INFORMATION GOVERNANCE STRATEGY IMPLEMENTATION PLAN

Size: px
Start display at page:

Download "INFORMATION GOVERNANCE STRATEGY IMPLEMENTATION PLAN"

Transcription

1 INFORMATION GOVERNANCE STRATEGY & IMPLEMENTATION PLAN Disclaimer The latest version of this document is located on PTHB intranet. Please check the review date and if there are any doubts contact the author. Proprietary Information This document contains proprietary information belonging to Powys Teaching Health Board. All or any part of this document should not be reproduced without the permission of the Document Owner.

2 Document Reference No: Version No: 1 PTHB / IGP 012 Issue Date: June 2015 Review Date: June 2018 Author: Document Owner: Accountable Executive: Approved By: Information Governance Manager Information Governance Manager Director of Therapies & Health Sciences PTHB Board Approval Date: 24 June 2015 Document Type: Strategy Non-clinical Scope: PTHB wide Version Control Version Summary of Changes/Amendments 1 Initial Issue. Previously the Information Governance Strategy was a combination document with the Information Governance Policy - PTHB/IGP 001 Information Governance Strategy & Policy. The following changes were made: Issue Date Jun 2015 Strategy separated from Policy document Removal of Definitions section as integrated within other sections Consolidation of Strategic Objectives Inclusion of Implementation Plan Appendix 4 3 year strategy plan Issue Date: June 2015 Page 2 of 21 Review Date: June 2018

3 Item Contents Page No. Engagement and Consultation 4 1 Introduction 5 2 Purpose 5 3 Responsibilities Information Governance Assurance Strategic Objectives Information Governance Strategy Implementation 12 7 Information Governance Training 13 8 Conclusion App. Appendices Page No. 1 Information Governance Roles and Accountability 15 Chain 2 Information Governance Assurance Framework 16 3 Information Governance Implementation Plan Issue Date: June 2015 Page 3 of 21 Review Date: June 2018

4 ENGAGEMENT & CONSULTATION Key Individuals/Groups Involved in Developing this Document Role / Designation Circulated to the following for Consultation Date March 2015 Mar/Apr 2015 April 2015 Role / Designation Information Governance Management Group PTHB wide via Powys Announcement Information Governance Committee Evidence Base Please list any National Guidelines, Legislation or Health and Care Standards relating to this subject area? See Appendices 2 & 3. Issue Date: June 2015 Page 4 of 21 Review Date: June 2018

5 1. INTRODUCTION Information Governance is a series of best practice guidelines and principles of law to be followed by NHS organisations and their employees in relation to the handling of information; it applies to sensitive and personal information of both employees and patients and corporate information. It is the approach within which accountability, standards, policies and procedures are developed and implemented, to ensure all information created, obtained or received by the Health Board is held and used appropriately. Information is a vital asset for the Health Board, supporting day to day clinical and business operations and the effective management of services and resources. The Health Board requires accurate, timely and relevant information to enable it to deliver the highest quality health care and to operate effectively as an organisation. It is the responsibility of all staff to ensure that information is complete and up to date and that it is used proactively to support the business of the organisation. Having accurate relevant information available at the time and place where it is needed is critical in all areas of the Health Board s activities and plays a key part in corporate and clinical governance, strategic risk, service planning and performance management. 2. PURPOSE This strategy covers the period and includes the continuing development, implementation and embedding of a robust information governance framework needed for the effective management and protection of the Health Board s information. It builds on the previous strategy and outlines the organisation s vision over the next 3 years and acknowledges the ongoing closer working relationship with the Local Authority. The Information Governance arrangements will underpin the Health Board s strategic goals and ensure that the information needed to support and deliver their implementation is available, accurate and understandable 3 RESPONSIBILITIES The summary below sets out the roles and responsibilities and accountabilities relating to the management of information governance see also Appendix 1. Issue Date: June 2015 Page 5 of 21 Review Date: June 2018

6 3.1 The Chief Executive The Chief Executive is the Accountable Officer of the Health Board and has overall accountability and responsibility for Information Governance. He/she is required to provide assurance, through the Annual Governance Statement, that all risks to the organisation, including those relating to information, are effectively managed and mitigated. 3.2 The Senior Information Risk Owner (SIRO) The Director of Therapies and Health Science, Quality & Safety is the SIRO and has a key understanding of how the strategic goals of the Health Board may be impacted by information risk. They are the Board member leading on information governance. The SIRO provides an essential role in ensuring that identified information security risks are followed up and incidents managed. 3.3 The Caldicott Guardian The Caldicott Guardian plays a key role in ensuring that the Health Board satisfies the highest practical standards for handling patient identifiable information. Within the Health Board the Medical Director is the nominated Caldicott Guardian. Acting as the conscience of the Health Board, the Caldicott Guardian actively supports work to enable information sharing where it is appropriate to share, and advises on options for lawful and ethical processing of information. The Caldicott Guardian also has a strategic role which involves representing and championing confidentiality and information sharing requirements and issues at senior management level. The Medical Director has responsibility for completing the annual Caldicott-Principles into Practice (C-PiP) self assessment. 3.4 Information Governance Lead The Information Governance Manager is the Information Governance Lead and co-ordinates the information governance work programme. The key responsibilities includes developing and maintaining the Health Board s Information Governance Strategy & Policy ensuring top level awareness and support for IG resourcing and implementation of improvements. 3.5 Information Governance Team The Information Governance Manager is responsible for overseeing the information governance systems and processes within the Health Board and carrying out operational duties for the Information Governance Lead. The Information Governance Manager is the Data Protection Officer and designated contact with the Information Commissioner s Office and will ensure that the Health Board s annual Issue Date: June 2015 Page 6 of 21 Review Date: June 2018

7 Data Protection Registration is maintained and kept up to date. The Team will provide expert advice and guidance on information governance issues and maintain the Integrated IG Work Programme. 3.6 Executive Directors and Locality General Managers. Executive Directors, Locality General Managers and Service Managers have responsibility for the protection of personal identifiable data and for identifying and managing any associated risk. They are responsible for enforcing measures to protect information, including personal data as part of normal/everyday activity, setting and driving forward a culture that properly values, protects and uses data both in planning and delivery of Health Board services. They are responsible for ensuring that breaches and near misses relating to information governance are reported using the Health Board s incident reporting procedure. 3.7 All employees All employees, contractors, volunteers and students working for or supplying services to the Health Board who have access to personal identifiable information are responsible for ensuring that any personal data which they hold are kept securely, are not disclosed either orally or in writing or accidentally or otherwise to any unauthorised third party. This is supported by an appropriate confidentiality clause within their contract of employment. Any information governance incidents should be reported on the organisation s Datix incident reporting system. Staff must be familiar with the Health Board s associated information governance policies and procedures ( ) and comply with these. Staff must actively participate in the Health Board s IG induction training and complete further mandatory refresher/update training relating to information governance. 3.8 NHS Wales Informatics Service (NWIS) NHS Wales Informatics Service has a dedicated team to deal with strategic and operational Information Governance issues that affect the NHS in Wales. Their work includes; coordinating national IG meeting groups, providing advice and support on a number of IG issues including information sharing protocols in accordance with the Wales Accord for Sharing Personal Information (WASPI) framework etc. although currently no national IG strategy exists. 3.9 Third Party Contractors Appropriate contracts and confidentiality agreements shall be in place with third parties where potential or actual access to the Health Board s confidential information assets is identified. Issue Date: June 2015 Page 7 of 21 Review Date: June 2018

