs) are a tool that the Trust will use to identify and reduce the privacy risks of our projects. A PIA can reduce the risks of harm to individuals through the misuse of their personal information. It can also help to design more efficient and effective processes for handling personal data. 5.2 Information Governance Training Information Governance Training and Development is essential for the development and improvement of staff knowledge and skills relating to IG not only within the IG team but across the Trust. Information Governance training is a mandatory requirement for all staff and is included on induction and as an annual refresher. Staff requiring access to the clinical systems will not be given access rights until an IG training certificate can be produced. 5.3 Cyber Security The Information Governance Team is actively working alongside the Information Technology Department to ensure that in the ever changing world of cyber-attacks that the organisation s resilience is sufficient. Page 11 of 14

12 5.4 Data Flow Mapping The IG Team are responsible for ensuring that all transfers of hard copy and digital person identifiable and sensitive information have been identified, mapped and risk assessed. It is the responsibility of the organisation to ensure that transfers of personal information for which they are responsible are secure at all stages and therefore as an outcome of this process technical and organisational measures can be put in place to secure these transfers. This is completed by engaging with operational services throughout the organisation via an audit tool which they are required to complete. This is escalated to the operational services via the Information Asset owners. This will also enable the Information Governance Team to identify data flows which require an Information Sharing Agreement (ISA). 5.5 Information Asset Management 5.6 Unity In order to appropriately scope and prioritise risk management efforts, it is necessary to ensure that a complete and accurate information asset register exists. As part of the identification process all information assets should be located and identified. In addition, information assets need to be classified in terms of sensitivity and criticality to the organisation s Records Management. The Trust states that; Unity is more than just a new IT system it is a clinical IT system which will deliver real change and transform the way we care for our patients and how we work together. The Information Governance Team will work with and provide guidance to the Unity Project Team to ensuring that any decisions which may impact on IG are identified at an early stage. 6.0 Procedure/Implementation The Trust will ensure that this Information Governance Strategic Framework is implemented through the detailed policies and procedures that are produced to support the Information Governance agenda. Page 12 of 14

13 7.0 Monitoring Arrangements Area for Monitoring Submission Reports Continual progress against the annual publication of the Information Governance Toolkit with a minimum score level 2 against all standards Internal Audit Report Compliance with annual publication of the Information Governance Toolkit Current work objectives, IG incidents and the number of requests made under the Data Protection and Freedom of Information Act. How Who by Reported to Frequency Monitoring reports to assess compliance with the IG toolkit in preparation for the annual assessments. Internal Audit will carry out a yearly audit against the annual publication of the IG Toolkit and other audits as and when required. Quarterly reports Information Governance Manager Internal Audit and Information Governance Manager Information Governance Manager Information Governance and Records Management Steering Health Informatics Sub Committee Information Governance and Records Management Group Health Informatics Sub Committee Information Governance and Records Management Group Health Informatics Sub Committee To coincide with the submission in July, October and March. Annually Quarterly 8.0 Privacy, Dignity and Respect The NHS Constitution states that all patients should feel that their privacy and dignity are respected while they are in hospital. High Quality Care for All (2008), Lord Darzi s review of the NHS, identifies the need to organise care around the individual, not just clinically but in terms of dignity and respect. As a consequence the Trust is required to articulate its intent to deliver care with privacy and dignity that treats all service users with respect. Therefore, all procedural documents will be considered, if relevant, to reflect the requirement to treat everyone with privacy, dignity and respect, (when appropriate this should also include how same sex accommodation is provided). Indicate how this will be met No issues have been identified in relation to this policy. Page 13 of 14

