Information Governance Toolkit
Version 14.1 (2017-2018) assessment 
Version 14.1 -2017-2018-assessment.docx Version 14.1 -2017-2018-assessment.docx
Size : 360.125 Kb
Type : docx
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ig-user-handbook-important.pdf ig-user-handbook-important.pdf
Size : 784.147 Kb
Type : pdf
Staff_Reference_IG & Security Guide_V4_NWS.docx Staff_Reference_IG & Security Guide_V4_NWS.docx
Size : 2220.645 Kb
Type : docx

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

114 Key Objective: Ensure that staff are aware of the name of their Information Governance Lead within the practice

Purpose: To make staff aware of who has responsibilities for Information Governance, including Data Protection and Freedom of Information issues

Dr M Mohamed is the Clinical Governance lead for the practice. Dr Mohamed's responsibilities are stated in the following document:

clinical-governance-policy.doc clinical-governance-policy.doc
Size : 49 Kb
Type : doc
caldicott-protocol.doc caldicott-protocol.doc
Size : 101.5 Kb
Type : doc

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

115 Key Objective: Ensure all staff are issued with, or can view the intranet, the Information Governance Booklets, leaflet and guidance on IG

Purpose: To make staff aware of Information Governance procedures / policies and ensure they sign the declaration confirming they have read and understand these

handling information - quick overview.doc handling information - quick overview.doc
Size : 1231.5 Kb
Type : doc

Information Commissioner's Office (ICO) - Online videos on Information Governance

https://www.youtube.com/user/icocomms

access-to-medical-records-policy-v2.doc access-to-medical-records-policy-v2.doc
Size : 100.5 Kb
Type : doc
access_to_medical_records_leaflet.doc access_to_medical_records_leaflet.doc
Size : 115 Kb
Type : doc

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

116 Key Objective: Ensure that all contracts - staff, contractor and third party, contain clauses that clearly identify responsibilities for confidentiality, data protection and security

Purpose: To make sure the practice contract clause explicitly and unambiguously states the obligation to keep patient information confidential, otherwise the practice may have little or no defence in the event of an accidental or intentional breach by a member of staff or contractor

SHC contract of employment Sept 15.doc SHC contract of employment Sept 15.doc
Size : 49.5 Kb
Type : doc
SHC Staff Handbook - oct 2015.doc SHC Staff Handbook - oct 2015.doc
Size : 196 Kb
Type : doc

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

117 Key Objective: Carry out a training needs analysis for new and existing staff. Provide up to date information to staff regarding the practice's web site and in particular, updates to the Information Governance Information

Purpose: To ensure all staff are aware of training opportunities e.g. the IG e-learning tool, and undertake to complete the training. To ensure the PM remains aware of latest updates, policy and guidance on IG matters and is familiar with the materials and resources avaialble on the NHS CFH web pages

staff-training-needs-example.xlsx staff-training-needs-example.xlsx
Size : 294.303 Kb
Type : xlsx

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

118 Key Objective: Has the practice implemented its IG information security management arrangements to ensure the NHS CFH Statement of Compliance (SoC) is satisfied?

Purpose: If the practice has access to the NHS CFH infrastructure, i.e. Choose & Book, it must attain a level 2 in requirements 114, 116, 117, 119, 317, 212, 211 & 320. If not, the practice is exempt from completing this requirement. Practices need to check if they have completed a SoC for the practice

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

119 Key Objective: The practice must ensure that staff and all those working for or on behalf of the practice, comply with the terms and conditions set out in the RA01 form

Purpose: To establish baseline of good practice and monitoring to ensure staff comply with the conditions set out out in the RA01 form

security-policy.doc security-policy.doc
Size : 70.5 Kb
Type : doc
RA01-form-and-terms-and-conditions.pdf RA01-form-and-terms-and-conditions.pdf
Size : 545.503 Kb
Type : pdf

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

211 Key Objective: To ensure that all correspondence, faxes, email, telephone messages, transfer of patient records and other communications are conducted in a secure and confidential manner

Purpose: To ensure staff are aware of the formal documented procedures and that they comply with them. The practice should also monitor compliance by undertaking spot checks

handling information - quick overview.doc handling information - quick overview.doc
Size : 1231.5 Kb
Type : doc
cybersecurityguide-for-NHSmail.pdf cybersecurityguide-for-NHSmail.pdf
Size : 53.168 Kb
Type : pdf

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

212 Key Objective: Staff need to be aware that patients should be asked before their personal information is used in ways that does not directly contribute to, or support the delivery of their care and that a patient's decision to restrict disclosure is appropriately respected

Purpose: The practice should have guidelines on seeking consent to use patient personal information for purposes other than direct care and on respected patient choice / decisions within its confidentiality code of practice. Relevant staff must be effectively informed of their responsibilities and how to meet them

Confidentiality_-_NHS_Code_of_Practice.pdf Confidentiality_-_NHS_Code_of_Practice.pdf
Size : 219.299 Kb
Type : pdf

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

213 Key Objective: Ensure that the practice has publicly available and easy to understand, patient information leaflets on how their information is used, who may have access to it and their own rights to see and obtain copies of their records

Purpose: Patients should be aware of and have access to comprehensive information regarding how their information is used and their rights to obtain copies of their records. Staff need to know how to deal with a request from a patient requiring copies of their notes

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

316 Key Objective: Ensure that the practice has an information asset register, encompassing information, software, hardware and services

Purpose: To record all assets to the practice and have comprehensive and up-to-date list

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

317 Key Objective: Ensure that the practice prevents unauthorised access to the premises, equipment, records and other assets

Purpose: A risk assessment should be undertaken to identify any risk areas ans an action plan created to address any issues. Staff should be encouraged to feedback to the responsible person, any potential risks they identify in the course of their duties

security-within-GP-premises.docx security-within-GP-premises.docx
Size : 26.346 Kb
Type : docx

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

318 Key Objective: To control, monitor and audit the use of mobile computing systems to ensure their correct operation and to prevent unauthorised access

Purpose: To make staff aware of procedures / guidance when using mobile computing systems

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

319 Key Objective: Ensure that the practice has documented plans and procedure to support business continuity in the event of power failures, system failures, natural disasters and other disruptions

Purpose: All staff need to be made aware of their role and who to contact in the event of power , system or other failures affecting the practice

disaster-handling & recovery.doc disaster-handling & recovery.doc
Size : 89 Kb
Type : doc

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

320 Key Objective: The practice should have documented incident managing and reporting procedure

Purpose: Incident management and reporting procedures should be communicated to all staff so that they are aware of what action to take in the event of an incident

accident_reporting_protocol.doc accident_reporting_protocol.doc
Size : 32 Kb
Type : doc

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------