8 3.10 Information Commissioner s Office (ICO) The ICO is the UK's independent body set up to uphold information rights in the public interest. Their role includes regulating key pieces of legislation including the Data Protection Act 1998 and Freedom of Information Act Part of their role is to improve the information rights practices of organisations by gathering and dealing with concerns raised by members of the public. In cases where a clear and serious breach of the legislation has taken place, they may take enforcement action and in the most serious cases, can serve a monetary penalty of up to 500, Information Asset Owner (IAO) This role is yet to be formally implemented within the Health Board but is the person who has operational ownership of an information asset. This will primarily be due to them being responsible for purchasing the asset or requiring it for their service. Applications may be provided to users across Powys teaching Health Board but be owned by a designated manager Information Asset Administrator (IAA) The Information Asset Owners will determine a person or persons who will be responsible for the day to day management of an application. Information Asset Administrators will be responsible for the data integrity of applications, user access including auditing of access, ensuring that there are appropriate operational procedures that include backup, business continuity planning. The Information Asset Administrator will liaise with system suppliers to ensure that the asset is maintained so as to be fit for purpose. They may delegate certain tasks to third parties (e.g. to the IT Operations Department) but will have responsibility for ensuring delegated responsibilities are carried out. 4. INFORMATION GOVERNANCE ASSURANCE The Information Governance Assurance Framework (Appendix 2) is the mechanism by which; information governance policies and standards are set; regulators can check an organisation s compliance, and; the organisation can be performance managed. The organisation s information governance structure can be illustrated as follows: Issue Date: June 2015 Page 8 of 21 Review Date: June 2018

9 Executive Team Board Information Governance Management Group Information Governance Committee Key: Reports/accountable to Provides information to 4.1 Information Governance Committee The purpose of the Information Governance Committee is to provide the Board with evidence based and timely advice to assist it in discharging its functions and meeting its responsibilities with regard to the; quality and integrity; safety and security; and appropriate access and use of information (including patient and personal information) to support its provision of high quality healthcare; and; as well as providing assurance to the Board in relation to the Health Board s arrangements for creating, collecting, storing, safeguarding, disseminating, sharing, using and disposing of information in accordance with its; stated objectives; legislative responsibilities, e.g., the Data Protection Act and Freedom of Information Act; and any relevant requirements and standards determined for the NHS in Wales. 4.2 Information Governance Management Group The Information Governance Management Group (IGMG) supports the work of the Information Governance Committee and reports to the Executive Team. It aims to provide them with assurance that the organisation is making appropriate progress in developing systems and Issue Date: June 2015 Page 9 of 21 Review Date: June 2018

10 processes to ensure that the Health Board is compliant in discharging its responsibilities relating to Information Governance. 4.3 Legal compliance and other key drivers The work of the IGMG is managed via the Integrated IG Work Programme. This programme highlights areas requiring improvement identified through a number of means including: Internal and external audits Incident and risk management compliance with key legislation e.g. Data Protection Act 1998 and Freedom of Information Act 2000 Compliance with national standards e.g. NHS Codes of Practice, C- PiP assessment, Standards for Health Services 4.4 Caldicott: Principles into Practice (C-PiP) Assessment The C-PiP self assessment has been developed by the NHS Wales Informatics Service (NWIS) for practitioners to use as their primary mechanism for benchmarking compliance with the seven Caldicott principles. The assessment should be undertaken on an annual basis and is mandatory in Wales. 4.5 Integrated IG Work Programme This report was developed in response to recommendations highlighted during a 2012 internal audit of Data Protection, Caldicott, Freedom of Information and Records Management. However, it has evolved over time to include any areas of information governance requiring improvement which have been identified. It provides the focus for the IGC and IGMG who can review priorities based on the associated risks. 5 STRATEGIC OBJECTIVES Through implementing this strategy and policy the Health Board will: 5.1 Audit and monitoring Undertake regular reviews, assessments and audits of how information is recorded, held and used and will be used to identify good practice and opportunities for improvement. 5.2 Policies Ensure that all practice, policies and procedures relating to the handling and holding of personal and Health Board corporate information are legal and conform to best and/or recommended practice and that a review process is in place to monitor their effectiveness so improvements or deterioration in information handling standards can be recognised and addressed. Issue Date: June 2015 Page 10 of 21 Review Date: June 2018

11 5.3 Training and awareness Work to instil a culture that improves Information Governance in the Health Board through increasing awareness and providing training on all key Information Governance issues. 5.4 Information for service users/the public Ensure that clear advice is given to service users about how their personal information is recorded, handled, stored and shared by the Health Board and its partners. They should be fully informed of their rights in respect of how their personal information is processed and managed and any impact on privacy be assessed where new innovations involve processing personal information. Ensure that non confidential information about the Health Board and its services is readily and easily available through a variety of media, in line with the Health Board s Publication Scheme. 5.5 Data Quality Managers will take ownership of, and seek to improve the quality of information within their services and that information quality is assured at the point of collection. Quality will be maintained through accurate recording and through clear and consistent definition of data items in accordance with national standards. 5.6 Incidents, Risks and Learning Continue to develop and maintain incident and risk reporting procedures. Investigate all reported instances of actual or potential breaches of information security and confidentiality. Learning will be reported and shared to improve compliance and to identify areas of risk in line with the Health Board s Risk Management policy and procedures. 5.7 Information sharing Ensure that, where appropriate and subject to confidentiality constraints, information is shared with other NHS, social care, partner organisations and contractors in order to support patient care. This should be managed in accordance with the Wales Accord for Sharing Personal Information (WASPI) framework in the form of information sharing agreements and/or data processor contracts. 5.8 Information Security Implement effective information security and confidentiality secure practice to all permanent/temporary, contracted staff and third party Issue Date: June 2015 Page 11 of 21 Review Date: June 2018