14 9. Links to Associated Documents 9.1 There are various key policies underpinning this strategic framework, these are listed below and are available on the Trust Intranet site. Information Governance policy Freedom of Information policy Environmental Information Regulations policy Data Protection policy Access to Health Records policy Records Management policy Information Risk Management policy Information Sharing policy Informatics Security Policy Confidentiality Audit Procedures policy Management of Information Governance Serious Incidents requiring Investigation Policy Reporting of Errors and Anomalies with patient records Privacy Impact Assessment policy 10.0 References 10.1 The national and legal framework for Information Governance includes:- ISO/IEC Information Security Management Standard, Code of Practice for Information Security Management Data Protection Act 1998 General Data Protection Regulation text Data Protection Audit Manual, Information Commissioner Freedom of Information Act 2000 The Caldicott Guardian Manual Common Law duty of confidentiality and DH: Confidentiality NHS Code of Practice (2003) DH: Records Management NHS Code of Practice (2006) and Records Management Roadmap Access to Health Records Act 1990 DH: Information Security NHS Code of Practice (2007) NHS Operating Framework for England 2010/11 Connecting for Health (CfH) Information Governance Toolkit CfH IG web pages Human Rights Act 1998 CQC Regulations, December 2009 NHS Care Record Guarantee Page 14 of 14

IG01 Information Governance Management Framework

IG01 Information Governance Management Framework IG01 Information Governance Management Framework 1 INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK Document History Document Reference: IG01 Document Purpose: The document compliments all other Information

More information

Information Sharing Policy

Information Sharing Policy Information Sharing Policy DOCUMENT CONTROL: Version: 1 Ratified by: Risk Management Sub Group Date ratified: 19 December 2012 Name of originator/author: Information Governance Manager Name of responsible

More information

Information Governance Strategy and Management Framework

Information Governance Strategy and Management Framework Information Governance Strategy and Management Framework Summary: This strategy sets out the framework, structure, system and accountabilities for Information Governance Management within NHS Eastbourne,

More information

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK Document History Document Reference: IG33 Document Purpose: The document complements all other Information Governance policies and sets out the management arrangements

More information

INFORMATION GOVERNANCE STRATEGY AND STRATEGIC VISION

INFORMATION GOVERNANCE STRATEGY AND STRATEGIC VISION INFORMATION GOVERNANCE STRATEGY AND STRATEGIC VISION Policy approved by: Joint Audit and Governance Committee Date: December 2016 Next Review Date: October 2018 Version: 2.0 Information Governance Strategy

More information

Information Governance Assurance Framework

Information Governance Assurance Framework Document Reference POL008 Document Status Approved Version: V4.0 DOCUMENT CHANGE HISTORY Initiated by Date Author IG Toolkit Requirements November 2010 IG Manager Version Date Comments (i.e. viewed, or

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy Number IG001 Target Audience CCG/ GMSS Staff Approving Committee CCG Chief Officer Date Approved February 2018 Last Review Date February 2018 Next Review Date February

More information

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK NHS South West Lincolnshire Clinical Commissioning Group (CCG) INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK Document History: Document Reference: Document Purpose: IG01 Date Ratified: January 2015 Ratified

More information

IGPr002 - Information Governance Management Framework

IGPr002 - Information Governance Management Framework IGPr002 - Information Governance Management Framework Page 1 of 10 Table of Contents Information Governance Management Framework... 1 Why we need this Framework... 3 What the Framework is trying to do...

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: 4.0 Ratified by: NHS Bury Clinical Commissioning Group Information Governance Operational Group Date ratified: 19 th September 2017 Name of originator /author (s):

More information

INFORMATION GOVERNANCE STRATEGY IMPLEMENTATION PLAN

INFORMATION GOVERNANCE STRATEGY IMPLEMENTATION PLAN INFORMATION GOVERNANCE STRATEGY & IMPLEMENTATION PLAN 2015-2018 Disclaimer The latest version of this document is located on PTHB intranet. Please check the review date and if there are any doubts contact

More information

Information Governance Policy and Management Framework

Information Governance Policy and Management Framework Putting Barnsley People First Information Governance Policy and Management Framework Version: 2.0 Approved By: Governing Body Date Approved: February 2014 Name of originator / author: Richard Walker Name

More information

NHS Sunderland Clinical Commissioning Group. Information Governance Strategy 2016/17

NHS Sunderland Clinical Commissioning Group. Information Governance Strategy 2016/17 NHS Sunderland Clinical Commissioning Group Information Governance Strategy 2016/17 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Executive Committee Governing

More information

Information Governance Management Framework

Information Governance Management Framework Management Framework Summary: This document sets out the framework, structure, system and accountabilities for Management within West Kent CCG Clinical Commissioning Group. APPROVED BY: Chief Finance Officer

More information

Information Governance Management Framework

Information Governance Management Framework Information Governance Management Framework November 2014 Author: Responsibility: Lynda Harris, Head of Information Governance All Staff Effective Date: November 2014 Review Date: November 2015 Reviewing/Endorsing

More information

Information Security Risk Management Programme and Strategy

Information Security Risk Management Programme and Strategy Information Security Risk Management Programme and Strategy Table of Contents 1. Introduction... 3 2. Purpose... 3 3. Definitions... 3 4. Roles and Responsibilities... 4 4.1. Accountable Officer... 4 4.2.

