Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Governance

Published byLily Parks Modified over 5 years ago

Similar presentations

Presentation on theme: "Information Governance"— Presentation transcript:

1 Information Governance
Practice Manager’s Meeting – Thursday 14th June 2018 Paul Cook – CCG IG Lead –

2 Key Changes since April 2018
Data Security and Protection Toolkit General Data Protection Regulation (GDPR) Data Protection Act 2018 National Data Opt-out Programme (NHS Digital) Your Data Matters (ICO)

3 Data Security and Protection Toolkit
The Data Security and Protection Toolkit replaces the previous Information Governance toolkit from April 2018. Its an online self-assessment tool that enables organisations to measure and publish their performance against the National Data Guardian's ten data security standards. All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.

4 Data Security and Protection Toolkit
The new Data Security and Protection Toolkit can be found at: If you completed version 14.1 IG Toolkit by 31st March 2018, NHS Digital have recently sent you an to register your practice for the new toolkit. Still only one submission – 31st March 2019 / Annually 31st March NHS Digital are running some webinars for GP Practices on the new toolkit – 28 June at 12.30pm, 24th July at 12.30pm, 30th August at 12.30pm For more event details, please visit

5 Data Security and Protection Toolkit
Evidence Text - GP Tool tips - GP Required to meet standard (mandatory) - GP STANDARD 1 - handling, storage and transmission of personal confidential data Name of Caldicott Guardian. A Caldicott Guardian is a senior person responsible for protecting the confidentiality of people's health and care information and making sure it is used properly. This can be the same person as other roles highlighted. Yes Who are your staff with responsibility for data protection and/or security? Record names and job titles only for staff who have a specialised role. Name of Appointed Data Protection Officer. A Data Protection Officer (DPO) is a role mandated for public bodies, for organisations carrying out regular and systematic monitoring of data subjects on a large scale, and for organisations carrying out large scale processing of special categories (e.g. health and social care) data or criminal convictions data. The DPO advises the organisation on data protection matters, monitors compliance and is a point of contact on data protection for the public and the ICO. If not relevant for your organisation mark N/A. 52 Requirements / not scored in levels - 0, 1, 2, or 3 / Evidence based CQC has now included Information Governance / Data Security Standards to their inspections

6 General Data Protection Regulation (GDPR) What are the key changes for GP Practices?
GDPR came into force on 25th May 2018 - All public authorities must appoint a Data Protection Officer (DPO) Who can be a DPO? A Practice Manager, or one of their colleagues, can be appointed as DPO in addition to their existing roles as long as they have some data protection experience and are not the final decision taker about data use in the organisation (which would be seen as a conflict of interest). The current ICO advice about an employee being a DPO is that this is acceptable; “… as long as the professional duties of the employee are compatible with the duties of the DPO and do not lead to a conflict of interests”. - Who has appointed one?

7 General Data Protection Regulation (GDPR)
The principal tasks of the DPO from the GDPR are: to provide advice to the organisation and its employees on compliance obligations to advise on when data protection impact assessments are required and to monitor their performance to monitor compliance with the GDPR and organisational policies, including staff awareness and provisions for training to co-operate with, and be the first point of contact for the Information Commissioner to be the first point of contact within the organisation(s) for all data protection matters To be available to be contacted directly by data subjects – the contact details of the data protection officer will be published in the organisation’s privacy notice to take into account information risk when performing the above.

8 General Data Protection Regulation (GDPR)
Update Privacy Notice / Fair Processing Notice Data Protection Impact Assessments (DPIA) A Data Protection Impact Assessment (DPIA) is a process to help you identify and minimise the data protection risks of a project. Has been best practice, but now a legal requirement under GDPR / Data Protection Act 2018 to carry one out when processing high risk data to individuals (Health Data). - Subject Access Requests (SAR) No charge for copies of records Make use of Patient On-line Day Compliance / not 40 days as previous

9 Data Protection Act 2018 The Data Protection Act 2018 replaces the Data Protection Act 1998 Came in to force 25th May 2018 following royal assent It’s brought the UK Data Protection laws in-line with the EU GDPR Regulation. The old 8 Data Protection Principles have been replaced with 6 new principles: processing be lawful, fair and transparent; the purposes of processing be specified, explicit and legitimate personal data be adequate, relevant and not excessive personal data be accurate and kept up to date personal data be kept for no longer than is necessary personal data be processed in a secure manner

10 National Data Opt-out Programme
Launched on 25th May 2018 Its a new service that allows people to opt out of their confidential patient information being used for research and planning. Its in line with the recommendations of the National Data Guardian in her Review of Data Security, Consent and Opt-Outs.  All health and care organisations by March 2020 are required to have applied these preferences in all research and planning situations in which confidential patient information is used.

11 National Data Opt-out Programme
The national data opt-out will replace the previous ‘type 2’ opt-out, which required NHS Digital to refrain from sharing a patient’s confidential patient information for purposes beyond their direct care. Any person with an existing type 2 opt-out will have it automatically converted to a national data opt-out from 25 May 2018 and will shortly receive a letter giving them more information and a leaflet explaining the new national data opt-out.  Patients are asked to set the preference at matters/ Does not replace the Summary Care Record / SCR Additional Information

12 Your Data Matters (ICO)
Your Data Matters is a national campaign run by the Information Commissioners Office (ICO) Launched 25th May 2018

13 CCG GP IG Support NHS England have had the responsibility for IG with GP Practices A new GP IT Operating Model to be launched NHS England have made the decision to devolve responsibility for IG support for GP Practices to CCGs.  The CCG will be recruiting a new role as GP IG Lead to support Practices with their IG queries etc. Once the detail around what is required is released by NHS England.

14 Any Questions? Paul Cook Information Governance Lead / Data Protection officer NHS Ipswich and East Suffolk CCG NHS West Suffolk CCG

Download ppt "Information Governance"

Similar presentations

Introduction to Information Governance (IG)

Introduction to Information Governance (IG)
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Implementation of Security and Confidentiality in GP Practices.

Implementation of Security and Confidentiality in GP Practices.
Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.

Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Workshop Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000 Adele Rhodes Girling.

Workshop Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000 Adele Rhodes Girling.
Information Governance A refresher for all staff who have previously gone through the full course.

Information Governance A refresher for all staff who have previously gone through the full course.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Preparing for the GDPR Helping us to help you.

Preparing for the GDPR Helping us to help you.
Data Protection Officer’s Overview of the GDPR

Data Protection Officer’s Overview of the GDPR
PowerPoint presentation

PowerPoint presentation
GDPR Module 3: Accountability and Governance

GDPR Module 3: Accountability and Governance
Deployment of a DPO Niamh Gavin AIB Data Protection Legal

Deployment of a DPO Niamh Gavin AIB Data Protection Legal
Data Protection The Current Regime

Data Protection The Current Regime
General Data Protection Regulation

General Data Protection Regulation
The National Data Guardian review & Government response

The National Data Guardian review & Government response
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.

General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
About the national data opt-out

About the national data opt-out
Museums + Heritage webinar, 30 November 2017

Museums + Heritage webinar, 30 November 2017
GDPR Overview Gydeline – October 2017

GDPR Overview Gydeline – October 2017

Similar presentations

Ads by Google