12 associates of the Health Board through policies, procedures and training and information awareness documentation. 5.9 Joint/collaborative working Continue to develop a closer working relationship with Powys County Council in respect of information governance. Collaborate over key areas of information governance and adopt a joint approach to tackling areas identified within the Integrated IG Work Programme where possible. Continue to support the NWIS ICT programme and other national/local initiatives as appropriate eg Community Care Information System. Explore links with Primary Care to ensure the appropriate governance and assurance is developed Governance Maintain a clear reporting structure and ensure through management action and training that all staff understand IG requirements. Develop information systems and reporting processes which support effective performance management and monitoring Records and information management Ensure effective processes are in place to manage records and information. Effective management of records will ensure that we know what information is available and where it is stored. This will support the delivery of patient care, enable us to respond promptly to access to information requests and increase openness and transparency about what we do. 6 INFORMATION GOVERNANCE STRATEGY IMPLEMENTATION The Information Governance Committee (IGC) will monitor implementation of this strategy during the next 3 years. This will be achieved through the continual review and development of the Integrated IG Work Programme overseen by the Information Governance Management Group (IGMG). The IGC will review this strategy and policy in 2018 or earlier in response to any significant changes to mandatory requirements or guidance or as a result of significant information governance breaches or incidents. Issue Date: June 2015 Page 12 of 21 Review Date: June 2018

13 7 INFORMATION GOVERNANCE TRAINING Information Governance training is mandatory and all staff must receive basic IG training. Ongoing awareness and training will be provided to all staff, in all sections of the Health Board in line with the Information Governance training needs analysis. 7.1 Methods of Training Corporate Induction - Introduction to Workforce Systems day for all new employees All new employees are required to attend a Corporate Induction event within 8 weeks of commencing duties. The Introduction to Workforce Systems day includes an Information Governance e-learning module that covers Confidentiality & the Caldicott Principles, Data Protection, Freedom of Information, Record Keeping and Information Security. Statutory and Mandatory training All employees are required to attend a Statutory & Mandatory training course every 2 years. The course includes an e-learning module that covers Confidentiality & the Caldicott Principles, Data Protection, Freedom of Information, Record Management & Quality and Information Security. Specific Additional Information Governance Training Where specific training is required in relation to an area of information governance, this will be delivered either by members of the Information Governance Team, the appropriate e-learning module or external providers as appropriate. Where necessary and possible this training will be cascaded by managers to their teams. 7.2 Monitoring Compliance The Workforce and Organisational Development department will provide regular reports on compliance with the required attendance at both Induction and Statutory & Mandatory training days. These will be reviewed by Directorates, Localities and Departments and where uptake is low; will ensure that employees attend at the earliest opportunity. Managers must also ensure that attendance is monitored through the Personal Development Review process. 8. CONCLUSION Implementation of this strategy and policy will ensure that the Health Board and its staff handle and manage information in a consistent way. Issue Date: June 2015 Page 13 of 21 Review Date: June 2018

14 This is anticipated to lead to: Improvements in information handling activities Reduction in number of IG incidents and complaints Increased service user confidence in the NHS, the Health Board and its staff. Compliance with the law and professional standards. Implementation of Welsh Government advice and guidance. Year on year improvement. Issue Date: June 2015 Page 14 of 21 Review Date: June 2018

15 Appendix 1 INFORMATION GOVERNANCE ROLES & ACCOUNTABILITY CHAIN Accountable Officer / Data Controller Chief Executive (Overall responsibility for ensuring that organisation risks are assessed and mitigated to an acceptable level) Caldicott Guardian Medical Director (Provides a focal point for patient confidentiality and information sharing issues. Is concerned with management of patient information and is the advisory and conscience of the organisation) Senior Information Risk Owner (SIRO) Director of Therapies & Health Science (Board level position with lead responsibility for the organisation s information risk) Data Protection Officer / Information security lead Information Governance Manager (Management of IG across the whole organisation, ensuring it complies with statutory requirements in relation to Information security, confidentiality, data protection, Caldicott) Information Asset Owner (IAO) To be confirmed (Assigned owners responsible for a particular information asset/s and responsible for providing assurances to the SIRO on information risks) Information Asset Administrator (IAA) To be confirmed (Board level position with lead responsibility for the organisation s information risk) Issue Date: June 2015 Page 15 of 21 Review Date: June 2018

16 Appendix 2 Information Governance Assurance Framework Theme Governance Statutory Obligations National Standards Organisational Performance Assurance Requirement Strategy & Policy Quality of data and information Complaints & Learning Incidents & Learning Risks Internal Audits Freedom of Information Act 2000 Data Protection Act 2000 Access to Health Records Act 1990 Caldicott Principles into Practice Welsh code of confidentiality Records management standards Information security standards Workforce training Performance Indicators Assurance Source IG Strategy Implementation Plan Position report against status of IG Policies WAO Clinical Coding Audit Transformation Programme Data and Information Complaints summary and associated learning Incidents summary and associated learning Integrated Risk Register, including audit recommendations Overview of Audits planned and outstanding recommendations FOI Annual Report Key Performance Indicators FOI Policy and Procedures DPA Annual Report Key Performance Indicators DPA Policy and Procedures DPA Annual Report Self-assessment and out-turn report Policy Training uptake Policy Training uptake Incident Reporting Policy Training uptake Incident Reporting DPA Annual Report Training and Development Plan Training uptake IG Performance Report Issue Date: June 2015 Page 16 of 21 Review Date: June 2018

17 Appendix 3 Key Drivers include (but not limited to): Data Protection Act 1998 and Freedom of Information Act 2000 National standards on; Records Management, Information and ICT Security Caldicott Principles into Practice self assessment Standards for Healthcare Services assessment - 1 (Governance and Accountability), 19 (Information Management and Communications Technology), 20 (Records Management) Internal & External audits (WAO, ICO etc) Wales Accord for Sharing Personal Information (WASPI) Strategic Objective Implementation Plan 5.1 Audit and monitoring Undertake regular reviews, assessments and audits of how information is recorded, held and used and will be used to identify good practice and opportunities for improvement. 5.2 Policies Ensure that all practice, policies and procedures relating to the handling and holding of personal and Health Board corporate information are legal and conform Complete the annual Caldicott Principles into Practice self Assessment and produce an Out-turn report and Improvement Plan Complete the annual Standards for Health Services assessment and identify areas for improvement Participate in ICO surveys to help identify area requiring improvement / to provide a level of assurance Analyse Datix incident and risk management reports to inform opportunities for improvement Follow up any assessments and internal and external audits with relevance to Information Governance and monitor progress via the Information Governance Management Group. Routinely report assurance to the Information Governance Committee. Develop policies and procedures to support the processing of information and which conforms to best practice, legal requirements, national standards and in response to requirements identified through audits and other means Maintain, monitor and routinely report a schedule of related policies to the IGMG/IGC to ensure they are reviewed and developed as appropriate Issue Date: June 2015 Page 17 of 21 Review Date: June 2018

18 to best and/or recommended practice. Ensure that a review process is in place to monitor their effectiveness so improvements or deterioration in information handling standards can be recognised and addressed. 5.3 Training and awareness Work to instil a culture that improves Information Governance in the Health Board through increasing awareness and providing training on all key Information Governance issues. Support the development and implementation of the mandatory all Wales IG e-learning module to all staff to ensure 100% uptake is achieved Promote and implement the recommended NHS England IG Toolkit e- learning modules identified within the Training Needs Analysis Promote, monitor and report the uptake of information governance training to enable staff to have the necessary skills and confidence to handle information effectively and safely providing assurance to the Board Promote information governance awareness through the work of the IGMG, team/locality meetings, newsletters, site visits and workshops 5.4 Information for service users/the public Ensure that clear advice is given to service users about how their personal information is recorded, handled, stored and shared by the Health Board and its partners. They should be fully informed of their rights in respect of how their personal information is processed and managed and any impact on privacy be assessed where new innovations involve processing personal information. Ensure that non confidential information about the Health Board and its services is readily and easily available through a variety of media, in line with the Health Board s Publication Scheme. Develop, maintain, promote and monitor the organisation s website to ensure as much information as appropriate is available to the public/service user. Support the ongoing development of the Publication Scheme and Disclosure Log which should reduce the number of information requests made under the Freedom of Information Act 2000 Make information leaflets and posters more readily available on an ongoing basis around the service/waiting areas to ensure that service users are fully informed Engage with service users when IG developments impact upon them Develop and publish Privacy Impact Assessments 5.5 Data Quality Implement the Information Asset Owner/Administrator roles to support the IG agenda Issue Date: June 2015 Page 18 of 21 Review Date: June 2018

19 Managers should take ownership of, and seek to improve the quality of information within their services and that information quality is assured at the point of collection. Quality should be maintained through accurate recording and through clear and consistent definition of data items in accordance with national standards. 5.6 Incidents, Risks and Learning Continue to develop and maintain incident and risk reporting procedures. Investigate all reported instances of actual or potential breaches of information security and confidentiality. Learning should be reported and shared to improve compliance and to identify areas of risk in line with the Health Board s Risk Management policy and procedures. 5.7 Information Sharing Ensure that, where appropriate and subject to confidentiality constraints, information is shared with other NHS, social care, partner organisations and contractors in order to support patient care. This should be managed in accordance with the Wales Accord for Sharing Personal Information (WASPI) framework in the form of information sharing agreements and/or data processor contracts. 5.8 Information Security Develop and implement the Data Quality Policy Promote information quality and effective records management through policies, procedures/user manuals and training Ensure information systems hold the information required to support clinical practice and operational management. Develop information systems and reporting processes which support effective performance management and monitoring Ensure the Datix Incident Reporting System meets the reporting requirements and that users are trained and supported appropriately Maintain an IG Risk Register Routinely report trends and lessons learned to IGMG/IGC to provide assurance Raise awareness and share learning with Health Board colleagues and others as appropriate Identify follow up actions and manage via the Integrated IG Work Programme Develop and maintain an Information Asset Register, identify Information Asset Owners and Administrators Develop and implement an Information Flow Mapping policy to ensure all information flows are comprehensively mapped to identify areas of risk. Information sharing agreements will be developed in accordance with the WASPI framework where possible to support the routine sharing of personal information within and outside of the NHS Maintain, monitor and routinely report a schedule of agreements to the IGMG/IGC to ensure they are reviewed and developed as appropriate Create and maintain a register of 3 rd party contracts and ensure appropriate Data Processor Agreements are developed in support Issue Date: June 2015 Page 19 of 21 Review Date: June 2018

20 Promote effective information security and confidentiality secure practice to all permanent/temporary, contracted staff and third party associates of the Health Board through policies, procedures, training and information awareness documentation. Support the development and implementation of the all Wales Information Security policy Review the Information Security standards and identify any actions required in support 5.9 Joint/collaborative working Continue to develop a closer working relationship with Powys County Council in respect of information governance. Collaborate over key areas of information governance and adopt a joint approach to tackling areas identified within the Integrated IG Work Programme where possible. Continue to support the NWIS ICT programme and other national/local initiatives as appropriate eg Community Care Information System. Explore links with Primary Care to ensure the appropriate governance and assurance arrangements exist Governance Maintain a clear reporting structure and ensure through management action and training that all staff understand IG requirements. Develop information systems and reporting processes which support effective performance management and monitoring. Attend national groups and utilise virtual networks to discuss issues affecting IG and feedback to the IGMG as appropriate Provide IG support to new national and local initiatives led by NWIS, the Programme Management Office and ICT Projects eg supporting the implementation of the Community Care Information System, Digital Records Service, Mastermind, Casenote Tracking etc. Meet with PCC colleagues to consider a joint approach to key areas of work eg implementing Privacy Impact Assessments, Information Flow Mapping and ownership, the Community Care Information System and a central records storage solution etc as identified within the Integrated IG Work Programme Explore links with Primary Care to ensure the appropriate governance and assurance arrangements exist. Link with the ICT, Information and other teams as necessary and keep abreast of new issues affecting IG Routinely report assurance that information governance arrangements are operating efficiently and effectively to relevant committees and in accordance with their Terms of Reference Ensure the Terms of Reference of relevant committees are reviewed annually Provide comprehensive performance reports to the IGMG / IGC on key areas of IG to include; incidents, concerns, risks and lessons learned, training uptake, status of policies and information sharing agreements etc Explore the IG support requirements and responsibilities for new and existing services eg hosting NISCHR, managing the property of other Health Authorities by attending meetings, reviewing contracts and statutory instruments etc Issue Date: June 2015 Page 20 of 21 Review Date: June 2018

21 5.11 Records and information management Ensure effective processes are in place to manage records and information. Effective management of records will ensure that we know what information is available and where it is stored. This will support the delivery of patient care, enable us to respond promptly to access to information requests and increase openness and transparency about what we do. This will be achieved by implementing above Issue Date: June 2015 Page 21 of 21 Review Date: June 2018

Information Governance Policy

Information Governance Policy Information Governance Policy Version: 4.0 Ratified by: NHS Bury Clinical Commissioning Group Information Governance Operational Group Date ratified: 19 th September 2017 Name of originator /author (s):

More information

INFORMATION GOVERNANCE STRATEGY AND STRATEGIC VISION

INFORMATION GOVERNANCE STRATEGY AND STRATEGIC VISION INFORMATION GOVERNANCE STRATEGY AND STRATEGIC VISION Policy approved by: Joint Audit and Governance Committee Date: December 2016 Next Review Date: October 2018 Version: 2.0 Information Governance Strategy

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy Number IG001 Target Audience CCG/ GMSS Staff Approving Committee CCG Chief Officer Date Approved February 2018 Last Review Date February 2018 Next Review Date February

More information

IGPr002 - Information Governance Management Framework

IGPr002 - Information Governance Management Framework IGPr002 - Information Governance Management Framework Page 1 of 10 Table of Contents Information Governance Management Framework... 1 Why we need this Framework... 3 What the Framework is trying to do...