More information

Privacy Impact Assessment Policy and Procedure

Privacy Impact Assessment Policy and Procedure Privacy Impact Assessment Policy and Procedure This document outlines the Trust s approach and methodology for conducting Privacy Impact Assessments in line with the Information Risk Policy Key Words:

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY CONSULTATION AND RATIFICATION SCHEDULE Document Name: Governance Policy Policy Number/Version: 2.0 Name of originator/author: Midlands & Lancashire CSU Governance Team Ratified

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Date completed: February 2016 Responsible Director: Approved by/ date: Director of Compliance Review date: October 2017 Amended: Author: Ben Westmancott Information Governance

More information

INFORMATION GOVERNANCE STRATEGY. Documentation control

INFORMATION GOVERNANCE STRATEGY. Documentation control INFORMATION GOVERNANCE STRATEGY Documentation control Reference Date Approved Approving Body Version Supersedes Consultation Undertaken Target Audience Supporting procedures GG/INF/01 TRUST BOARD Information

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Document Number 2009/49/V2 Document Title Information Governance Strategy Author Phil Cottis Author s Job Title Information Governance & RA Manager Department IM&T Ratifying

More information

West Kent Clinical Commissioning Group

West Kent Clinical Commissioning Group West Kent Clinical Commissioning Group Information Governance Strategy 2017-18 Release: Final Approved Date: 27/10/2016 Author: Jamie Sheldrake Senior Associate - Information Governance Owner: SOUTH EAST

More information

Information governance strategy

Information governance strategy Information governance strategy January 2018 Version 1.0 NHS fraud. Spot it. Report it. Together we stop it. Version control Version Name Date Comment V 1.0 Trevor Duplessis 22/01/18 Due for review Dec

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY 1. CONSULTATION AND RATIFICATION SCHEDULE 1.2. Document Name: Governance Policy 1.4. Policy Number/Version: V4.0 1.6. Name of originator/author: Midlands & Lancashire CSU

More information

Information Governance Management Framework Version 6 December 2017

Information Governance Management Framework Version 6 December 2017 Information Governance Management Framework Version 6 December 2017 Page 1 of 8 Introduction Robust information governance requires clear and effective management and accountability structures, governance

More information

Overarching Information Governance Policy

Overarching Information Governance Policy Document Information Board Library Reference Document Type Document Subject Original Document Author Reviewed By Review Cycle IM&T_01 Policy Information Information IGMG 3 Years Note: This document is

More information

Information Governance Strategic Management Framework

Information Governance Strategic Management Framework Document Summary Information Governance Strategic Management Framework 2017-2019 This framework sets out the Cumbria Partnership NHS Foundation Trust (the organisation) Strategic Management Framework and

More information

Information Governance Strategic Management Framework (Including Policy and Strategy)

Information Governance Strategic Management Framework (Including Policy and Strategy) Information Governance Strategic Management Framework (Including Policy and Strategy) This document sets out the framework that brings together all the requirements, standards and best practice that apply

More information

Identifies the risk management structure, roles, responsibilities and authority of staff, committees and groups with responsibility for risk

Identifies the risk management structure, roles, responsibilities and authority of staff, committees and groups with responsibility for risk Title Description of document The sets out the process by which the Trust identifies, manages, reduces and mitigates risks to achieving the organisational objectives. It sets out the framework required

More information

Data Quality Policy

Data Quality Policy Cambridgeshire and Peterborough Clinical Commissioning Group (CCG) Data Quality Policy 2017-2019 Ratification Process Lead Author(s): Reviewed / Developed by: Approved by: Ratified by: Associate Director

