INFORMATION GOVERNANCE. Caldicott Approval Procedure
|
|
- Lesley Ellis
- 5 years ago
- Views:
Transcription
1 NHS TAYSIDE INFORMATION GOVERNANCE Caldicott Approval Procedure Author: Peter McKenzie Review Group: Information Governance Group Review Date: September 2010 Last Update: September 2009 Document : NHST-ISC-CAP Issue : 1.2 UNCONTROLLED WHEN PRINTED Signed: Executive Lead
2 NHS Tayside Caldicott Guardian Approval Procedure Role of the Caldicott Guardian Caldicott Guardians will be responsible for agreeing and reviewing internal protocols governing the protection and use of patient-identifiable information by the staff of their organisation or those shared with other NHSS organisations. Guardians will need to be satisfied that these protocols address the requirements of national guidance/policy and law and that their operation is monitored. Caldicott Guardians will also be responsible for agreeing and reviewing protocols governing the disclosure of patient information across organisational boundaries, e.g. with social work services and other partner organisations contributing to the local provision of care. These protocols should underpin and facilitate the development of cross boundary working, health improvement programmes and other changes. Patient Identifiable Information The term patient identifiable information means any data item or combination of data items by which a patient's identity may be established. Commonly used patient identifiable data items are; Forename Surname Address Postcode Telephone / Fax CHI Date of Birth Diagnosis address The Caldicott Principles Justify the purpose(s) Every proposed use or transfer of patient-identifiable information within or from an organisation should be clearly defined and scrutinised, with continuing uses regularly reviewed by an appropriate guardian. Don t use patient-identifiable information unless it is absolutely necessary. Patient-identifiable information items should not be used unless there is no alternative. Use the minimum necessary patient-identifiable information. Where use of patient-identifiable information is considered to be essential, each individual item of information should be justified with the aim of reducing identifiability. Access to patient-identifiable information should be on a strict need to know basis. Only those individuals who need access to patient-identifiable information should have access to it, and they should only have access to the information items that they need to see. Everyone should be aware of their responsibilities. Action should be taken to ensure that those handling patient-identifiable information both clinical and non-clinical staff are aware of their responsibilities and obligations to respect patient confidentiality. Understand and comply with the law Every use of patient-identifiable information must be lawful. Someone in each Organisation should be responsible for ensuring that the organisation complies with legal requirements. NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 1 of 11
3 Access Control Access control is essential for ensuring that only authorised persons have: physical access to computer hardware and equipment; access to computer system utilities capable of over-riding system and application controls; access to manual files containing confidential information about individuals; access to computer files and databases containing confidential information about individuals Access to Confidential Information about Individuals Access to person identifiable information will be restricted to those staff who have a justifiable need to know in order to effectively carry out their jobs. The Caldicott Principles underpin the approach that NHS Tayside will adopt. Registered access levels will be used to further limit the access of authorised persons to the minimum information that they need to carry out a task or function. This is particularly relevant to information held electronically, but the principles apply to all records, e.g. staff who need access to manual files for filing purposes should not need to access the information already contained within the files. There are also legal restrictions on who may see certain patient-identifiable information. Only staff whose responsibilities include the treatment of individual patients with such diseases or who are involved more widely with the treatment or prevention of disease, such as those employed by public health departments, should be permitted access to such information. Access Levels and Registration There will be formal and documented user registration for access to all person-identifiable information held in confidence, where multiple users need access. Although this is mainly applicable to electronically held information, the principles extend to manual files. It is particularly important that it is clear, at any point in time, just who should have access to what information and the purpose the information is to be put to. Applying for Caldicott Guardian Approval to Access or Record Patient Information The application process relies upon the completion of a Confidentiality Statement and Data Processing Specification (appendix 1) An approved application is relevant to the specific research/study/project/audit that is specified in the application. The information provided on that basis must not be used for other purposes. The Confidentiality Statement The contents of the Statement are described below. However, the Statement is an approval document and is not expected to contain adequate information to allow authorisation for anything but the simplest of situations. Therefore, it is likely in most cases that additional application information will be provided in support of the application in the form of: Ethics Committee letter of approval, including any recommendations made by the Committee. Where ethics approval has not been necessary an indication of that to be included. An outline of the research/study/project/audit programme indicating; The purpose of the research/study/project/audit - to conform to Data Protection and Caldicott Principles. Any person identifiable information to be used and any anonymisation that will be applied. The arrangements to be employed in contacting/inviting/informing/interviewing/follow up of individuals as part of the research/study/project/audit, where this will occur. NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 2 of 11