More information

West Kent Clinical Commissioning Group

West Kent Clinical Commissioning Group West Kent Clinical Commissioning Group Information Governance Strategy 2017-18 Release: Final Approved Date: 27/10/2016 Author: Jamie Sheldrake Senior Associate - Information Governance Owner: SOUTH EAST

More information

Information Governance Policy and Management Framework

Information Governance Policy and Management Framework Putting Barnsley People First Information Governance Policy and Management Framework Version: 2.0 Approved By: Governing Body Date Approved: February 2014 Name of originator / author: Richard Walker Name

More information

INFORMATION COMMISSIONER S OFFICE FOLLOW UP DATA PROTECTION AUDIT REPORT. Information Governance Manager. This paper supports:

INFORMATION COMMISSIONER S OFFICE FOLLOW UP DATA PROTECTION AUDIT REPORT. Information Governance Manager. This paper supports: FOR DISCUSSION INFORMATION GOVERNANCE COMMITTEE 28 APRIL 2015 AGENDA ITEM 2.6 INFORMATION COMMISSIONER S OFFICE FOLLOW UP DATA PROTECTION AUDIT REPORT Report of Paper prepared by Director of Therapies

More information

Information Governance Management Framework

Information Governance Management Framework Information Governance Management Framework November 2014 Author: Responsibility: Lynda Harris, Head of Information Governance All Staff Effective Date: November 2014 Review Date: November 2015 Reviewing/Endorsing

More information

Information Governance Assurance Framework

Information Governance Assurance Framework Document Reference POL008 Document Status Approved Version: V4.0 DOCUMENT CHANGE HISTORY Initiated by Date Author IG Toolkit Requirements November 2010 IG Manager Version Date Comments (i.e. viewed, or

More information

IG01 Information Governance Management Framework

IG01 Information Governance Management Framework IG01 Information Governance Management Framework 1 INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK Document History Document Reference: IG01 Document Purpose: The document compliments all other Information

More information

Overarching Information Governance Policy

Overarching Information Governance Policy Document Information Board Library Reference Document Type Document Subject Original Document Author Reviewed By Review Cycle IM&T_01 Policy Information Information IGMG 3 Years Note: This document is

More information

Information Governance Strategic Management Framework

Information Governance Strategic Management Framework Information Governance Strategic Management Framework 2016-2018 Susan Meakin Information Governance Manager June 2016 Information Governance DOCUMENT CONTROL: Version: 2 Ratified by: Health Informatics

More information

NHS Sunderland Clinical Commissioning Group. Information Governance Strategy 2016/17

NHS Sunderland Clinical Commissioning Group. Information Governance Strategy 2016/17 NHS Sunderland Clinical Commissioning Group Information Governance Strategy 2016/17 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Executive Committee Governing

More information

Information governance strategy

Information governance strategy Information governance strategy January 2018 Version 1.0 NHS fraud. Spot it. Report it. Together we stop it. Version control Version Name Date Comment V 1.0 Trevor Duplessis 22/01/18 Due for review Dec

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY CONSULTATION AND RATIFICATION SCHEDULE Document Name: Governance Policy Policy Number/Version: 2.0 Name of originator/author: Midlands & Lancashire CSU Governance Team Ratified

More information

Information Governance Strategy and Management Framework

Information Governance Strategy and Management Framework Information Governance Strategy and Management Framework Summary: This strategy sets out the framework, structure, system and accountabilities for Information Governance Management within NHS Eastbourne,

More information

The UK legislation is wholly retrospective and applies to all information held by public authorities regardless of its date.

The UK legislation is wholly retrospective and applies to all information held by public authorities regardless of its date. FREEDOM OF INFORMATION POLICY INTRODUCTION The Freedom of Information (FOI) Act was passed in 2000 and replaces the Open Government Code of Practice that has been in place since 1994. The Act gives the

More information

INFORMATION GOVERNANCE ASSURANCE FRAMEWORK

INFORMATION GOVERNANCE ASSURANCE FRAMEWORK INFORMATION GOVERNANCE ASSURANCE FRAMEWORK Summary This document sets out an overarching framework for the strategic Information Governance agenda in the Business Services Organisation. In particular,

More information

Information Governance Management Framework

Information Governance Management Framework Management Framework Summary: This document sets out the framework, structure, system and accountabilities for Management within West Kent CCG Clinical Commissioning Group. APPROVED BY: Chief Finance Officer

More information

Information Asset Management Policy

Information Asset Management Policy Information Asset Management Policy 1.0 Purpose 1.1 The purpose of this policy is to outline the management of the Fund s information asset register and the actions that will be taken to provide sufficient

More information

Information Security Risk Management Programme and Strategy

Information Security Risk Management Programme and Strategy Information Security Risk Management Programme and Strategy Table of Contents 1. Introduction... 3 2. Purpose... 3 3. Definitions... 3 4. Roles and Responsibilities... 4 4.1. Accountable Officer... 4 4.2.

More information

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK POLICY

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK POLICY INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK POLICY Version: 1.4 Approved by: Date approved: 19 January 2017 Name of Originator/Author: Name of Responsible Committee/Individual: Date issued: Information

More information

Data Quality Policy

Data Quality Policy Cambridgeshire and Peterborough Clinical Commissioning Group (CCG) Data Quality Policy 2017-2019 Ratification Process Lead Author(s): Reviewed / Developed by: Approved by: Ratified by: Associate Director

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY 1. CONSULTATION AND RATIFICATION SCHEDULE 1.2. Document Name: Governance Policy 1.4. Policy Number/Version: V4.0 1.6. Name of originator/author: Midlands & Lancashire CSU

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Applicable to All employees Version1.0 Last Updated March 2014 CONFIDENTIAL Page 2 of 6 Contents 1. Objectives 3 2. Scope 3 3. Principles 3 4. Information Governance Policy

More information

Data Protection Policy

Data Protection Policy Data Protection Policy StCH Data Protection Policy - POL 53 vs1 - July 2016 1 Document Control Table Document Title: Data Protection Policy Document Ref: POL 53 Author (name and job title): Karen Anderson,

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Owner Author Information Team Information Governance Manager Reviewed by Approved by and date Council/Committee/EMT Board - Date approved Effective from 24 April 2017 Review

More information

INFORMATION GOVERNANCE STRATEGY. Documentation control

INFORMATION GOVERNANCE STRATEGY. Documentation control INFORMATION GOVERNANCE STRATEGY Documentation control Reference Date Approved Approving Body Version Supersedes Consultation Undertaken Target Audience Supporting procedures GG/INF/01 TRUST BOARD Information

More information

DATA QUALITY POLICY. Version: 1.2. Management and Caldicott Committee. Date approved: 02 February Governance Lead

DATA QUALITY POLICY. Version: 1.2. Management and Caldicott Committee. Date approved: 02 February Governance Lead DATA QUALITY POLICY Version: 1.2 Approved by: Date approved: 02 February 2016 Name of Originator/Author: Name of Responsible Committee/Individual: Information Governance, Records Management and Caldicott

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Page 1 of 13 INFORMATION GOVERNANCE POLICY EXECUTIVE SUMMARY Key Messages Principles of Information Governance Openness Confidentiality and Legal Compliance Information Security

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date June 2017 Approving Body Audit Committee Date of

More information

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK NHS South West Lincolnshire Clinical Commissioning Group (CCG) INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK Document History: Document Reference: Document Purpose: IG01 Date Ratified: January 2015 Ratified