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Applicable to All employees Version1.0 Last Updated March 2014 CONFIDENTIAL Page 2 of 6 Contents 1. Objectives 3 2. Scope 3 3. Principles 3 4. Information Governance Policy

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Page 1 of 13 INFORMATION GOVERNANCE POLICY EXECUTIVE SUMMARY Key Messages Principles of Information Governance Openness Confidentiality and Legal Compliance Information Security

More information

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2017/18

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2017/18 NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2017/18 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Quality, Safety & Risk

More information

Information Governance Management Framework 2016/17

Information Governance Management Framework 2016/17 Information Governance Management Framework 2016/17 Reference: IG12 Compliance with all CCG policies, procedures, protocols, guidelines, guidance and standards is a condition of employment. Breach of policy

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date June 2017 Approving Body Audit Committee Date of

More information

TRUST GOVERNANCE POLICY (formerly referenced as the CMFT Governance Strategy) - UPDATED NOVEMBER

TRUST GOVERNANCE POLICY (formerly referenced as the CMFT Governance Strategy) - UPDATED NOVEMBER Review Circulation Application Ratification Originator or modifier Supersedes Title CENTRAL MANCHESTER UNIVERSITY HOSPITALS NHS FOUNDATION TRUST TRUST GOVERNANCE POLICY (formerly referenced as the CMFT

More information

Findings from ICO audits of 16 local authorities

Findings from ICO audits of 16 local authorities Data protection Findings from ICO audits of 16 local authorities January to December 2013 Introduction This report is based on ICO audits of 16 local authorities between January and December 2013. This

More information

DATA QUALITY POLICY. Version: 1.2. Management and Caldicott Committee. Date approved: 02 February Governance Lead

DATA QUALITY POLICY. Version: 1.2. Management and Caldicott Committee. Date approved: 02 February Governance Lead DATA QUALITY POLICY Version: 1.2 Approved by: Date approved: 02 February 2016 Name of Originator/Author: Name of Responsible Committee/Individual: Information Governance, Records Management and Caldicott

More information

Information Governance Management Framework 2017/18 Reference: IG12

Information Governance Management Framework 2017/18 Reference: IG12 Information Governance Management Framework 2017/18 Reference: IG12 Compliance with all CCG policies, procedures, protocols, guidelines, guidance and standards is a condition of employment. Breach of policy

More information

Information Governance Policy

Information Governance Policy Author Darren Rigg Head of Information Governance Corporate Lead Bryan Machin Executive Director of Finance and Resources Document Version 1 Date ratified by Quality Committee 24 th October 2014 Date issued

More information

GENERAL DATA PROTECTION REGULATION

GENERAL DATA PROTECTION REGULATION GENERAL DATA PROTECTION REGULATION (GDPR) What is General Data Protection Regulation (GDPR) What this means for GP Practices Replaces the Data Protection Act 1998 (DPA) Designed to match data privacy laws

More information

This Policy supersedes the following Policy, which must now be destroyed:

This Policy supersedes the following Policy, which must now be destroyed: Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Forensic Readiness Policy NTW(O)56 Lisa Quinn Executive Director of Performance and Assurance Sue Proud Information

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Owner Author Information Team Information Governance Manager Reviewed by Approved by and date Council/Committee/EMT Board - Date approved Effective from 24 April 2017 Review

More information

This Policy supersedes the following Policy, which must now be destroyed:

This Policy supersedes the following Policy, which must now be destroyed: Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Forensic Readiness Policy NTW(O)56 Lisa Quinn, Executive Director of Commissioning and Quality Assurance Angela

More information

Doncaster Council Data Quality Strategy

Doncaster Council Data Quality Strategy Doncaster Council Data Quality Strategy 2016/17-2020/21 Better Data, Better Services Approving Body Date of Approval Date of Implementation Next Review Date Review Responsibility Version Doncaster Council

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Unique Reference / Version Primary Intranet Location Information Management & Governance Secondary Intranet Location Policy Name Information Governance Policy Version Number

More information

Risk Management Strategy

Risk Management Strategy High Value Health Care Risk Management Strategy (Reference No. GR21 0914) Version: Version 4, September 2014 Version Superseded: Version 3, March 2012 Ratified by: Date ratified: 11 th November 2014 Designation