4 The management arrangements - to define responsibilities and to confirm that all agreed arrangements take place. Specification of the users and departments/agencies/organisations/companies that will have access to the information - to define responsibilities and if necessary confirm that all have been made aware and will abide by NHS Tayside rules of confidentiality and security. A specification of any manual or computer databases to be devised as part of the research/study/project/audit indicating; Software to be used Who will be developing the database and their employer Where the database will be run from Relevant security arrangements: access control, backup and restore, ongoing support, etc. The arrangements for disposal of the information held. Your arrangements for accessing and processing identifiable personal data must be summarised in a Data Processing Specification for each data source. User Details - the details of the person who is responsible for the work to be undertaken associated with the information to be provided. There is a requirement that this person will abide by NHS Tayside rules of confidentiality and security in using the provided information. Sponsor Details - the details of the NHS Tayside person who is supporting the provision of the information in question, usually to be signed by a consultant if patient data is requested and the applicant is not of that status or is not medically qualified Data Protection Reg.. - only relevant to organisations or agency outside NHS Tayside. Data Requested - a brief description of the information that is to be provided. This is to be supported by the completion of a Data Processing Specification for each data source. Co-users of the Data - a list of individuals who will have access to the information provided and who will be under the management/supervision of the User. Intended use of Data - a brief description of the purposes that the information will be put to. User's Declaration - dated signature of the User. Sponsor's Declaration - dated signature of the Sponsor. Data Processing Specification: - to ensure that it is clear what data is being requested and that the applicant has made appropriate arrangements to gain access with those responsible for managing that data and that the data provided will be managed appropriately by the applicant, a data processing specification is required for each data source. Return Details - completed applications along with supporting documentation to be returned to the Information Governance Office. A flowchart describing the process for application for Caldicott approval is included in appendix 2. Confirmation of Approval Once Caldicott approval has been given the User will receive a confirmation letter and copy of the approved application. Further Development The outcome of research/study/project/audit programmes is often that further work or development in to departmental systems is considered. In such cases further consideration must be taken beyond the Caldicott Guardian approval process and the original approval will unlikely be adequate. NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 3 of 11
5 Where further development is being considered then the NHS Tayside Project Approval Process must be followed in order that such development is considered by the ehealth Group in the context of the NHS Tayside ehealth Strategy. (appendix 3) NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 4 of 11
6 CONFIDENTIALITY STATEMENT - for users of person identifiable data Appendix 1 User Details Name: Position: Organisation: Address: Sponsor Details Name: Position: Organisation: Address: Tel: Tel: Data Protection Reg.. Data Requested : A Data Processing Specification must also be completed. Co-Users of the Data : Intended use of data (inc. publications) : User s Declaration I declare that I understand and undertake to abide by the rules for confidentiality, security and release of data received from NHS Tayside. Signature Date On completion, please return this form to: Information Governance Officer NHS Tayside Ashludie Hospital Monifieth Dundee DD5 4HQ Sponsor s Declaration (to be signed by a consultant if patient data is requested and the applicant is not of that status or is not medically qualified) I declare that the above named user of the data is a bona fide worker engaged in a reputable project and that the data requested can be entrusted to this person in the knowledge that they will conscientiously discharge their obligations in regard to confidentiality of the data. Signature Date Release authorised by Date Ref.. For NHS Tayside use only NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 5 of 11
7 RULES ON CONFIDENTIALITY, SECURITY AND RELEASE OF INFORMATION FOR USERS OF NHS PATIENT DATA 1) If the data received from NHS Tayside are to be held on computer, the signatory of this request, or the organisation (s)he represents, should have an appropriate registration with the Office of the Data Protection Registrar. Details of the registration number should be entered on this document. 2) Data received from NHS Tayside must not be used for any purpose other than for the intended use specified on this document. 3) Data received from NHS Tayside must not be divulged to any person who is not specified as a co-user of the data on this document. 4) Proper safeguards should be applied in keeping the data and destroying it on completion of the work/project declared to prevent any breach of confidentiality. 5) Any misuse or loss of these data should be notified immediately to the Information Governance Officer for NHS Tayside at Ashludie Hospital, Monifieth ( ). 6) Recipients of information supplied by NHS Tayside are reminded that the data has been supplied for the purposes stated in the approved study only. Further submission for approval will be required for any other uses of that data. 7) Any statistics or results of research based on data received from NHS Tayside should not be made available in a form which: a) directly identifies individual data subjects b) is not covered by the intended use of data specified NHS Tayside would welcome copies of any publications based on data supplied. Information Governance Ashludie Hospital Monifieth DD5 4HQ Telephone : Fax : NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 6 of 11