More information

Heart of England NHS Foundation Trust

Heart of England NHS Foundation Trust Heart of England NHS Foundation Trust Data protection audit report Executive summary February 2017 1. Background 1. Background The Information Commissioner is responsible for enforcing and promoting compliance

More information

TRUST GOVERNANCE POLICY (formerly referenced as the CMFT Governance Strategy) - UPDATED NOVEMBER

TRUST GOVERNANCE POLICY (formerly referenced as the CMFT Governance Strategy) - UPDATED NOVEMBER Review Circulation Application Ratification Originator or modifier Supersedes Title CENTRAL MANCHESTER UNIVERSITY HOSPITALS NHS FOUNDATION TRUST TRUST GOVERNANCE POLICY (formerly referenced as the CMFT

More information

Information Governance Management Framework Version 6 December 2017

Information Governance Management Framework Version 6 December 2017 Information Governance Management Framework Version 6 December 2017 Page 1 of 8 Introduction Robust information governance requires clear and effective management and accountability structures, governance

More information

Privacy Impact Assessment Policy and Procedure

Privacy Impact Assessment Policy and Procedure Privacy Impact Assessment Policy and Procedure This document outlines the Trust s approach and methodology for conducting Privacy Impact Assessments in line with the Information Risk Policy Key Words:

More information

Information Governance Management Framework 2016/17

Information Governance Management Framework 2016/17 Information Governance Management Framework 2016/17 Reference: IG12 Compliance with all CCG policies, procedures, protocols, guidelines, guidance and standards is a condition of employment. Breach of policy

More information

Data Protection Act Policy Statement Status/Version: 0.1 Review Information Classification: Unclassified Effective:

Data Protection Act Policy Statement Status/Version: 0.1 Review Information Classification: Unclassified Effective: Data Protection Act Policy Statement Status/Version: 0.1 Review Information Classification: Unclassified Effective: 1 Policy Statement Objective 1.1 It is the policy of Penderels Trust to demonstrate compliance

More information

Findings from ICO audits of 16 local authorities

Findings from ICO audits of 16 local authorities Data protection Findings from ICO audits of 16 local authorities January to December 2013 Introduction This report is based on ICO audits of 16 local authorities between January and December 2013. This

More information

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK Document History Document Reference: IG33 Document Purpose: The document complements all other Information Governance policies and sets out the management arrangements

More information

INFORMATION GOVERNANCE COMMUNICATION STRATEGY

INFORMATION GOVERNANCE COMMUNICATION STRATEGY INFORMATION GOVERNANCE COMMUNICATION STRATEGY 20-2017 Summary This document sets out the steps to be taken during the next two years to maintain and improve communication of the strategic Information Governance

More information

Human Resources. Data Protection Policy IMS HRD 012. Version: 1.00

Human Resources. Data Protection Policy IMS HRD 012. Version: 1.00 Human Resources Data Protection Policy IMS HRD 012 Version: 1.00 Disclaimer While we do our best to ensure that the information contained in this document is accurate and up to date when it was printed

More information

Information Governance Policy

Information Governance Policy Author Darren Rigg Head of Information Governance Corporate Lead Bryan Machin Executive Director of Finance and Resources Document Version 1 Date ratified by Quality Committee 24 th October 2014 Date issued

More information

Code of Corporate Governance

Code of Corporate Governance Code of Corporate Governance 1 FOREWORD From the Chairman of the General Purposes Committee I am pleased to endorse this Code of Corporate Governance, which sets out the commitment of Cambridgeshire County

More information

PHWIGC framework that addresses the issues raised by the Francis Report. Author: John Morley & Jane Evans Information Governance Managers

PHWIGC framework that addresses the issues raised by the Francis Report. Author: John Morley & Jane Evans Information Governance Managers PHWIGC 17 03 Information Governance Audits Purpose of Document: To describe the process that Public Health Wales Information Governance Managers will follow when undertaking announced and unannounced Information

More information

United Lincolnshire Hospitals NHS Trust. Governance Statement 2015/16. Scope of responsibility. The governance framework of the organisation

United Lincolnshire Hospitals NHS Trust. Governance Statement 2015/16. Scope of responsibility. The governance framework of the organisation United Lincolnshire Hospitals NHS Trust Governance Statement 2015/16 Scope of responsibility As Accountable Officer, and Chief Executive of this Board, I have responsibility for maintaining a sound system

More information

Identifies the risk management structure, roles, responsibilities and authority of staff, committees and groups with responsibility for risk

Identifies the risk management structure, roles, responsibilities and authority of staff, committees and groups with responsibility for risk Title Description of document The sets out the process by which the Trust identifies, manages, reduces and mitigates risks to achieving the organisational objectives. It sets out the framework required

More information

Information Risk Policy

Information Risk Policy Information Risk Policy Version 1_0 Responsible Person Information Governance Manager Lead Director Director of Performance and Corporate Services Consultation Route Information Governance Steering Group

More information

Information Sharing Policy

Information Sharing Policy Information Sharing Policy DOCUMENT CONTROL: Version: 1 Ratified by: Risk Management Sub Group Date ratified: 19 December 2012 Name of originator/author: Information Governance Manager Name of responsible

More information

Risk Management and Assurance Strategy

Risk Management and Assurance Strategy Risk Management and Assurance Strategy Version 5.0 Policy number ULHT-MD-GOV-RM-STRAT Document author(s) Head of 2021 Programme Contributor(s) Approved by Policy Approval Group Date approved Date Published

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Document Number 2009/49/V2 Document Title Information Governance Strategy Author Phil Cottis Author s Job Title Information Governance & RA Manager Department IM&T Ratifying

More information

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2017/18

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2017/18 NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2017/18 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Quality, Safety & Risk

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Date completed: February 2016 Responsible Director: Approved by/ date: Director of Compliance Review date: October 2017 Amended: Author: Ben Westmancott Information Governance

More information

Humber Information Sharing Charter

Humber Information Sharing Charter External Ref: HIG 01 Review date November 2016 Version No. V07 Internal Ref: NELC 16.60.01 Humber Information Sharing Charter This Charter may be an uncontrolled copy, please check the source of this document

More information

Date: INFORMATION GOVERNANCE POLICY

Date: INFORMATION GOVERNANCE POLICY Date: INFORMATION GOVERNANCE POLICY Information Governance Policy IGPOL/01 Information Systems Corporate Services Division March 2017 1 Revision History Version Date Author(s) Comments 0.1 12/12/2012 Helen

More information

Documented and publicly available procedures are in place to ensure compliance with the Freedom of Information Act 2000

Documented and publicly available procedures are in place to ensure compliance with the Freedom of Information Act 2000 Documented and publicly available procedures are in place to ensure compliance with the Freedom of Information Act 2000 Guidance Compliance with the Freedom of Information Act 2000 Introduction 1. The