More information

Recruitment, Selection and Appointment

Recruitment, Selection and Appointment Recruitment, Selection and Appointment Who Should Read This Policy Target Audience Managers Version 2.0 November 2016 Ref. Contents Page 1.0 Introduction 4 2.0 Purpose 4 3.0 Objectives 4 4.0 Process 5

More information

NOT PROTECTIVELY MARKED

NOT PROTECTIVELY MARKED Meeting Audit Committee Public Session Date and Time Location Pacific Quay, Glasgow Title of Paper General Data Protection Regulation (GDPR) SPA Preparedness Item Number 9.4 Presented By Catherine Topley

More information

Policy:E7. Escalation Policy N/A. Appended below at Appendix B. Version: E7/01

Policy:E7. Escalation Policy N/A. Appended below at Appendix B. Version: E7/01 Policy:E7 Escalation Policy Version: E7/01 Ratified by: Trust Management Team Date ratified: 11 th September 2013 Title of Author: Board Secretary & Head of Governance Title of responsible Director Medical

More information

Data Protection Impact Assessment Policy

Data Protection Impact Assessment Policy Data Protection Impact Assessment Policy Version 0.1 1 VERSION CONTROL Version Date Author Reason for Change 0.1 16.07.18 Debby Jones New policy 2 EQUALITY IMPACT ASSESSMENT Section 4 of the Equality Act

More information

United Lincolnshire Hospitals NHS Trust. Governance Statement 2015/16. Scope of responsibility. The governance framework of the organisation

United Lincolnshire Hospitals NHS Trust. Governance Statement 2015/16. Scope of responsibility. The governance framework of the organisation United Lincolnshire Hospitals NHS Trust Governance Statement 2015/16 Scope of responsibility As Accountable Officer, and Chief Executive of this Board, I have responsibility for maintaining a sound system

More information

Information Asset Management Policy

Information Asset Management Policy Information Asset Management Policy 1.0 Purpose 1.1 The purpose of this policy is to outline the management of the Fund s information asset register and the actions that will be taken to provide sufficient

More information

Minor adjustments from IG Steering Group 0.3 Neil Taylor September 2013

Minor adjustments from IG Steering Group 0.3 Neil Taylor September 2013 Author(s) Andrew Thomas Version 0.3 Version Date 21 August 2013 Implementation/approval Date Review Date August 2014 Review Body Governing Body Policy Reference Number 014 Version Author Date Reason for

More information

NHS DIGITAL Records and Document Management Policy

NHS DIGITAL Records and Document Management Policy Status Document Record ID Key Version Director Responsible for this policy Final v2.0 Version Date 10/04/2018 Catherine O Keeffe, Director of Information Governance, Burden and Audit Person to contact

More information

Honorary Contracts Procedure

Honorary Contracts Procedure Honorary Contracts Procedure Version: 3.0 Bodies consulted: Approved by: Joint Staff Consultative Committee & WMT Executive Management Team Date Approved: 03 October 2017 Lead Manager: Responsible Director:

More information

Information Governance Clauses Clinical and Non Clinical Contracts

Information Governance Clauses Clinical and Non Clinical Contracts Information Governance Clauses Clinical and Non Clinical Contracts Policy Number Target Audience Approving Committee Date Approved Last Review Date Next Review Date Policy Author Version Number IG014 All

More information

HSCIC Audit of Data Sharing Activities:

HSCIC Audit of Data Sharing Activities: Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 21/04/2016 HSCIC Audit of Data Sharing

More information

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK POLICY

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK POLICY INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK POLICY Version: 1.4 Approved by: Date approved: 19 January 2017 Name of Originator/Author: Name of Responsible Committee/Individual: Date issued: Information

More information

Risk Management and Assurance Strategy

Risk Management and Assurance Strategy Risk Management and Assurance Strategy Version 5.0 Policy number ULHT-MD-GOV-RM-STRAT Document author(s) Head of 2021 Programme Contributor(s) Approved by Policy Approval Group Date approved Date Published

More information

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST STRENGTHENING GOVERNANCE ARRANGEMENTS. Report to the Trust Board 24 May 2016