8 CALDICOTT APPROVAL - DATA PROCESSING SPECIFICATION To be submitted with application for Caldicott Approval For each separate source of patient identifiable data that you intend to access in support of your study please provide the following information. Data Source: (Medical Records/System Name) Data Items: (list the data items that you will require from the named data source) Data Source Contact Details: (who have you agreed access to the source data with?) Name: Designation: Base: Tel : address: Data Storage Arrangements: (where arrangements are described in a supplied study protocol then reference to the relevant sections of the protocol can be used) Location: (NHS Tayside, University, etc.) Device to be held on (desktop, laptop, network storage, etc.) Access Controls (how will the data be protected from unauthorised access?) Encryption: (will encryption be used to protect the data?) Anonymisation: (how will the identity of individuals be protected) Format (spreadsheet, database, etc.) If you intend to make contact with patients identified through the processing of this data, indicate how this will be done and how you will ensure that it is appropriate to contact them. It is recommended that contact with patients is through correspondence signed by the patient s GP/Clinician or Head of Clinical Service. NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 7 of 11
9 Appendix 2 - NHS Tayside Confidentiality Statement Flowchart Has your project been approved? Yes Yes Are you going to be accessing patient records or patient identifiable information? You need to get approval from the project stakeholders before you can proceed any further! You require Caldicott approval You do not require Caldicott approval Obtain copy of the Confidentiality Statement and Data Processing Specification from Staffnet Complete User Details on form The Sponsor is usually Lead health or social care organisation The lead employer of the researchers The provider of funding Do you have approval of and details of the project sponsor? Yes Complete details of sponsor on form. Obtain details of the sponsor before proceeding. NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 8 of 11
10 Will data received from NHS Tayside be held on computer? Yes Where data is to be held on a computer, the signatory of this request, or the organisation(s) he/she represents, should have appropriate registration with the Office of the Data Protection Registrar. Details of the registration number should be entered on the appropriate confidentiality statement Where databases are to be created refer to information requirements in the main procedure under Confidentiality Statement section. Do you know the registration number? Obtain the registration number from the organisation that will be holding the information. Yes Enter details on form Enter a brief statement about the data requested and complete a Data Processing Statement for each data source. Data received from NHS Tayside must not be divulged to any person who is not specified as a co-user of the data on the confidentiality statement. Will there be cousers of the data? Yes Full details must be included in the confidentiality statement Full details of the intended use of data must be included NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 9 of 11
11 Include full details of intended publications Yes Do you intend to publish the data? Any statistics or results of research based on data received from NHS Tayside should not be made available in a form which: Directly identifies individual data subjects Is not covered by the intended use of data specified Indicate the period for which the data will be retained Proper safeguards should be applied in keeping the data and destroying it on completion of the work/project declared to prevent any breach of confidentiality Complete the user declaration and have the sponsor complete their declaration on the form Once the form is fully completed, pass to the Information Governance Officer who will obtain Caldicott approval on your behalf. A copy of the authorised confidentiality statement will then be retuned to you to retain as part of your project/research. As noted in the main procedure it is most likely that supporting documentation will have to be provided with the Confidentiality Statement and Data Processing Specifications. Please ensure that you have included this information to avoid delay in processing the application. NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 10 of 11