More information

Information Governance Clauses Clinical and Non Clinical Contracts

Information Governance Clauses Clinical and Non Clinical Contracts Information Governance Clauses Clinical and Non Clinical Contracts Policy Number Target Audience Approving Committee Date Approved Last Review Date Next Review Date Policy Author Version Number IG014 All

More information

Minor adjustments from IG Steering Group 0.3 Neil Taylor September 2013

Minor adjustments from IG Steering Group 0.3 Neil Taylor September 2013 Author(s) Andrew Thomas Version 0.3 Version Date 21 August 2013 Implementation/approval Date Review Date August 2014 Review Body Governing Body Policy Reference Number 014 Version Author Date Reason for

More information

NHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY

NHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY NHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY Version Control Version: 2.0 dated 17 July 2015 DATE VERSION CONTROL 04/06/2013 1.0 First draft of new policy

More information

Information Governance Management Framework 2017/18 Reference: IG12

Information Governance Management Framework 2017/18 Reference: IG12 Information Governance Management Framework 2017/18 Reference: IG12 Compliance with all CCG policies, procedures, protocols, guidelines, guidance and standards is a condition of employment. Breach of policy

More information

Data protection (GDPR) policy

Data protection (GDPR) policy Data protection (GDPR) policy January 2018 Version: 1.0 NHS fraud. Spot it. Report it. Together we stop it. Version control Version Name Date Comment 1.0 Trevor Duplessis 22/01/18 Review due Dec 2018 OFFICIAL

More information

This Policy supersedes the following Policy, which must now be destroyed:

This Policy supersedes the following Policy, which must now be destroyed: Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Forensic Readiness Policy NTW(O)56 Lisa Quinn Executive Director of Performance and Assurance Sue Proud Information

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Contents 1. Purpose and scope... 2 2. Background... 2 3. Principles... 2 4. Aims and commitments... 3 5. Roles and responsibilities... 3 6. Breaches of data privacy legislation...

More information

This Policy supersedes the following Policy, which must now be destroyed:

This Policy supersedes the following Policy, which must now be destroyed: Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Forensic Readiness Policy NTW(O)56 Lisa Quinn, Executive Director of Commissioning and Quality Assurance Angela

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Operational Owner: Executive Owner: James Newby Data Protection Officer Sarah Litchfield Senior Information Risk Officer Effective date: 25 th May 2018 Review date: May 2021 Related

More information

Freedom of Information (FOI) Policy

Freedom of Information (FOI) Policy Freedom of Information (FOI) Policy Subject Freedom of Information Act (2000) Policy number Tbc Approved by Trust Executive Group Date approved March 2015 Version 2 Policy owner Director of Communications

More information

Information Assets: Security and Risk Management Policy. Choice, Responsiveness, Integration & Shared Care

Information Assets: Security and Risk Management Policy. Choice, Responsiveness, Integration & Shared Care s: Security and Risk Management Policy Choice, Responsiveness, Integration & Shared Care Worcestershire Mental Health Partnership NHS Trust Reader Box Document Type: Document Purpose: Unique identifier:

More information

INFORMATION GOVERNANCE POLICY AND FRAMEWORK

INFORMATION GOVERNANCE POLICY AND FRAMEWORK INFORMATION GOVERNANCE POLICY AND FRAMEWORK Policy approved by: Audit and Governance Committees Date: 9 th October 2017 Next Review Date: September 2018 Version: 4.0 Information Governance Policy & Framework

More information

Recruitment, Selection and Appointment

Recruitment, Selection and Appointment Recruitment, Selection and Appointment Who Should Read This Policy Target Audience Managers Version 2.0 November 2016 Ref. Contents Page 1.0 Introduction 4 2.0 Purpose 4 3.0 Objectives 4 4.0 Process 5

More information

Policy:E7. Escalation Policy N/A. Appended below at Appendix B. Version: E7/01

Policy:E7. Escalation Policy N/A. Appended below at Appendix B. Version: E7/01 Policy:E7 Escalation Policy Version: E7/01 Ratified by: Trust Management Team Date ratified: 11 th September 2013 Title of Author: Board Secretary & Head of Governance Title of responsible Director Medical

More information

St. Georges Healthcare NHS Trust Freedom of information Publication scheme

St. Georges Healthcare NHS Trust Freedom of information Publication scheme St. Georges Healthcare NHS Trust Freedom of information Publication scheme The Trust has a legal obligation to comply with all appropriate legislation in respect of data and information. It also has a

More information

Records management policy. Document author Assured by Review cycle. Audit and Risk Committee. 1. Introduction Purpose or aim Scope...

Records management policy. Document author Assured by Review cycle. Audit and Risk Committee. 1. Introduction Purpose or aim Scope... Records management policy Board library reference Document author Assured by Review cycle P017 Head of Compliance Audit and Risk Committee 3 Years This document is version controlled. The master copy is

More information

Joint Information Management Strategy

Joint Information Management Strategy Joint Information Management Strategy 2014-2017 Version Control Version Changes By who Date Draft V0.3 Format & H Youngs 10 Sept 2014 Document/Version Control Inclusion of paragraphs 1.5, 2.2 H Youngs

More information

Head of HSE. Group Services, Risk

Head of HSE. Group Services, Risk Policy Title: Document Owner: Owning Department: Classification: Environmental Sustainability Policy Head of HSE Group Services, Risk KCOM Group Internal use only Business Units affected by this Policy:

More information

Hours of Work: 37.5 hours per week (part time hours negotiable)

Hours of Work: 37.5 hours per week (part time hours negotiable) JOB DESCRIPTION Post Title: Head of Performance Assurance Location: NHS Oldham CCG Headquarters (Ellen House) Salary/Grade: Band 8c Hours of Work: 37.5 hours per week (part time hours negotiable) Type

More information

GOVERNANCE STRATEGY October 2013

GOVERNANCE STRATEGY October 2013 GOVERNANCE STRATEGY October 2013 1. Introduction 1.1. The Central Manchester University Hospitals NHS Foundation Trust believes that the role of the governing body is pivotal to the success of the Trust.

More information

CLINICAL & PROFESSIONAL SUPERVISION POLICY (replacing 033/Workforce)

CLINICAL & PROFESSIONAL SUPERVISION POLICY (replacing 033/Workforce) CLINICAL & PROFESSIONAL SUPERVISION POLICY (replacing 033/Workforce) POLICY NUMBER 051/Workforce POLICY VERSION 1 RATIFYING COMMITTEE HR Policy Review Group DATE RATIFIED December 2010 NEXT REVIEW DATE

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Unique Reference / Version Primary Intranet Location Information Management & Governance Secondary Intranet Location Policy Name Information Governance Policy Version Number

More information

Leeds Interagency Protocol for Sharing Information

Leeds Interagency Protocol for Sharing Information Leeds Interagency Protocol for Sharing Information The Protocol An inter-agency initiative to provide a framework for sharing personal information about service users between health and social care organisations

More information

Office of the Police and Crime Commissioner Devon & Cornwall

Office of the Police and Crime Commissioner Devon & Cornwall Not protectively marked Office of the Police and Crime Commissioner Devon & Cornwall Policy Cover Sheet Policy Name: Records and Information management policy Version Number: V1.0 Date: 10/09/14 Policy

More information

Records Management Policy

Records Management Policy Records Management Policy Date Approved: September 2012 Approved By: Senior Leadership Team Ownership: Corporate Development (originally Corporate Contracts and Information Officer) Date of Issue: November

More information

GENERAL DATA PROTECTION REGULATION

GENERAL DATA PROTECTION REGULATION GENERAL DATA PROTECTION REGULATION (GDPR) What is General Data Protection Regulation (GDPR) What this means for GP Practices Replaces the Data Protection Act 1998 (DPA) Designed to match data privacy laws

More information

THE GENERAL DATA PROTECTION REGULATION: GUIDANCE ON THE ROLE OF THE DATA PROTECTION OFFICER

THE GENERAL DATA PROTECTION REGULATION: GUIDANCE ON THE ROLE OF THE DATA PROTECTION OFFICER THE GENERAL DATA PROTECTION REGULATION: GUIDANCE ON THE ROLE OF THE DATA PROTECTION OFFICER Contents 1 Introduction 2 2 Key messages 3 3 The requirement to appoint a Data Protection Officer 4 3.1 Public

More information

LONDON BOROUGH OF BARNET CODE OF CORPORATE GOVERNANCE

LONDON BOROUGH OF BARNET CODE OF CORPORATE GOVERNANCE 1. INTRODUCTION LONDON BOROUGH OF BARNET CODE OF CORPORATE GOVERNANCE 1.1 As with all Local Authorities, the council operates through a governance framework. This is an inter-related system that brings

More information

Job Title: Head of Retail Department: Income Generation

Job Title: Head of Retail Department: Income Generation Job Title: Head of Retail Department: Income Generation Reports to: Director of Income Generation Salary: Compton Band 8A 37,020 to 49,055 per annum according to skills and experience Accountable to: Director

More information

Doncaster Council Data Quality Strategy

Doncaster Council Data Quality Strategy Doncaster Council Data Quality Strategy 2016/17-2020/21 Better Data, Better Services Approving Body Date of Approval Date of Implementation Next Review Date Review Responsibility Version Doncaster Council

More information

Data Protection Impact Assessment Policy

Data Protection Impact Assessment Policy Data Protection Impact Assessment Policy Version 0.1 1 VERSION CONTROL Version Date Author Reason for Change 0.1 16.07.18 Debby Jones New policy 2 EQUALITY IMPACT ASSESSMENT Section 4 of the Equality Act

More information

East Riding of Yorkshire Council Data protection audit report. Executive summary March 2014

East Riding of Yorkshire Council Data protection audit report. Executive summary March 2014 East Riding of Yorkshire Council Data protection audit report Executive summary March 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data

More information

Health and Safety Management Standards

Health and Safety Management Standards Management Standards Curtin University Sept 2011 PAGE LEFT INTENTIONALLY BLANK Management Standards Page 2 of 15 CONTENTS 1. Introduction... 4 1.1 Hierarchy of Documents... 4 2. Management System Model...

More information

Audit & Risk Committee Charter

Audit & Risk Committee Charter Audit & Risk Committee Charter Status: Approved Custodian: Executive Office Date approved: 2014-03-14 Implementation date: 2014-03-17 Decision number: SAQA 04103/14 Due for review: 2015-03-13 File Number:

More information

Catch22 policy Health and Safety

Catch22 policy Health and Safety Catch22 policy Health and Safety Contents 1. Summary 2 2. Who is the policy for? 2 3. Policy statement 2 4. Definitions 2 5. Responsibilities 3 6. Health & Safety Management Arrangements 4 7. Related Policies

More information

Records Management Policy

Records Management Policy Records Management Policy November 2013 Page 1 of 12 Policy Title: Records Management Policy Reference Number: CORP 08/003 Original Implementation Date: June 2011 Reviewed: November 2013 Next Review Date:

More information

Humber Information Sharing Charter

Humber Information Sharing Charter External Ref: HIG 01 Insert here the logo of the signatory organisation Review date November 2016 Version No. V07 Internal Ref: ERYC CFS ILS 02 Humber Information Sharing Charter This Charter may be an

More information

BOARD ASSURANCE FRAMEWORK

BOARD ASSURANCE FRAMEWORK BOARD ASSURANCE FRAMEWORK PURPOSE OF THE BOARD ASSURANCE FRAMEWORK The Board Assurance Framework (BAF) provides assurance to the Cwm Taf University Health Board on the delivery of its core purpose Cwm

More information

Business Continuity Management Policy. Date Version Number Planned Review Date Oct 2014 Issue 1 Oct 2017

Business Continuity Management Policy. Date Version Number Planned Review Date Oct 2014 Issue 1 Oct 2017 Business Continuity Management Policy Document Code PtHB / CGP 001 Date Version Number Planned Review Date Oct 2014 Issue 1 Oct 2017 Document Owner Approved by Date Civil Contingencies Executive Team 08/10/2014

More information

LONG SERVICE AWARD POLICY. HR Assistant/Finance Systems Manager. Approval Date: 2 September 2015 Document Type: Policy Non-clinical

LONG SERVICE AWARD POLICY. HR Assistant/Finance Systems Manager. Approval Date: 2 September 2015 Document Type: Policy Non-clinical LONG SERVICE AWARD POLICY Document Reference No: Version No: 3 PtHB / HR005 Issue Date: September 2015 Review Date: September 2018 Author: Document Owner: Accountable Executive: Approved By: /Finance Systems

More information

The Institute of Directors of South Africa ( IoDSA ) is the convener of the King Committee and the custodian of the King reports and practice notes.

The Institute of Directors of South Africa ( IoDSA ) is the convener of the King Committee and the custodian of the King reports and practice notes. ANDULELA INVESTMENT HOLDINGS LIMITED CORPORATE GOVERNANCE Corporate Governance Overview December 2016 The Board of Directors is committed to the implementation of good corporate governance within the group

More information

The Royal Wolverhampton NHS Trust

The Royal Wolverhampton NHS Trust The Royal Wolverhampton NHS Trust Trust Board Report Meeting Date: Monday 30 March, 2015 Title: Information Governance Toolkit Submission V12 2014/15 Executive Summary: Action Requested: Report of: Author:

More information

Memorandum of understanding between the Competition and Markets Authority and NHS Improvement

Memorandum of understanding between the Competition and Markets Authority and NHS Improvement 1 April 2016 Memorandum of understanding between the Competition and Markets Authority and NHS Improvement Contents Page Foreword... 2 Summary points of the MoU... 3 Memorandum of understanding between

More information

Accounting Systems Policy

Accounting Systems Policy ACCOUNT001 Final v1.2 December Accounting Systems Policy Policy Number Target Audience Approving Committee ACCOUNT001 CCG Board CCG Staff CCG Executive Date Approved 17 December Last Review Date December

More information