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST STRENGTHENING GOVERNANCE ARRANGEMENTS. Report to the Trust Board 24 May 2016 R SOMERSET PARTNERSHIP NHS FOUNDATION TRUST STRENGTHENING GOVERNANCE ARRANGEMENTS Report to the Trust Board 24 May 2016 Sponsoring Director: Author: Purpose of the report: Key Issues and Recommendations:

More information

Date: INFORMATION GOVERNANCE POLICY

Date: INFORMATION GOVERNANCE POLICY Date: INFORMATION GOVERNANCE POLICY Information Governance Policy IGPOL/01 Information Systems Corporate Services Division March 2017 1 Revision History Version Date Author(s) Comments 0.1 12/12/2012 Helen

More information

Lisa Quinn Executive Director of Performance and Assurance. Lead Officer

Lisa Quinn Executive Director of Performance and Assurance. Lead Officer Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Data Quality Policy NTW(O)26 Lisa Quinn Executive Director of Performance and Assurance Jennifer Illingworth Deputy

More information

NHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY

NHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY NHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY Version Control Version: 2.0 dated 17 July 2015 DATE VERSION CONTROL 04/06/2013 1.0 First draft of new policy

More information

GOVERNANCE STRATEGY October 2013

GOVERNANCE STRATEGY October 2013 GOVERNANCE STRATEGY October 2013 1. Introduction 1.1. The Central Manchester University Hospitals NHS Foundation Trust believes that the role of the governing body is pivotal to the success of the Trust.

More information

For: Information Assurance Discussion and input Decision/approval. Ellen Bull, Deputy Director of Quality Author Contact Details: 3531

For: Information Assurance Discussion and input Decision/approval. Ellen Bull, Deputy Director of Quality Author Contact Details: 3531 Trust Board Item: 15 Date: 07/02/2018 Purpose of the Report: Enclosure: K To request ratification from the Trust Board of Directors on the. which was discussed, refined and approved at the Risk Management

More information

Directorate of Strategy & Planning DATA QUALITY POLICY

Directorate of Strategy & Planning DATA QUALITY POLICY Directorate of Strategy & Planning DATA QUALITY POLICY Reference: FPP003 Version: 1.6 This version issued: 24/06/14 Result of last review: Minor changes Date approved by owner (if applicable): N/A Date

More information

JOB DESCRIPTION per week.

JOB DESCRIPTION per week. JOB DSCRIPTION 1. Job Details: Job Title: Hours: Deputy Information Governance Manager 37.5 per week. Band: 6 Department / Directorate: Information Management &Technology The Information Management & Technology

More information

INFORMATION GOVERNANCE ASSURANCE FRAMEWORK

INFORMATION GOVERNANCE ASSURANCE FRAMEWORK INFORMATION GOVERNANCE ASSURANCE FRAMEWORK Summary This document sets out an overarching framework for the strategic Information Governance agenda in the Business Services Organisation. In particular,

More information

DATA QUALITY POLICY Review Date: CONTENT

DATA QUALITY POLICY Review Date: CONTENT Title: Date Approved: Approved by: DATA QUALITY POLICY Review Date: Policy Ref: Issue: Jan 2010 Sherwood Forest Hospitals Oct 2011 Information Governance Group Division/Department: Policy Category: ISP_03

More information

The Information Commissioner s Office, the Information Governance Alliance and several other organisations are issuing guidance on an on-going basis.

The Information Commissioner s Office, the Information Governance Alliance and several other organisations are issuing guidance on an on-going basis. MARCH 2017 GENERAL DATA PROTECTION REGULATION ROTHERHAM CCG ACTION PLAN Themes of the GDPR: Refining/tightening up of existing concepts Standardised law across the EU New concepts in regulation; accountability,

More information

RISK MANAGEMENT COMMITTEE TERMS OF REFERENCE

RISK MANAGEMENT COMMITTEE TERMS OF REFERENCE RISK MANAGEMENT COMMITTEE TERMS OF REFERENCE Terms of Reference Agreed by the Committee Signed by the Chair on Behalf of the Committee Print Signature Date 16 th December 2011 Review Date December 2012

More information

Risk Management Strategy, Policy and Guidance

Risk Management Strategy, Policy and Guidance Risk Management Strategy, Policy and Guidance 11.0 Risk Management EQUALITY IMPACT The Trust strives to ensure equality of opportunity for all both as a major employer and as a provider of health care.