12 Appendix 3 NHS TAYSIDE: Ehealth/IM&T Computer Systems STANDARD BUSINESS CASE tes: 1. The standard business case will be presented to the ehealth and Area Business IM&T group for clinical and business systems respectively for approval to ensure that any proposal is consistent with the ehealth strategy for NHS Tayside. 2. A separate Standard Business Case Template is required for each individual proposal. 3. Standard business cases should be completed in conjunction with the under-noted members of staff to ensure that all IM&T aspects of the project are covered within the business case to:- Mr Stewart Hunter Mr Ian Fenton stewart.hunter@nhs.net ian.fenton@nhs.net If a scheme covers all the areas within Tayside then any of the above will assist in preparation of the business case. 4. where funding for the project has been identified the support of the relevant Finance staff must be agreed. 5. please note that submissions will only be accepted on this template. 6. tes written in italics are provided for guidance/example only and should be deleted completely before templates are returned. 7. Any queries with this template should be raised, in the first instance, with Stewart Hunter, Tel: Ext Title of the Project Proposal This should include speciality/operational system name E.g. Photobiology, catering systems 2. Introduction/Background - Strategic Objectives A brief overview of the strategic objectives of the proposal relevant to ehealth strategy and how it would impact on Clinical Group/ Service/ Departmental objectives. - Clinical needs A brief overview of the clinical objectives of the proposal relevant to the Group/ Service/ Department/ Facilities clinical needs, as well as those other Departments/ Areas/Groups that rely upon its support.e.g. introduction of computer system may improve information for the clinician but may also impact on the medical records service. - Proposed Outcomes benefits to patient NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 11 of 11
13 A very brief overview of the proposal and how patients and the service will benefit from it? E.g. Will they been seen quicker, will they have to travel less, will they be reviewed by fewer people, etc? NB. This is expanded upon in section Description of the service concerned. - Current Service What does the service look like now and why does it have to change? - Proposed Service What will the service look like if this proposal is implemented? 4. List of options A brief high-level outline of those alternative options for the service initially considered, including brief reasons why each was excluded. 5. Preferred Option A brief narrative describing the preferred option (the proposal) in more detail, explaining the relationship between it and the strategic objectives of the ehealth Strategy as well as meeting the Clinical Directorates/Departments objectives.. 6. Revenue Impact Where financial resources have been identified, these need the support of your accountant within the finance dept. 7. Capital Cost As above. 8. Risk Assessment Please identify any risks to the project either by not implementing the proposal or any known risks associated with developing and implementing the project at this stage. NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 12 of 11
14 Project Approval Process Funded Stream n Funded Stream Commercial Supplier Proposal ehealth Programme Director Business Case (template) ehealth / Area Business IM&T Groups Prioritisation Group ICT Maryfield CTC Ninewells Commercial Supplier NHS Tayside NHS Tayside Caldicott Guardian Approval Procedure Page 13 of 11
INFORMATION TECHNOLOGY SECURITY POLICY
INFORMATION TECHNOLOGY SECURITY POLICY Author Responsible Director Approved By Data Approved September 15 Date for Review November 17 Version 2.3 Replaces version 2.2 Mike Dench, IT Security Manager Robin
More informationInformation Security Policy
Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Colin Sloey Implementation Date: September 2010 Version Number:
More informationData Encryption Policy
Data Encryption Policy Document Control Sheet Q Pulse Reference Number Version Number Document Author Lead Executive Director Sponsor Ratifying Committee POL-F-IMT-2 V02 Information Governance Manager
More informationMobile Working Policy
Mobile Working Policy Date completed: Responsible Director: Approved by/ date: Ben Westmancott, Director of Compliance Author: Ealing CCG Governing Body 15 th January 2014 Ben Westmancott, Director of
More informationInformation backup - diagnostic review Abertawe Bro Morgannwg University Health Board. Issued: September 2013 Document reference: 495A2013
Information backup - diagnostic review Abertawe Bro Morgannwg University Health Board Issued: September 2013 Document reference: 495A2013 Status of report This document has been prepared for the internal
More informationINFORMATION SECURITY AND RISK POLICY
INFORMATION SECURITY AND RISK POLICY 1 of 12 POLICY REFERENCE INFORMATION SHEET Document Title Document Reference Number Information Security and Risk Policy P/096/CO/03/11 Version Number V02.00 Status:
More informationUWTSD Group Data Protection Policy
UWTSD Group Data Protection Policy Contents Clause Page 1. Policy statement... 1 2. About this policy... 1 3. Definition of data protection terms... 1 4. Data protection principles..3 5. Fair and lawful
More informationPOWER AND WATER CORPORATION POLICY MANAGEMENT OF EXTERNAL SERVICE PROVIDERS
POWER AND WATER CORPORATION POLICY MANAGEMENT OF EXTERNAL SERVICE PROVIDERS Prepared by: Approved by: Chief Procurement Officer John Baskerville Chief Executive File number: D2015/65737 June 2015 MANAGEMENT
More informationINFORMATION ASSET MANAGEMENT POLICY
INFORMATION ASSET MANAGEMENT POLICY Approved by Board of Directors Date: To be reviewed by Board of Directors March 2021 CONTENT PAGE 1. Introduction 3 2. Policy Statement 3 3. Purpose 4 4. Scope 4 5 Objectives
More informationData Protection Policy
Page 1 of 6 General Statement The Local Governing Bodies of the academies have overall responsibility for ensuring that records are maintained, including security and access arrangements, in accordance
More informationData protection policy
Data protection policy Context and overview Introduction The ASHA Centre needs to gather and use certain information about individuals. These can include customers, suppliers, business contacts, employees
More information"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.
Rushcliff Ltd Data Processing Agreement This Data Processing Agreement ( DPA ) forms part of the main terms of use of PPS, PPS Express, PPS Online booking, any other Rushcliff products or services and
More informationData Processing Agreement
In accordance with the European Parliament- and Council s Directive (EU) 2016/679 of 27th April 2016 (hereinafter GDPR) on the protection of physical persons in connection with the processing of personal
