Information Governance Management Framework

Similar documents
Information Governance Strategy and Management Framework

NHS Sunderland Clinical Commissioning Group. Information Governance Strategy 2016/17

Information Governance Management Framework

INFORMATION GOVERNANCE STRATEGY AND STRATEGIC VISION

Information Governance Policy

Data Quality Policy

INFORMATION GOVERNANCE STRATEGY

Information Governance Policy

IG01 Information Governance Management Framework

Information Governance Policy

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK

Information Governance Strategic Management Framework

Information Security Risk Management Programme and Strategy

INFORMATION GOVERNANCE POLICY

Information Governance Policy and Management Framework

INFORMATION GOVERNANCE STRATEGY IMPLEMENTATION PLAN

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK

Information governance strategy

Records Management Policy

Information Governance Policy

West Kent Clinical Commissioning Group

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2017/18

INFORMATION GOVERNANCE POLICY

TRUST GOVERNANCE POLICY (formerly referenced as the CMFT Governance Strategy) - UPDATED NOVEMBER

INFORMATION GOVERNANCE STRATEGY. Documentation control

INFORMATION GOVERNANCE POLICY

Information Governance Policy

Heart of England NHS Foundation Trust

DATA QUALITY POLICY. Version: 1.2. Management and Caldicott Committee. Date approved: 02 February Governance Lead

INFORMATION GOVERNANCE POLICY

Information Governance Management Framework Version 6 December 2017

Overarching Information Governance Policy

NHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY

IGPr002 - Information Governance Management Framework

Policy:E7. Escalation Policy N/A. Appended below at Appendix B. Version: E7/01

NHS DIGITAL Records and Document Management Policy

THE GENERAL DATA PROTECTION REGULATION: GUIDANCE ON THE ROLE OF THE DATA PROTECTION OFFICER

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK POLICY

Date: INFORMATION GOVERNANCE POLICY

Information Sharing Policy

Information Governance Assurance Framework

Data Protection Policy

Information Governance Policy

RISK MANAGEMENT COMMITTEE TERMS OF REFERENCE

INFORMATION GOVERNANCE POLICY

Minor adjustments from IG Steering Group 0.3 Neil Taylor September 2013

Information Governance Clauses Clinical and Non Clinical Contracts

Data protection (GDPR) policy

Information Governance, Management & Technology Committee Terms of Reference

Initiative: Information Governance Management

Information Assets: Security and Risk Management Policy. Choice, Responsiveness, Integration & Shared Care

Information Asset Management Procedure

INFORMATION GOVERNANCE POLICY AND FRAMEWORK

Hours of Work: 37.5 hours per week (part time hours negotiable)

Records Management Policy

GENERAL DATA PROTECTION REGULATION

The UK legislation is wholly retrospective and applies to all information held by public authorities regardless of its date.

GOVERNANCE STRATEGY October 2013

Information Asset Management Policy

Humber Information Sharing Charter

Business Continuity Management Policy

Documented and publicly available procedures are in place to ensure compliance with the Freedom of Information Act 2000

Records Management Policy and Strategy

Ref Domain Standard Detail

The Information Commissioner s Office, the Information Governance Alliance and several other organisations are issuing guidance on an on-going basis.

Information Governance User Handbook

Health and Social Care Information Centre (ENDPB) Board Meeting Public Session

IJB SCHEME OF DELEGATIONS TO OFFICERS

Training and Development Policy

Your statutory duties A reference guide for NHS foundation trust governors

NHS Lambeth Clinical Commissioning Group Constitution

Information Governance Management Framework 2016/17

The Royal Wolverhampton NHS Trust

UK Research and Innovation (UKRI) Records Management Policy

JOB DESCRIPTION per week.

HEALTH AND SAFETY POLICY

Privacy Impact Assessment Policy and Procedure

DATA PROTECTION POLICY

Leeds Health Commissioning and System Integration Board. Terms of Reference

Code of Corporate Governance

NHS BARNSLEY CCG DATA QUALITY POLICY SEPTEMBER 2016

NCSE Corporate Governance Guide: Aug Good governance within a public service environment means:

Identifies the risk management structure, roles, responsibilities and authority of staff, committees and groups with responsibility for risk

Information Governance Strategic Management Framework

HSCIC Audit of Data Sharing Activities:

Tiso Blackstar Group SE. (Registration No: SE ) King IV Report on Corporate Governance

Procurement framework for managing Commissioning changes

United Lincolnshire Hospitals NHS Trust. Governance Statement 2015/16. Scope of responsibility. The governance framework of the organisation

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST STRENGTHENING GOVERNANCE ARRANGEMENTS. Report to the Trust Board 24 May 2016

PRIVACY IMPACT ASSESSMENT (PIA) TEMPLATE

Freedom of Information (FOI) Policy

Corporate policy. Business Continuity Management Policy. Issue sheet

PHWIGC framework that addresses the issues raised by the Francis Report. Author: John Morley & Jane Evans Information Governance Managers

DATA QUALITY POLICY Review Date: CONTENT

Auditing of Swedish Enterprises and Organisations

PROCUREMENT A SUMMARY GUIDE OF KEY POINTS

Honorary Contracts Procedure

Findings from ICO audits of 16 local authorities

Information Governance Management Framework 2017/18 Reference: IG12

This Policy supersedes the following Policy, which must now be destroyed:

Transcription:

Management Framework Summary: This document sets out the framework, structure, system and accountabilities for Management within West Kent CCG Clinical Commissioning Group. APPROVED BY: Chief Finance Officer / SIRO EFFECTIVE FROM: February 2017 REVIEW DATE: February 2018 Framework Roles Key Senior Risk Owner (SIRO) Overall responsibility for IG management IG Lead (Day to Day) Caldicott Guardian IG support Registration Authority Manager(s) Policy Chief Finance Officer, Reg Middleton Chief Finance Officer, Reg Middleton South East CSU CO Gillian Wood CCG Chair, Dr Bob Bowes South East CSU Team South East CSU Registration Authority Team

Policies The IG policy is a statement of intention and approach to fulfilling the CCG s statutory and organisational responsibilities. It enables management and staff to make informed decisions, work effectively and comply with relevant legislation. Security Policy The CCG s Corporate Security Policy is a high-level document that utilises a number of controls to protect the organisation s information. The controls are delivered through policies, standards, processes, procedures, supported by tools and user training. Records Management Policy The CCG s records are its corporate memory, providing evidence of actions and decisions and representing a vital asset to support daily functions and operations. Records support policy formation and managerial decisionmaking, protect the interests of the CCG and the rights of patients, staff and members of the public. They support consistency, continuity, efficiency and productivity and help deliver services in consistent and equitable ways. Data Protection and Confidentiality Policy This policy provides a framework for the CCG to ensure compliance with the Data Protection Act 1998. The CCG, as a Data Controller, has a legal obligation to comply with all appropriate legislation with regard to processing personal data. It also should comply with guidance issued by the Department of Health, NHS England, other advisory groups to the NHS and guidance issued by professional bodies. Subject Access Request Process The Data Protection Act 1998 came into force on 1st March 2000. The Act entitles an individual, with certain exceptions, to a copy of both manual data recorded in a relevant filing system and computer data relating to them that is held by the CCG. A request for such information is known as a Subject Access Request. This process sets out the steps the CCG must take to comply with Subject Access Requests. The Action Plan (arising from the assessment each year of the Toolkit) South East CSU on behalf of the CCG produces an Action Plan each year for completing the IG Toolkit up to Level 3 in all requirements, listing all evidence required for compliance.

Freedom of Policy This policy provides a framework for the CCG to ensure compliance with the FOIA, Re-use of Public Sector Regulations 2005 and the Environmental Regulations 2004. The Chiefs Meeting is a high level Group within the CCG which vets and approves all policies, procedures, systems, documentation before forwarded to the CCG Governing Body for final approval, where appropriate. Key Group A Senior Risk Owner has been appointed and is accountable for ensuring that all information risks are identified and managed in line with legal and organisational requirements. Resources A Caldicott Guardian has been appointed and provides specialist advice on patient records including confidentiality and information sharing. Chief Finance Officer as SIRO has overall responsibility for. Chief Finance Officer and South East CSU have day to day responsibility for providing IG advice and support. Security lead responsibility lies with the supporting South East Commissioning Support Unit. Training resources - E-learning IG training tool and Face to Face training available to all staff. Direct training available to meet specialist, identified need. Freedom of is administered within the Commissioning Support Unit. Overall accountability for ensuring safe practice and adherence to the Data Protection Act 1998 and the Caldicott Principles lies with the Chief Finance Officer and is delegated to the Caldicott Guardian.

Every member of staff and all contracted staff are responsible for ensuring that information governance standards including confidentiality and records management are met. This is a contractual requirement. All information assets within West Kent CCG are documented and an information asset owner is identified. The role of the information asset owner is to ensure that all information assets are held in line with legal and organisational requirements. Risk Annual Statement Risk is managed within the overall risk strategy. A data flows exercise is undertaken annually and when a new information flow is set up. A risk assessment of each of these flows is undertaken. As of 16th September 2009, all organisations submitting an IG Toolkit assessment are required to accept the Assurance Statement. The IG Assurance Statement is binding on the CCG and acceptance should be authorised by an appropriate senior individual in the same way as the IG Toolkit assessment itself. Board Assurance Framework (BAF) and Risk Register or CCG equivalent Annual report Contains any high level IG risks that may affect the delivery of the organisation s strategic objectives. Contains a statement of Serious Incidents involving Data Loss or Breach of Confidentiality. Records Manageme nt and Audit A records management plan is in place to ensure consistency of approach across the CCG in line with the Records Lifecycle Policy. Subject Access monitoring Security Asset Register A robust system is in place to ensure all subject access requests are documented and responded to in line with the Data Protection Act 1998. As Subject Access requests will be handled by the Commissioning Support Service this monitoring will be undertaken by them and an annual report provided to the CCG. The CCG is responsible for ensuring the highest standards of Security. The tasks within this service will be bought in from the CSU. A register of all information assets held by the CCG is continually being developed.

Training and Guidance training is provided to all staff via e-learning or delivered face to face. A target of 95% of all staff is aimed for and monitored by the South East CSU Hub. The Commissioning Support Service will provide targeted training for individual staff members or groups of staff who have a specialist requirement. Face to face training is given on request. A Confidentiality Code of Practice is included in every member s contracts of employment to ensure that all personal and organisational information is kept safely and secure and only shared if legally permissible and that there is an organisational reason to do so. Incident Manageme nt incidents are managed in line with the overall Risk and Incident Management Policy. Review and Monitoring This framework will be reviewed annually by the Senior Associate and then sent to the Chief Finance Office / SIRO for approval.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback