Use of Synthetic Data in Live Environments

Size: px
Start display at page:

Download "Use of Synthetic Data in Live Environments"

Transcription

1 Use of Synthetic Data in Live Environments Guidance Published 6 th July 2018 Version 1.0 Final Copyright 2018 NHS Digital

2 Contents Introduction 3 General Principles 4 Synthetic Data Naming Convention 4 Demographics (Names, addresses etc) 5 NHS e-referral Service (e-rs) 5 Contact 5 Appendix A Synthetic data Usage Agreement 6 Copyright 2018 NHS Digital 2

3 Introduction There are occasions where users need to perform transactions on NHS systems which are not real. These may include staff training, deployment testing of new systems/versions or perhaps as part of live incident resolution. Real patient records must never be used for these purposes, therefore NHS Digital provides synthetic data which can be used to separate these transactions from real live transactions. The use of synthetic data in systems which also handle real patient data carries risks. It is important to be aware that the risks include: Confusion between real patient and synthetic data which could result in real data being recorded against a synthetic record and vice versa. Synthetic data booked in to real clinical appointment slots reduces the number of slots available for real patients and this should therefore be avoided at all costs. Inaccurate reporting for statistics or payments. Where users have access to live and test environments they may become confused about which environment they are using at any one time. These risks can be mitigated in part through: Keeping the use of synthetic transactions in live to an absolute minimum. Regular auditing of the use of synthetic data. Following guidance (this document) on the best use of synthetic data. This document gives important guidance on the use of synthetic data in live which must be followed to reduce the risk. This guidance should be read and understood by anyone making use of synthetic data in live. Failure to follow the guidance may mean the synthetic records are revoked and could potentially lead to a live security incident. Before synthetic data is issued by NHS Digital the requestor must sign the Synthetic Data Usage Agreement (Appendix A). Copyright 2018 NHS Digital 3

4 General Principles Wherever possible testing or training should not be conducted in live. NHS Digital can provide access to testing and training environments which contain synthetic data and are purpose built to support NHS organisations to test in a safe, live-like environment to protect patient safety. For more details on this please see Where it is necessary to test or train in live, real patient records must not be used synthetic patients can be requested from testdata@nhs.net. Please provide 5 working days notice for requests to be completed. Synthetic patients must be removed from the end systems once testing is completed they should not be left for ongoing general use by live users. Failure to do so could cause an unnecessary and detrimental impact to live services. You should only use the synthetic data which has been specifically allocated to your organisation. You can check this by ing testdata@nhs.net Data in live (including synthetic data) should only be accessed by people holding valid smartcards in their own name test user accounts are strictly forbidden in live. Anyone using synthetic data in live must read this document, and agree to the guidance, before doing so. Synthetic Data Naming Convention Synthetic patient records in live are identified by their NHS number which always starts 999 e.g The NHS number is valid but is from a range of numbers from which real NHS numbers will never be issued. The Family Name of each record starts XXTESTPATIENT followed by random characters e.g. XXTESTPATIENT-ABDF. The address of the patients is the Test Data Manager at NHS Digital to ensure any post which is inadvertently sent does not get sent to real patients. The test patients are registered to synthetic GP practices. Copyright 2018 NHS Digital 4

5 Demographics (Names, addresses etc) Unless with express consent from the NHS Digital Test Data Manager (contact via the following demographic details must not be changed: Name Address Deceased Status Nominated Pharmacy The following details can be changed if required: Date of Birth Gender Title GP Practice only if consent is received from the GP Practice concerned and it should be reverted to the synthetic practice as soon as possible. NHS e-referral Service (e-rs) The synthetic test records may be used for e-rs deployment testing and training in live where necessary. The following guidance must be followed. DO NOT refer into live services, unless it is a dummy service and you have express consent in writing from that service OR you have express consent in writing from a live service. YOU MUST manage the referral appropriately to ensure live/dummy services are not detrimentally affected by the referral. This will avoid test patients being referred into real services and taking real appointments from actual patients. Referrals into live services are monitored by NHS Digital to avoid inappropriate use of synthetic patients. Contact If you have any questions regarding the use of synthetic data in live or any of the content in this guidance, please contact the Test Data Team (testdata@nhs.net). Copyright 2018 NHS Digital 5

6 Appendix A Synthetic data Usage Agreement 1. NHS Digital Reference: <Project ID> 2. Organisations This Synthetic data Usage Agreement (Agreement) is drawn up between: NHS Digital, 1 Trevelyan Square, Boar Lane, Leeds, LS1 6AE And: <NHS Organisation or Supplier>, <Address Details> 3. Period of Agreement This agreement commences on <date> until further notice. This Agreement will be subject to review on an annual basis. 4. Synthetic data Provided <Summary details of synthetic data provided e.g. 10 demographics records> 5. Purpose for which the Data are to be used <Purpose e.g. data provided to facilitate deployment testing of upcoming release of PAS> 6. Permissions This data is provided for the purposes expressly described in section 5. If the data will be used for purposes other than that described then the data requestor must seek permission from the NHS Digital Synthetic data Manager after which this agreement would be reviewed and updated as appropriate. The data must be used in accordance with the Use of Synthetic data in Live Guidance document ( testdata@nhs.net for a copy). 7. Synthetic Data Ownership and Responsibility The data requestor remains responsible for the use of the synthetic data which has been allocated even if shared and used by others at the organisation therefore a record of who the data has been shared with should be kept. The data requestor is responsible for ensuring the Use of Synthetic data in Live Guidance document is provided to users who have been given access to the synthetic data. 8. Storage of Data The data must be stored on a secure system with appropriate password protection. Transmission of this data must also be via secure means e.g. NHS Mail. 9. Breach of Conditions Notification of breach: The beneficiary agrees to report immediately to NHS Digital instances of breach of any of the terms of this Agreement. Right to terminate access: The breach of any of the terms of this Agreement may result in the immediate termination of access to the Data. 10. Changes to Terms of Agreement NHS Digital has the right to change the terms of this agreement and these will be notified to the beneficiary in writing. The beneficiary also has the right to request changes to the Copyright 2018 NHS Digital 6

7 agreement in writing to NHS Digital. These changes will be considered by NHS Digital and if appropriate an addendum to the agreement will be issued. If the person signing on behalf of <Receiving Organisation> should leave their post or the responsibility for this agreement changes from them, then it is incumbent on that person to arrange a new signatory to this agreement and NHS Digital informed of this requirement immediately. 11. Agreement Signatures For and on behalf of: <Receiving Organisation> Signed: Print Name: Post/Title: Date: For and on behalf of: NHS Digital Signed: Print Name: Post/Title: Date: Copyright 2018 NHS Digital 7

Data Sharing Agreement

Data Sharing Agreement 1 Parties This Data Sharing Agreement is made between: 1.1 The Health and Social Care Information Centre ("NHS Digital"), a non-departmental public body established pursuant to section 252 of the Health

More information

Version 1/2018. GDPR Processor Security Controls

Version 1/2018. GDPR Processor Security Controls Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in

More information

WASHINGTON UNIVERSITY HIPAA Privacy Policy # 7. Appropriate Methods of Communicating Protected Health Information

WASHINGTON UNIVERSITY HIPAA Privacy Policy # 7. Appropriate Methods of Communicating Protected Health Information WASHINGTON UNIVERSITY HIPAA Privacy Policy # 7 Appropriate Methods of Communicating Protected Health Information Statement of Policy Washington University and its member organizations (collectively, Washington

More information

It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).

It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your). Our Privacy Policy 1 Purpose Mission Australia is required by law to comply with the Privacy Act 1988 (Cth) (the Act), including the Australian Privacy Principles (APPs). We take our privacy obligations

More information

INFORMATION SECURITY AND RISK POLICY

INFORMATION SECURITY AND RISK POLICY INFORMATION SECURITY AND RISK POLICY 1 of 12 POLICY REFERENCE INFORMATION SHEET Document Title Document Reference Number Information Security and Risk Policy P/096/CO/03/11 Version Number V02.00 Status:

More information

EMIS v7.1 Patient Access

EMIS v7.1 Patient Access EMIS v7.1 Patient Access Patient Access is a web-based application which has been developed to expand the services available to patients from their GP Practice. It allows the patient to request services

More information

General Data Protection Regulation

General Data Protection Regulation General Data Protection Regulation Workshare Ltd ( Workshare ) is a service provider with customers in many countries and takes the protection of customers data very seriously. In order to provide an enhanced

More information

Information backup - diagnostic review Abertawe Bro Morgannwg University Health Board. Issued: September 2013 Document reference: 495A2013

Information backup - diagnostic review Abertawe Bro Morgannwg University Health Board. Issued: September 2013 Document reference: 495A2013 Information backup - diagnostic review Abertawe Bro Morgannwg University Health Board Issued: September 2013 Document reference: 495A2013 Status of report This document has been prepared for the internal

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act (DPA) 2018 [UK] For information on this Policy or to request Subject Access please

More information

Grand Avenue Primary and Nursery School ICT Data management. Contents

Grand Avenue Primary and Nursery School ICT Data management. Contents Grand Avenue Primary and Nursery School ICT Data management Contents 1. Acceptable Use Statement 2. Transfer and Offsite Use of Sensitive Data 3. E-safety 4. Declaration Introduction These three policy

More information

Access Control Policy

Access Control Policy Access Control Policy Version Control Version Date Draft 0.1 25/09/2017 1.0 01/11/2017 Related Polices Information Services Acceptable Use Policy Associate Accounts Policy IT Security for 3 rd Parties,

More information

Data Sharing Agreement. Between Integral Occupational Health Ltd and the Customer

Data Sharing Agreement. Between Integral Occupational Health Ltd and the Customer Data Sharing Agreement Between Integral Occupational Health Ltd and the Customer 1. Definitions a. Customer means any person, organisation, group or entity accepted as a customer of IOH to access OH services

More information

Data Processing Clauses

Data Processing Clauses Data Processing Clauses The examples of processing clauses below are proposed pending the adoption of standard contractual clauses within the meaning of Article 28.8 of general data protection regulation.

More information

Data protection. 3 April 2018

Data protection. 3 April 2018 Data protection 3 April 2018 Policy prepared by: Ltd Approved by the Directors on: 3rd April 2018 Next review date: 31st March 2019 Data Protection Registration Number (ico.): Z2184271 Introduction Ltd

More information

Policy General Policy GP20

Policy General Policy GP20 Email Policy General Policy GP20 Applies to All employees Committee for Approval Quality and Governance Committee Date of Approval September 2012 Review Date June 2014 Name of Lead Manager Head of Technology

More information

Q and A from the family information sessions 18/10/2016

Q and A from the family information sessions 18/10/2016 Q and A from the family information sessions 18/10/2016 NDIS responses Questions Q: Can a nominee/responsible Person or Guardian access their family members information? Q: Can there be more than one nominee

More information

PERTS Default Privacy Policy

PERTS Default Privacy Policy PERTS Default Privacy Policy Version 1.3 2017-07-15 About PERTS PERTS is a center at Stanford University that helps educators apply evidence-based strategies in order to increase student engagement and

More information

Data Breach Notification Policy

Data Breach Notification Policy Data Breach Notification Policy Policy Owner Department University College Secretary Professional Support Version Number Date drafted/date of review 1.0 25 May 2018 Date Equality Impact Assessed Has Prevent

More information

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy NHS Gloucestershire Clinical Commissioning Group 1 Document Control Title of Document Gloucestershire CCG Author A Ewens (Emergency Planning and Business Continuity Officer) Review Date February 2017 Classification

More information

PORTAL TRANSITION GUIDE. 1 February 2019

PORTAL TRANSITION GUIDE. 1 February 2019 PORTAL TRANSITION GUIDE 1 February 2019 PORTAL TRANSITION GUIDE Portal Transition Guide - 1 February 2019 1 WELCOME The Pharmacy Programs Administrator welcomes you to the new Registration and Claiming

More information

Data Protection Policy

Data Protection Policy Page 1 of 6 General Statement The Local Governing Bodies of the academies have overall responsibility for ensuring that records are maintained, including security and access arrangements, in accordance

More information

HIPAA Security and Privacy Policies & Procedures

HIPAA Security and Privacy Policies & Procedures Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400

More information

2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY

2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY 2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY Purpose: The purpose of this policy is to provide instruction and information to staff, auditors, consultants, contractors and tenants on

More information

BRIDGEWATER SURGERIES. Privacy Notice

BRIDGEWATER SURGERIES. Privacy Notice BRIDGEWATER SURGERIES Privacy Notice We understand how important it is to keep your personal information safe and secure and we take this very seriously. We have taken steps to make sure your personal

More information

"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.

PPS is Private Practice Software as developed and produced by Rushcliff Ltd. Rushcliff Ltd Data Processing Agreement This Data Processing Agreement ( DPA ) forms part of the main terms of use of PPS, PPS Express, PPS Online booking, any other Rushcliff products or services and

More information

Made In Hackney Data Protection Policy Last Updated:

Made In Hackney Data Protection Policy Last Updated: Made In Hackney Data Protection Policy Last Updated: 16.05.2018 Definitions Charity GDPR Responsible Person Register of Systems Made In Hackney (MIH), a registered charity. means the General Data Protection

More information

The system will prompt for Login ID and Password (NB login credentials will be supplied to all staff after Commissioning).

The system will prompt for Login ID and Password (NB login credentials will be supplied to all staff after Commissioning). training handout This training handout is intended to support the learning outcomes for pre-install training for clinical staff. Getting Started / Basic Navigation Medical Record Accessing appointment

More information

RelayHealth Legal Notices

RelayHealth Legal Notices Page 1 of 7 RelayHealth Legal Notices PRIVACY POLICY Revised August 2010 This policy only applies to those RelayHealth services for which you also must accept RelayHealth s Terms of Use. RelayHealth respects

More information

Information Technology Access Control Policy & Procedure

Information Technology Access Control Policy & Procedure Information Technology Access Control Policy & Procedure Version 1.0 Important: This document can only be considered valid when viewed on the PCT s intranet/u: Drive. If this document has been printed

More information

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT AGREEMENT DATED [ ] BETWEEN: (1) SHELTERMANAGER LTD and (2) [ ] ( The Customer ) BACKGROUND (A) (B) (C) This Agreement is to ensure there is in place

More information

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document

More information

EPS Implementation Group. Terms of Reference

EPS Implementation Group. Terms of Reference EPS Implementation Group Programme ETP DOCUMENT RECORD ID KEY Sub-Prog / EPS / JIT Project TBC Prog. Director Ian Lowry Prog. Manager Rachel Version 1.0 Habergahm Author Kieron Martin Version Date 1 st

More information

Data protection policy

Data protection policy Data protection policy Context and overview Introduction The ASHA Centre needs to gather and use certain information about individuals. These can include customers, suppliers, business contacts, employees

More information

PS Mailing Services Ltd Data Protection Policy May 2018

PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect

More information

BODY CORPORATE REGISTRATION Application form

BODY CORPORATE REGISTRATION Application form General Optical Council BODY CORPORATE REGISTRATION Application form Please read the attached guidance notes and complete the form in full. This form is for body corporates who wish to join the General

More information

A Homeopath Registered Homeopath

A Homeopath Registered Homeopath A Homeopath Registered Homeopath DATA PROTECTION POLICY Scope of the policy This policy applies to the work of homeopath A Homeopath (hereafter referred to as AH ). The policy sets out the requirements

More information

Scottish Care Information. SCI Gateway v11.1. Receiving Referrals User Guide

Scottish Care Information. SCI Gateway v11.1. Receiving Referrals User Guide Scottish Care Information SCI Gateway v11.1 Receiving Referrals User Guide Contents 1 Introduction...1-1 2 Accessing SCI Gateway...2-1 Accessing SCI Gateway...2-2 Passwords & Security...2-3 Logging on

More information

THOMSON REUTERS FX TRADING (FXT)

THOMSON REUTERS FX TRADING (FXT) THOMSON REUTERS FX TRADING (FXT) DEALING COORDINATOR USER GUIDE INTRODUCTION This Guide is designed to help the Dealing Coordinator manage Client s use of Dealing. A Dealing Coordinator is a person nominated

More information

Date Approved: Board of Directors on 7 July 2016

Date Approved: Board of Directors on 7 July 2016 Policy: Bring Your Own Device Person(s) responsible for updating the policy: Chief Executive Officer Date Approved: Board of Directors on 7 July 2016 Date of Review: Status: Every 3 years Non statutory

More information

NHS e-referral Service

NHS e-referral Service Archived Referrals Published November 2016 Copyright 2016 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created by statute, also known

More information

GMSS Information Governance & Cyber Security Incident Reporting Procedure. February 2017

GMSS Information Governance & Cyber Security Incident Reporting Procedure. February 2017 GMSS Information Governance & Cyber Security Incident Reporting Procedure February 2017 Review Date; April 2018 1 Version Control: VERSION DATE DETAIL D1.0 20/04/2015 First Draft (SC) D 2.0 28/04/2015

More information

Wye Valley NHS Trust. Data protection audit report. Executive summary June 2017

Wye Valley NHS Trust. Data protection audit report. Executive summary June 2017 Wye Valley NHS Trust Data protection audit report Executive summary June 2017 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act

More information

SUS RBAC Assignment Guide User guidance on Payment by Results (PbR) in SUS Payment by Results (PbR) in SUS

SUS RBAC Assignment Guide User guidance on Payment by Results (PbR) in SUS Payment by Results (PbR) in SUS SUS RBAC Assignment Guide User guidance on Payment by Results (PbR) in SUS Payment by Results (PbR) in SUS Published August 2015 We are the trusted source of authoritative data and information relating

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Data Protection Policy Version 3.00 May 2018 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 The Data Protection Law...

More information

SAFE USE OF MOBILE PHONES AT WORK POLICY

SAFE USE OF MOBILE PHONES AT WORK POLICY SAFE USE OF MOBILE PHONES AT WORK POLICY Links to Lone Working Policy, Personal Safety Guidance, Lone Working Guidance, Information Governance Policy Document Type General Policy Unique Identifier GP31

More information

Guardian Electrical Compliance Ltd DATA PROTECTION GDPR REGULATIONS POLICY

Guardian Electrical Compliance Ltd DATA PROTECTION GDPR REGULATIONS POLICY 1. Statement of Policy (Guardian) needs to collect and use certain types of information about the Individuals or Service Users with whom they come into contact in order to carry on our work. This personal

More information

Health Visitors Allocation Using Monthly Team Planner

Health Visitors Allocation Using Monthly Team Planner Follow the process MTP to be used in place of The New Birth Folder and The Antenatal Folder. Search for patient Check registration - register if needed Check demographics - GP and postcode (to make sure

More information

GDPR Compliance. Clauses

GDPR Compliance. Clauses 1 Clauses GDPR The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU). It became enforceable from May 25 2018. The

More information

Patient Reported Outcome Measures (PROMs)

Patient Reported Outcome Measures (PROMs) Patient Reported Outcome Measures (PROMs) Published September 2017 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created

More information

Survey on Patient Safety Culture Database Data Use Agreement

Survey on Patient Safety Culture Database Data Use Agreement Survey on Patient Safety Culture Database Data Use Agreement Instructions 1. Westat has pre-signed this Data Use Agreement (DUA) in its current form. Any changes or modifications to the DUA other than

More information

Welcome to the latest edition of your PCSE cervical screening bulletin

Welcome to the latest edition of your PCSE cervical screening bulletin Welcome to the latest edition of your PCSE cervical screening bulletin In this bulletin you will find updates on: Ceasing forms for use in GP practices Planned downtime of Exeter systems Christmas opening

More information

Asda. Privacy and Electronic Communications Regulations audit report

Asda. Privacy and Electronic Communications Regulations audit report Asda Privacy and Electronic Communications Regulations audit report Executive summary May 2018 1. Background and Scope The Information Commissioner may audit the measures taken by the provider of a public

More information

St Bernard s Primary School Data Protection Policy

St Bernard s Primary School Data Protection Policy St Bernard s Primary School Data Protection Policy St Bernard s RC Primary School, A Voluntary Academy Approved by Governors: 11.11.2015 Review date: Autumn 2016 St Bernard s Data Protection Policy General

More information

Site Builder Privacy and Data Protection Policy

Site Builder Privacy and Data Protection Policy Site Builder Privacy and Data Protection Policy This policy applies to the work of the Third Age Trust s Site Builder Team. The policy sets out the approach of the Team in managing personal information

More information

Healing School - A Science Academy GDPR Policy (Exams) 2018/19

Healing School - A Science Academy GDPR Policy (Exams) 2018/19 Healing School - A Science Academy GDPR Policy (Exams) 2018/19 This policy is reviewed annually to ensure compliance with current regulations Author Date adopted by MAT Directors Mrs D Barnard Review Date

More information

Mobile Working Policy

Mobile Working Policy Mobile Working Policy Date completed: Responsible Director: Approved by/ date: Ben Westmancott, Director of Compliance Author: Ealing CCG Governing Body 15 th January 2014 Ben Westmancott, Director of

More information

NHS R&D Forum Privacy Policy: FINAL v0.1 May 25 th 2018

NHS R&D Forum Privacy Policy: FINAL v0.1 May 25 th 2018 NHS R&D Forum Privacy Policy: FINAL v0.1 May 25 th 2018 This privacy policy is published to provide transparent information about how we use, share and store any personal information that you may provide

More information

GDPR Draft: Data Access Control and Password Policy

GDPR Draft: Data Access Control and Password Policy wea.org.uk GDPR Draft: Data Access Control and Password Policy Version Number Date of Issue Department Owner 1.2 21/01/2018 ICT Mark Latham-Hall Version 1.2 last updated 27/04/2018 Page 1 Contents GDPR

More information

DATA PROTECTION PRIVACY NOTICE PROTECTING YOUR PERSONAL INFORMATION: YOUR RIGHTS, OUR RESPONSIBILITIES

DATA PROTECTION PRIVACY NOTICE PROTECTING YOUR PERSONAL INFORMATION: YOUR RIGHTS, OUR RESPONSIBILITIES DATA PROTECTION PRIVACY NOTICE PROTECTING YOUR PERSONAL INFORMATION: YOUR RIGHTS, OUR RESPONSIBILITIES You have been given this Notice because Babington collects, uses and stores information about colleagues

More information

Communications to Community Pharmacy

Communications to Community Pharmacy NHS Forth Valley Standard Operating Procedures E-mail Communications to Community Pharmacy DO NOT USE THIS SOP IN PRINTED FORM WITHOUT FIRST CHECKING IT IS THE LATEST VERSION The definitive versions of

More information

Statutory Notifications

Statutory Notifications Registration under the Health and Social Care Act 2008 Statutory Notifications Guidance for registered providers and managers of NHS GP and other primary medical services May 2013 Statutory notifications

More information

COLLECTION & HOW THE INFORMATION WILL BE USED

COLLECTION & HOW THE INFORMATION WILL BE USED Privacy Policy INTRODUCTION As our esteemed client, your privacy is essential to us. Here, at www.indushealthplus.com, we believe that privacy is a top priority. We know that you care how information about

More information

General Data Protection Regulation policy (exams) 2018/19

General Data Protection Regulation policy (exams) 2018/19 The Piggott School General Data Protection Regulation policy (exams) 2018/19 This policy is annually reviewed to ensure compliance with current regulations Approved/reviewed by 1) Reviewed by Tim Griffith

More information

SALISBURY NHS FOUNDATION TRUST. TITLE - Information Strategy Annual Review

SALISBURY NHS FOUNDATION TRUST. TITLE - Information Strategy Annual Review SALISBURY NHS FOUNDATION TRUST PAPER - SFT 1931 TITLE - Information Strategy 2007 2010 Annual Review PURPOSE OF PAPER To inform the Board as to progress made within the Information Systems Strategy during

More information

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2 COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September 2018 Table of Contents 1. Scope, Purpose and Application to Employees 2 2. Reference Documents 2 3. Definitions 3 4. Data Protection Principles

More information

Requirements for a Managed System

Requirements for a Managed System GDPR Essentials Requirements for a Managed System QG Publication 6 th July 17 Document No. QG 0201/4.3 Requirements for a Managed GDPR System The General Data Protection Regulation GDPR will apply in the

More information

Queen Square Neurophysiology Referral Portal

Queen Square Neurophysiology Referral Portal Queen Square Neurophysiology Referral Portal This portal provides a quick and efficient way to make referrals to the Department of Clinical Neurophysiology at the National Hospital for Neurology and Neurosurgery

More information

A PPG guide to using SystmOnline in Woodbridge Medical Practice.

A PPG guide to using SystmOnline in Woodbridge Medical Practice. A PPG guide to using SystmOnline in Woodbridge Medical Practice. Table of Contents What is SystmOnline?... 2 How to access SystmOnline... 3 Detailed Instructions and guide.... 6 Appointments... 7 Book

More information

May ORION User Access Procedures

May ORION User Access Procedures May 2018 ORION User Access Procedures Disclaimer The guidance in this document is correct as at the date of publication. The Central Bank regularly issues guidance to ensure compliance by regulated firms

More information

CERTIFICATION BODY (CB) APPROVAL REQUIREMENTS FOR THE IFFO RESPONSIBLE SUPPLY (IFFO RS) AUDITS AND CERTIFICATION

CERTIFICATION BODY (CB) APPROVAL REQUIREMENTS FOR THE IFFO RESPONSIBLE SUPPLY (IFFO RS) AUDITS AND CERTIFICATION CERTIFICATION BODY (CB) APPROVAL REQUIREMENTS FOR THE IFFO RESPONSIBLE SUPPLY (IFFO RS) AUDITS AND CERTIFICATION Introduction The IFFO RS Certification Programme is a third party, independent and accredited

More information

Information Governance Incident Reporting Policy

Information Governance Incident Reporting Policy Information Governance Incident Reporting Policy Version: 4.0 Ratified by: NHS Bury Clinical Commissioning Group Information Governance Operational Group Date ratified: 29 th November 2017 Name of originator

More information

Patient Online Pre-Admissions Portal Instructions

Patient Online Pre-Admissions Portal Instructions Patient Online Pre-Admissions Portal Instructions 18 th April 2016 Version Update date Updated by Description 1.0 18/04/16 Healthecare PMO Instruction document GOS Patient Online Pre-Admissions Portal

More information

Access to University Data Policy

Access to University Data Policy UNIVERSITY OF OKLAHOMA Health Sciences Center Information Technology Security Policy Access to University Data Policy 1. Purpose This policy defines roles and responsibilities for protecting OUHSC s non-public

More information

Pathology Bounded Code List (PBCL) Version for Primary Care Pathology Report Messages

Pathology Bounded Code List (PBCL) Version for Primary Care Pathology Report Messages Release Note Pathology Bounded Code List (PBCL) Version 1.033 for Primary Care Pathology Report Messages April 2016 Release 1 Copyright 2016, Health and Social Care Information Centre. CONTENTS 1. Introduction

More information

Scottish Care Information. SCI Gateway v10.3. Sending Referrals & Receiving Discharges User Guide

Scottish Care Information. SCI Gateway v10.3. Sending Referrals & Receiving Discharges User Guide Scottish Care Information SCI Gateway v10.3 Sending Referrals & Receiving Discharges User Guide Contents 1 Introduction... 1-1 2 Accessing SCI Gateway... 2-1 Accessing SCI Gateway Through GPASS... 2-2

More information

HSX Clinical Data Repository (CDR) Query Portal User Guide

HSX Clinical Data Repository (CDR) Query Portal User Guide This document explains how to use the HSX Query Portal in order to access the CDR. Table of Contents REQUESTING NEW USER ACCOUNTS: 3 DEACTIVATING USER ACCOUNTS: 3 MAKING CHANGES TO EXISTING USER ACCOUNTS:

More information

Promise Dreams Privacy Policy

Promise Dreams Privacy Policy Promise Dreams Privacy Policy Introduction Promise Dreams ( we ) promises to respect any personal data you share with us and keep it safe. We aim to be clear when we collect your data and not do anything

More information

Enviro Technology Services Ltd Data Protection Policy

Enviro Technology Services Ltd Data Protection Policy Enviro Technology Services Ltd Data Protection Policy 1. CONTEXT AND OVERVIEW 1.1 Key details Rev 1.0 Policy prepared by: Duncan Mounsor. Approved by board on: 23/03/2016 Policy became operational on:

More information

What is the Northern Ireland ehealth and Care strategy?

What is the Northern Ireland ehealth and Care strategy? What is the Northern Ireland ehealth and Care strategy? The regional ehealth and Care strategy provides a framework and plan for regional coordination and collaboration to further develop ehealth in Northern

More information

Image Exchange Portal

Image Exchange Portal Image Exchange Portal Approved By: Date Approved: 25 th January 2011 Trust Reference: C132/2016 Version: Supersedes: Author / Originator(s): Name of Responsible Committee/Individual: Imaging Clinical Business

More information

Professional Engineers Ontario. canada s anti-spam. Guidelines for Chapters

Professional Engineers Ontario. canada s anti-spam. Guidelines for Chapters Professional Engineers Ontario canada s anti-spam legislation (CASL) Guidelines for Chapters Published by Association of Professional Engineers of Ontario, February 2015 Contents 1. Introduction... 3 2.

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST INFORMATION SECURITY POLICY Author Head of IT Equality impact Low Original Date September 2003 Equality assessment

More information

Auckland District SUPPORT SERVICES Board Policy Health Board (Section 7) Manual ELECTRONIC MAIL

Auckland District SUPPORT SERVICES Board Policy Health Board (Section 7) Manual ELECTRONIC MAIL Auckland District SUPPORT SERVICES Board Policy Health Board (Section 7) Manual Overview Purpose Electronic mail (email) is a business communication tool within ADHB and this policy outlines use of email

More information

The General Data Protection Regulation

The General Data Protection Regulation PRIVACY NOTICE INFORMATION FOR (a) APPLICANTS TO AND USERS OF CHS COMMUNITY SUPPORT SERVICES; (b) OTHER STAKEHOLDERS CHS is committed to protecting your personal data. This privacy notice sets out how

More information

STCP Amendment Proposal Form

STCP Amendment Proposal Form STCP Amendment Proposal Form PA036 1. Title of Amendment Proposal STCP 09-2 Incorporation material currently within SPT SCS and making standard for both TOs. 2. Description of the Proposed Amendment (mandatory

More information

NHS e-referral Service Transition Planning WebEx May 2015

NHS e-referral Service Transition Planning WebEx May 2015 NHS e-referral Service Transition Planning WebEx May 2015 Issued 19.05.15 V3.0 Purpose of this webinar and key messages To reassure users that they do not need to worry about the change to NHS e-referral

More information

If you have established that it is not possible to refer directly from your clinical system it is still possible to refer through ers but this

If you have established that it is not possible to refer directly from your clinical system it is still possible to refer through ers but this How to make a referral directly on ers when cannot do it through Emis Web eg for temporary residents OR if you do not have the NHS Number OR patient not fully registered If a patient is not fully registered

More information

Frequently Asked Questions. My life. My healthcare. MyChart.

Frequently Asked Questions. My life. My healthcare. MyChart. Frequently Asked Questions My life. My healthcare. MyChart. My life. My healthcare. MyChart. What is MyChart? MyChart offers patients personalized and secure online access to portions of their medical

More information

Electronic Communications with Citizens Guidance (Updated 5 January 2015)

Electronic Communications with Citizens Guidance (Updated 5 January 2015) Electronic Communications with Citizens Guidance (Updated 5 January 2015) Overview - Email Activities Outside Of The Scope Of The Policy And This Guidance Requests To Use Email/SMS Outside The Scope Of

More information

UKIP needs to gather and use certain information about individuals.

UKIP needs to gather and use certain information about individuals. UKIP Data Protection Policy Context and overview Key details Policy Update Prepared by: D. Dennemarck / S. Turner Update approved by Management on: November 6, 2015 Policy update became operational on:

More information

1.7 The Policy sets out the manner by which the University will respond to Subject Access Requests.

1.7 The Policy sets out the manner by which the University will respond to Subject Access Requests. 1 Introduction 1.1 Article 15 of the General Data Protection Regulations (GDPR) provides individuals (Data Subjects) with the right to access personal information so that they are fully informed of the

More information

Virginia Commonwealth University School of Medicine Information Security Standard

Virginia Commonwealth University School of Medicine Information Security Standard Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Personnel Security Standard This standard is applicable to all VCU School of Medicine personnel. Approval

More information

Please let us know if you have any questions regarding this Policy either by to or by telephone

Please let us know if you have any questions regarding this Policy either by  to or by telephone Our Privacy Policy At Torbay Fishing we are committed to protecting and preserving the privacy of our customers when visiting us, visiting our website or communicating (electronically or verbally) with

More information

Beam Technologies Inc. Privacy Policy

Beam Technologies Inc. Privacy Policy Beam Technologies Inc. Privacy Policy Introduction Beam Technologies Inc., Beam Dental Insurance Services LLC, Beam Insurance Administrators LLC, Beam Perks LLC, and Beam Insurance Services LLC, (collectively,

More information

ACT Test Accessibility and Accommodations System (TAA) User Guide

ACT Test Accessibility and Accommodations System (TAA) User Guide ACT Test Accessibility and Accommodations System (TAA) User Guide www.act.org ACT Test Accessibility and Accommodations System (TAA) User Guide Table of Contents Overview... 2 Introduction to the Test

More information

Bring Your Own Device (BYOD) Policy

Bring Your Own Device (BYOD) Policy SH IG 58 Information Security Suite of Policies Bring Your Own Device (BYOD) Policy Version 1 Summary: Keywords (minimum of 5): (To assist policy search engine) Target Audience: Next Review Date: This

More information

EDGE: Getting Started

EDGE: Getting Started EDGE: Getting Started Dear User please note that these notes are intended to get you started on EDGE. There are more comprehensive notes available on the EDGE website (via the general documents tab on

More information

Information Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC

Information Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC Information Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/protect/ndcbf_

More information

Regulation P & GLBA Training

Regulation P & GLBA Training Regulation P & GLBA Training Overview Regulation P governs the treatment of nonpublic personal information about consumers by the financial institution. (Gramm-Leach-Bliley Act of 1999) The GLBA is composed

More information

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR) BCD Travel s Response to the EU General Data Protection Regulation (GDPR) November 2017 Page 1 Response to the EU GDPR Copyright 2017 by BCD Travel N.V. All rights reserved. November 2017 Copyright 2017

More information