More informationInstitute of Technology, Sligo. Information Security Policy. Version 0.2
Institute of Technology, Sligo Information Security Policy Version 0.2 1 Document Location The document is held on the Institute s Staff Portal here. Revision History Date of this revision: 28.03.16 Date
More informationData protection. 3 April 2018
Data protection 3 April 2018 Policy prepared by: Ltd Approved by the Directors on: 3rd April 2018 Next review date: 31st March 2019 Data Protection Registration Number (ico.): Z2184271 Introduction Ltd
More informationCERTIFICATION BODY (CB) APPROVAL REQUIREMENTS FOR THE IFFO RESPONSIBLE SUPPLY (IFFO RS) AUDITS AND CERTIFICATION
CERTIFICATION BODY (CB) APPROVAL REQUIREMENTS FOR THE IFFO RESPONSIBLE SUPPLY (IFFO RS) AUDITS AND CERTIFICATION Introduction The IFFO RS Certification Programme is a third party, independent and accredited
More informationUWC International Data Protection Policy
UWC International Data Protection Policy 1. Introduction This policy sets out UWC International s organisational approach to data protection. UWC International is committed to protecting the privacy of
More informationEnviro Technology Services Ltd Data Protection Policy
Enviro Technology Services Ltd Data Protection Policy 1. CONTEXT AND OVERVIEW 1.1 Key details Rev 1.0 Policy prepared by: Duncan Mounsor. Approved by board on: 23/03/2016 Policy became operational on:
More informationGMSS Information Governance & Cyber Security Incident Reporting Procedure. February 2017
GMSS Information Governance & Cyber Security Incident Reporting Procedure February 2017 Review Date; April 2018 1 Version Control: VERSION DATE DETAIL D1.0 20/04/2015 First Draft (SC) D 2.0 28/04/2015
More informationEmployee Security Awareness Training Program
Employee Security Awareness Training Program Date: September 15, 2015 Version: 2015 1. Scope This Employee Security Awareness Training Program is designed to educate any InComm employee, independent contractor,
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationInformation Governance and Code of Conduct
This document is also available in other languages and formats upon request Information Governance and Code of Conduct For further information and guidance contact the Information Governance team: Tel:
More informationAdkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts
Adkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts POLICY STATEMENT Adkin is committed to protecting and respecting the privacy of all of our clients. This Policy
More informationPrivacy notice. Last updated: 25 May 2018
Privacy notice Last updated: 25 May 2018 www.courtprice.co.uk ('Website') is provided by Courtprice Limited ('we'/'us'/'our'). In doing so, we may be in a position to receive and process personal information
More informationProcedure re-written. (i.e. All staff with responsibility for the creation, use and management of organisational responsibility)
Standard Operating Procedure Title of Standard Operation Procedure: Corporate Records Management Procedure Reference Number: ECT002863 Version No: 2.0 Supersedes Versions No: 0.1 Amendments Made: Procedure
More informationPRIVACY NOTICE VOLUNTEER INFORMATION. Liverpool Women s NHS Foundation Trust
PRIVACY NOTICE VOLUNTEER INFORMATION Liverpool Women s NHS Foundation Trust Introduction This document summarises who we are, what information we hold about you, what we will do with the information we
More informationPS Mailing Services Ltd Data Protection Policy May 2018
PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect
More informationNDIS Quality and Safeguards Commission. Incident Management System Guidance
NDIS Quality and Safeguards Commission Incident Management System Guidance Version 1 - May 2018 Acknowledgment This guidance is published by the Australian Government, using resources developed by the
More informationInformation Governance Policy (incorporating IM&T Security)
(incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationICT Portable Devices and Portable Media Security
ICT Portable Devices and Portable Media Security Who Should Read This Policy Target Audience All Trust Staff, contractors, and other agents, who utilise trust equipment and access the organisation s data
More informationPolicy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager.
London School of Economics & Political Science IT Services Policy Remote Access Policy Jethro Perkins Information Security Manager Summary This document outlines the controls from ISO27002 that relate
More informationData Protection Policy
Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act (DPA) 2018 [UK] For information on this Policy or to request Subject Access please
More informationPANORAMA Data Security & Access Protocol
PANORAMA Data Security & Access Protocol ALL DATA Security Any data provided to the PANORAMA Data Management Facility by external data guardians will be stored securely on the Flinders Medical Centre Y
More informationSt Bernard s Primary School Data Protection Policy
St Bernard s Primary School Data Protection Policy St Bernard s RC Primary School, A Voluntary Academy Approved by Governors: 11.11.2015 Review date: Autumn 2016 St Bernard s Data Protection Policy General
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationInformation Governance Incident Reporting Policy and Procedure
Information Governance Incident Reporting Policy and Procedure Policy Number Target Audience Approving Committee IG007 CCG/GMSS Staff CCG Chief Officer Date Approved February 2018 Last Review Date February
More informationData Protection Policy
Data Protection Policy Data Protection Policy Version 3.00 May 2018 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 The Data Protection Law...
More informationGENERAL PRIVACY POLICY
GENERAL PRIVACY POLICY Introduction The Australian Association of Consultant Pharmacy Pty Ltd (ACN 057 706 064) (the AACP) is committed to protecting the privacy of your personal information. This privacy
More informationUKIP needs to gather and use certain information about individuals.