More information

Data Protection Policy

Data Protection Policy Data Protection Policy StCH Data Protection Policy - POL 53 vs1 - July 2016 1 Document Control Table Document Title: Data Protection Policy Document Ref: POL 53 Author (name and job title): Karen Anderson,

More information

Issues Management Policy and process

Issues Management Policy and process Issues Management Policy and process Version: V1.0 Ratified: Lewisham Risk Management Group Name of originator/author: Name of responsible committee/individual; Victoria Medhurst Senior Management Team

More information

Information Assets: Security and Risk Management Policy. Choice, Responsiveness, Integration & Shared Care

Information Assets: Security and Risk Management Policy. Choice, Responsiveness, Integration & Shared Care s: Security and Risk Management Policy Choice, Responsiveness, Integration & Shared Care Worcestershire Mental Health Partnership NHS Trust Reader Box Document Type: Document Purpose: Unique identifier:

More information

INFORMATION GOVERNANCE POLICY AND FRAMEWORK

INFORMATION GOVERNANCE POLICY AND FRAMEWORK INFORMATION GOVERNANCE POLICY AND FRAMEWORK Policy approved by: Audit and Governance Committees Date: 9 th October 2017 Next Review Date: September 2018 Version: 4.0 Information Governance Policy & Framework

More information

This Policy supersedes the following Policy which must now be destroyed:

This Policy supersedes the following Policy which must now be destroyed: Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Environmental Sustainability Policy NTW(O)02 Paul McCabe, Head of Estates and Facilities (NTW Solutions Ltd) Sarah

More information

Information Governance Training Plan

Information Governance Training Plan Information Governance Training Plan Page 1 of 10 Paper O2 - CCG_IG_Training_Plan_2017-18_V3.0 Final Paper O2 - CCG_IG_Training_Plan_2017-18_V3.0 Final Information Governance Training Plan Derbyshire Clinical

More information

Future-Focused Finance Accreditation

Future-Focused Finance Accreditation Future-Focused Finance Accreditation This accreditation system is designed to allow the NHS Finance Leadership Council (FLC) to give due recognition to those NHS organisations that have the very best finance

More information

HEALTH AND SAFETY STRATEGY

HEALTH AND SAFETY STRATEGY HEALTH AND SAFETY STRATEGY 2016-2019 Version: 1.0 Ratified by: Integrated Governance Committee Date ratified: 30 September 2015 Title of originator/author: Title of responsible committee/group: Head of

More information

JOB DESCRIPTION. Medical Director

JOB DESCRIPTION. Medical Director JOB DESCRIPTION Job Title: Accountable to: Deputy Medical Director Medical Director 1. Purpose of Role The Deputy Medical Director will provide support to the Medical Director in delivering the principle

More information

CARBON REDUCTION AND SUSTAINABILITY POLICY

CARBON REDUCTION AND SUSTAINABILITY POLICY CARBON REDUCTION AND SUSTAINABILITY POLICY Version: 4 Ratified by: Senior Managers Operational Group Date ratified: March 2016 Title of originator/author: Sustainability and Carbon Reduction Lead Title

More information

Directorate of Finance, Information & Performance Management DATA QUALITY POLICY

Directorate of Finance, Information & Performance Management DATA QUALITY POLICY Directorate of Finance, Information & Performance Management DATA QUALITY POLICY Reference: FPP003 Version: 1.5 This version issued: 10/03/11 Result of last review: Minor changes Date approved: 21/01/11

More information

Code of Corporate Governance

Code of Corporate Governance Code of Corporate Governance 1 FOREWORD From the Chairman of the General Purposes Committee I am pleased to endorse this Code of Corporate Governance, which sets out the commitment of Cambridgeshire County

More information

Board Assurance and Escalation Framework

Board Assurance and Escalation Framework Lincolnshire Partnership NHS Foundation Trust (LPFT) Board Assurance and Escalation Framework DOCUMENT VERSION CONTROL Document Type and Title: Policy No 5a. with effect from 2/11/15 (former corporate

More information

Information Risk Policy

Information Risk Policy Information Risk Policy Version 1_0 Responsible Person Information Governance Manager Lead Director Director of Performance and Corporate Services Consultation Route Information Governance Steering Group

More information

Board Governance Statements for Self Certification

Board Governance Statements for Self Certification Board Governance Statements for Self Certification This document sets out compliance with the Monitor Board Statements as detailed in the document Applying for NHS Foundation Trust Status: A Guide for

More information

Records management policy. Document author Assured by Review cycle. Audit and Risk Committee. 1. Introduction Purpose or aim Scope...

Records management policy. Document author Assured by Review cycle. Audit and Risk Committee. 1. Introduction Purpose or aim Scope... Records management policy Board library reference Document author Assured by Review cycle P017 Head of Compliance Audit and Risk Committee 3 Years This document is version controlled. The master copy is

More information

Draft Internal Audit Plan 2012/13 Audit Committee (September 2012) Airedale NHS Foundation Trust

Draft Internal Audit Plan 2012/13 Audit Committee (September 2012) Airedale NHS Foundation Trust Draft Internal Audit Plan 2012/13 (September 2012) Contents 1. Introduction 2. Risk Assessment 3. Internal Audit Plan Appendix A: 3 Year Indicative Plan 1 1. Introduction MIAA s approach to planning focuses

More information

General Data Protection Regulation (GDPR) Strategy

General Data Protection Regulation (GDPR) Strategy General Data Protection Regulation (GDPR) Strategy NHS Digital s Approach to Compliance Published October 2017 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information

More information

Registration Authority Policy. (Smartcard Access to National Programme Systems)

Registration Authority Policy. (Smartcard Access to National Programme Systems) Registration Authority Policy (Smartcard Access to National Programme Systems) Document Author Written By: Senior HR Manager Authorised Signature Authorised By: Chief Executive Date: November 2017 Date:

More information

HSCIC Audit of Data Sharing Activities:

HSCIC Audit of Data Sharing Activities: Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 20/04/2016 HSCIC Audit of Data Sharing

More information

CCG CO12 Policy and Framework for Partnership Governance

CCG CO12 Policy and Framework for Partnership Governance Corporate CCG CO12 Policy and Framework for Partnership Governance Version Number Date Issued Review Date V2: 21/02/2015 29/04/2015 21/02/2018 Prepared By: Consultation Process: Formally Approved: 25/02/2015

More information

Relocation/Removal Expenses Policy

Relocation/Removal Expenses Policy Relocation/Removal Expenses Policy DOCUMENT CONTROL: Version: 5 Ratified by: Corporate Policy Panel Date ratified: 2 August 2018 Name of originator/author: Human Resources Department Name of responsible

More information

Volunteer Services Policy

Volunteer Services Policy Volunteer Services Policy Version Number 4 Version Date 1 February 2014 Policy Owner Head of Operations Author Volunteer Services Co-ordinator Last Reviewed November 2013 Staff/Groups Consulted Head of

More information

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RISK MANAGEMENT STRATEGY. Report to the Board 27 September Director of Strategy and Corporate Affairs.

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RISK MANAGEMENT STRATEGY. Report to the Board 27 September Director of Strategy and Corporate Affairs. SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RISK MANAGEMENT STRATEGY Report to the Board 27 September 2016 Sponsoring Director: Author: Purpose of the report: Key Issues and Recommendations: Actions required

More information

Heart of England NHS Foundation Trust

Heart of England NHS Foundation Trust Heart of England NHS Foundation Trust Data protection audit report Executive summary February 2017 1. Background 1. Background The Information Commissioner is responsible for enforcing and promoting compliance

More information

Job Title: Head of Retail Department: Income Generation

Job Title: Head of Retail Department: Income Generation Job Title: Head of Retail Department: Income Generation Reports to: Director of Income Generation Salary: Compton Band 8A 37,020 to 49,055 per annum according to skills and experience Accountable to: Director

More information

INDUCTION, MANDATORY AND STATUTORY TRAINING POLICY

INDUCTION, MANDATORY AND STATUTORY TRAINING POLICY INDUCTION, MANDATORY AND STATUTORY TRAINING POLICY Last Review Date Adopted 2 nd April 2013 Approving Body Remuneration Committee Date of Approval 9 th January 2014 Date of Implementation 1 st April 2014

More information