UKIP Data Protection Policy Context and overview Key details Policy Update Prepared by: D. Dennemarck / S. Turner Update approved by Management on: November 6, 2015 Policy update became operational on:
More informationGuidance for Accident Reporting
Guidance for Accident Reporting Produced by Date approved and agreed Health, Safety and Wellbeing 1 st February 2016 Review Date 1 st February 2017 Version 1.0 Document reference HSW/GN/AR If you need
More informationThe General Data Protection Regulation
PRIVACY NOTICE INFORMATION FOR (a) APPLICANTS TO AND USERS OF CHS COMMUNITY SUPPORT SERVICES; (b) OTHER STAKEHOLDERS CHS is committed to protecting your personal data. This privacy notice sets out how
More informationSHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT
SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT AGREEMENT DATED [ ] BETWEEN: (1) SHELTERMANAGER LTD and (2) [ ] ( The Customer ) BACKGROUND (A) (B) (C) This Agreement is to ensure there is in place
More informationAccess Control Policy
Access Control Policy Version Control Version Date Draft 0.1 25/09/2017 1.0 01/11/2017 Related Polices Information Services Acceptable Use Policy Associate Accounts Policy IT Security for 3 rd Parties,
More informationBRIDGEWATER SURGERIES. Privacy Notice
BRIDGEWATER SURGERIES Privacy Notice We understand how important it is to keep your personal information safe and secure and we take this very seriously. We have taken steps to make sure your personal
More informationCOMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2
COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September 2018 Table of Contents 1. Scope, Purpose and Application to Employees 2 2. Reference Documents 2 3. Definitions 3 4. Data Protection Principles
More informationInformation Security Strategy
Security Strategy Document Owner : Chief Officer Version : 1.1 Date : May 2011 We will on request produce this Strategy, or particular parts of it, in other languages and formats, in order that everyone
More informationma recycle GDPR Privacy Policy .com Rely and Comply... Policy Date: 24 May 2018
ma recycle.com Rely and Comply... GDPR Privacy Policy Policy Date: 24 May 2018 Max Recycle Hawthorne House Blackthorn Way Sedgeletch Industrial Estate Fencehouses Tyne & Wear DH4 6JN T: 0845 026 0026 F:
More informationInformation Governance Incident Reporting Policy
Information Governance Incident Reporting Policy Version: 4.0 Ratified by: NHS Bury Clinical Commissioning Group Information Governance Operational Group Date ratified: 29 th November 2017 Name of originator
More informationPolicy on Privacy and Management of Personal Information
Policy on Privacy and Management of Personal Information Purpose The purpose of this privacy policy is to: clearly communicate how SMA manages personal information; provide students, members, staff and
More informationPrivacy Impact Assessment
Automatic Number Plate Recognition (ANPR) Deployments Review Of ANPR infrastructure February 2018 Contents 1. Overview.. 3 2. Identifying the need for a (PIA).. 3 3. Screening Questions.. 4 4. Provisions
More informationUniversity of Liverpool
University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October
More informationGeneral Data Protection Regulation
General Data Protection Regulation Workshare Ltd ( Workshare ) is a service provider with customers in many countries and takes the protection of customers data very seriously. In order to provide an enhanced
More informationSubject: Kier Group plc Data Protection Policy
Kier Group plc Data Protection Policy Subject: Kier Group plc Data Protection Policy Author: Compliance Document type: Policy Authorised by: Kier General Counsel & Company Secretary Version 3 Effective
More informationUniversity of Wisconsin-Madison Policy and Procedure
Page 1 of 10 I. Policy The Health Information Technology for Economic and Clinical Health Act regulations ( HITECH ) amended the Health Information Portability and Accountability Act ( HIPAA ) to establish
More informationLOUGHBOROUGH UNIVERSITY RESEARCH OFFICE STANDARD OPERATING PROCEDURE. Loughborough University (LU) Research Office SOP 1027 LU
LOUGHBOROUGH UNIVERSITY RESEARCH OFFICE STANDARD OPERATING PROCEDURE Loughborough University (LU) Research Office SOP 1027 LU Process for Writing Study Protocols for NHS Research Sponsored by Loughborough
More informationPolicy General Policy GP20
Email Policy General Policy GP20 Applies to All employees Committee for Approval Quality and Governance Committee Date of Approval September 2012 Review Date June 2014 Name of Lead Manager Head of Technology
More informationElectronic Communications with Citizens Guidance (Updated 5 January 2015)
Electronic Communications with Citizens Guidance (Updated 5 January 2015) Overview - Email Activities Outside Of The Scope Of The Policy And This Guidance Requests To Use Email/SMS Outside The Scope Of
More informationSAFE USE OF MOBILE PHONES AT WORK POLICY
SAFE USE OF MOBILE PHONES AT WORK POLICY Links to Lone Working Policy, Personal Safety Guidance, Lone Working Guidance, Information Governance Policy Document Type General Policy Unique Identifier GP31
More informationData Protection Policy
The Worshipful Company of Framework Knitters Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act 1998 (DPA) [UK] For information on this
More informationBirmingham Community Healthcare NHS Foundation Trust. 2017/17 Data Security and Protection Requirements March 2018
1.0 Executive Summary Birmingham Community Healthcare NHS Foundation Trust 2017/17 Data Security and Protection Requirements March 2018 The Trust has received a request from NHS Improvement (NHSI) to self-assess
More informationPathways CIC Privacy Policy. Date Issued: May Date to be Reviewed: May Issued by Yvonne Clarke
Prepared by: M Franklin Issued: May 2018 Pathways Community Interest Company Review due: May 2020 Pathways CIC Privacy Policy Version 0.3 Approved by: Yvonne Clarke Approval date: 21.05.2018 Pathways CIC
More informationNHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy
NHS Gloucestershire Clinical Commissioning Group 1 Document Control Title of Document Gloucestershire CCG Author A Ewens (Emergency Planning and Business Continuity Officer) Review Date February 2017 Classification
More informationData Sharing Agreement
1 Parties This Data Sharing Agreement is made between: 1.1 The Health and Social Care Information Centre ("NHS Digital"), a non-departmental public body established pursuant to section 252 of the Health
More informationDATA PROTECTION POLICY THE HOLST GROUP
DATA PROTECTION POLICY THE HOLST GROUP INTRODUCTION The purpose of this document is to provide a concise policy regarding the data protection obligations of The Holst Group. The Holst Group is a data controller
More informationWe reserve the right to modify this Privacy Policy at any time without prior notice.
This Privacy Policy sets out the privacy policy relating to this site accessible at www.battleevents.com and all other sites of Battle Events which are linked to this site (collectively the Site ), which
More informationChecklist According to ISO IEC 17065:2012 for bodies certifying products, process and services
Name of Certifying Body Address of Certifying Body Case number Date of assessment With several locations Yes No Assessed locations: (Name)/Address: (Name)/Address: (Name)/Address: Assessed area (technical
More informationTerms & Conditions. Privacy, Health & Copyright Policy
1. PRIVACY Introduction Terms & Conditions Privacy, Health & Copyright Policy When you access our internet web site you agree to these terms and conditions. Bupa Wellness Pty Ltd ABN 67 145 612 951 ("Bupa
More informationData Sharing Agreement. Between Integral Occupational Health Ltd and the Customer
Data Sharing Agreement Between Integral Occupational Health Ltd and the Customer 1. Definitions a. Customer means any person, organisation, group or entity accepted as a customer of IOH to access OH services
More informationHow we do ehealth in NHS Scotland
Implementing strategies & infrastructures for ehealth or How we do ehealth in NHS Scotland Julie Falconer NHS for Scotland s 5.2m people NHS devolved to Scottish parliament Scottish Government Health &
More informationDRAFT Privacy Statement (19 July 2017)
DRAFT Privacy Statement (19 July 2017) European Reference Networks for Rare, Low Prevalence and Rare Diseases Clinical Patient Management System (CPMS) 1. What is the ERN Clinical Patient Management System?
More informationIt applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).
Our Privacy Policy 1 Purpose Mission Australia is required by law to comply with the Privacy Act 1988 (Cth) (the Act), including the Australian Privacy Principles (APPs). We take our privacy obligations
More informationThe ehealth Annual Report aims to highlight the activities within the teams that make up the ehealth Department.
Board paper 18/41 THE STATE HOSPITALS BOARD FOR SCOTLAND Date of Meeting: 28 June 2018 Agenda Reference: Item No: 21 Sponsoring Director: Author(s): Title of Report: Purpose of Report: Finance and Performance
More informationNHS Ayrshire & Arran Organisation & Human Resource Development Policy. Appropriate Use of IT Facilities Policy
NHS Ayrshire & Arran Organisation & Human Resource Development Policy Appropriate Use of IT Facilities Policy Version: 1.5 Date Approved: 2016-01-25 Author: Dept O&HRD, IT Security & Review date: 2018-01-25
More informationGDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd
GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document
More informationSchedule EHR Access Services
This document (this Schedule") is the Schedule for Services ( EHR Access Services ) related to access to the electronic health records ( EHR ) maintained by ehealth Ontario and the use of information in
More informationData Protection Policy
Introduction In order to; provide education, training, assessment and qualifications to its customers and clients, promote its services, maintain its own accounts and records and support and manage its
More informationUse of and Instant Messaging (IM) Policy
Use of Email and Instant Messaging (IM) Policy Name of Author and Job Title: Mike Cavaye, IT & Digital Consultant Name of Review/Development Body: IT Services Ratification Body: Quality and Safety Group
More informationNIPPON VALUE INVESTORS DATA PROTECTION POLICY
NIPPON VALUE INVESTORS DATA PROTECTION POLICY INTRODUCTION Nippon Value Investors KK and Nippon Value Investors, Inc. (together NVI ) are committed to protecting the privacy of individuals whose data they
More information2017_Privacy and Information Security_English_Content
2017_Privacy and Information Security_English_Content 2.3 Staff includes all permanent or temporary, full-time, part-time, casual or contract employees, trainees and volunteers, including but not limited
More informationINFORMATION SECURITY POLICY
YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST INFORMATION SECURITY POLICY Author Head of IT Equality impact Low Original Date September 2003 Equality assessment
More informationVersion 1/2018. GDPR Processor Security Controls
Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in
More informationINNOVENT LEASING LIMITED. Privacy Notice
INNOVENT LEASING LIMITED Privacy Notice Table of Contents Topic Page number KEY SUMMARY 2 ABOUT US AND THIS NOTICE 3 USEFUL WORDS AND PHRASES 4 WHAT INFORMATION DO WE COLLECT? 4 WHY DO WE PROCESS YOUR
More informationThe Data Protection Act 1998 Clare Hall Data Protection Policy
The Data Protection Act 1998 Clare Hall Data Protection Policy Introduction This document is a guide to the main requirements of the new Data Protection Act (DPA) that came into force on 24th October 2001.
More informationPrinciples of Managing Information and Producing Documents
Unit 3: Unit code: QCF Level 2: Principles of Managing Information and Producing Documents J/601/7640 BTEC Specialist Credit value: 3 Guided learning hours: 24 Unit aim This unit is about the knowledge
More informationThis policy should be read in conjunction with LEAP s Conflict of Interest Policy.
Policy Number 4.1 Policy Name Release No. 2 Release Date August 2017 Date For Next Review August 2018 Policy LEAP Social Services/Different Abilities Services (LEAP) is committed to the effective, timely
More informationYou can find a brief summary of this Privacy Policy in the chart below.
In this policy Shine TV Limited with registered office at Shepherds Building Central, Charecroft Way, Shepherds Bush, London, W14 0EE, UK (Company or we) informs you about how we collect, use and disclose
More informationRVC DATA PROTECTION POLICY
RVC DATA PROTECTION POLICY POLICY and PROCEDURES Responsibility of Data Protection Officer Review Date July 2019 Approved by CEC Author D.Hardyman-Rice CONTENTS PAGE 1) Policy Statement 3 2) Key definitions
More informationThe West End Community Trust Privacy Policy
The West End Community Trust Privacy Policy We are committed to protecting your personal information and being transparent about what we do with it, however you interact with us. We are therefore committed
More informationAPPENDIX 1 7 APPENDIX 2 8 APPENDIX 3 10 APPENDIX 4 11
Trust Policy and Procedure Document ref. no: PP(16)276 Form Creation Policy For use in: For use by: For use for: Document owner: Status: Trust wide All staff Management of Form Creation Health Records
More informationIslam21c.com Data Protection and Privacy Policy
Islam21c.com Data Protection and Privacy Policy Purpose of this policy The purpose of this policy is to communicate to staff, volunteers, donors, non-donors, supporters and clients of Islam21c the approach
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Introduction The purpose of this document is to provide a concise policy regarding the data protection obligations of Youth Work Ireland. Youth Work Ireland is a data controller
More informationMotor Sports Association. Data Protection Policy
Motor Sports Association Data Protection Policy Version: 12 Last updated: 15/11/2017 CONTENTS 1 Introduction... 3 2 The Data Protection Act 1998... 3 2.1 The Principles for Good Information Handling...
More informationUse Of Mobile Communication Devices Within Healthcare Premises Policy
Use Of Mobile Communication Devices Within Healthcare Premises Policy Co-ordinator: Director of Facilities Reviewer: Working Group chaired by Director of Facilities Approver: GAPF Signature Signature Signature
More informationData Loss Assessment and Reporting Procedure
Data Loss Assessment and Reporting Procedure Governance and Legal Services Strategy, Planning and Assurance Directorate Approved by: Data Governance & Strategy Group Approval Date: July 2016 Review Date:
More informationInformation Security Incident
Good Practice Guide Author: A Heathcote Date: 22/05/2017 Version: 1.0 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body
More informationADMA Briefing Summary March
ADMA Briefing Summary March 2013 www.adma.com.au Privacy issues are being reviewed globally. In most cases, technological changes are driving the demand for reforms and Australia is no exception. From
More informationA Homeopath Registered Homeopath
A Homeopath Registered Homeopath DATA PROTECTION POLICY Scope of the policy This policy applies to the work of homeopath A Homeopath (hereafter referred to as AH ). The policy sets out the requirements
More informationGDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10
GDPR AMC SAAS AND HOSTED MODULES UK version AMC Consult A/S June 26, 2018 Version 1.10 INDEX 1 Signatures...3 2 General...4 3 Definitions...5 4 Scoping...6 4.1 In scope...6 5 Responsibilities of the data
More informationPolicy & Procedure Privacy Policy
NUMBER POL 050 PAGES 12 VERSION V3.8 CREATED: LAST MODIFIED: REVISION: 05/11/2009 06/06/2018 06/06/2019 DOCUMENTS: Authority to Exchange Information Media Authority Student Staff Privacy Agreement REFERENCES:
More informationInformation Governance Incident Reporting Procedure
Information Governance Incident Reporting Procedure : 3.0 Ratified by: NHS Bury CCG Quality and Risk Committee Date ratified: 15 th February 2016 Name of originator /author (s): Responsible Committee /
More information