2015/16 annual report of the information governance ...€¦ · director of outcomes and...
TRANSCRIPT
1
2015/16 Annual Report of the Information Governance,
Management & Technology Committee
Contents 1. Introduction .................................................................................................................. 2
2. Meetings and Membership .......................................................................................... 2
3. Committee reporting framework ................................................................................. 4
4. Work Programme 2015/16 ........................................................................................... 7
5. Work Programme 2016/17 ......................................................................................... 19
Appendix 1 – IGMT Committee attendance breakdown ................................................. 20
Appendix 2 – Policy Matrix ............................................................................................... 22
Appendix 3 – IG Risk Register at March 2016 ................................................................. 24
2
1. Introduction
The Information Governance, Management and Technology (IGMT) Committee is
established on behalf of NHS Rushcliffe (RCCG), NHS Nottingham North and East
(NNE), NHS Nottingham West (NW), NHS Mansfield and Ashfield (M&A) and NHS
Newark and Sherwood (N&S) CCGs in accordance with the joint arrangements
detailed in their respective Constitutions and referred to in this document as ‘the
CCGs’.
The purpose of the Committee is to support and drive the broader information
governance (IG) and information management & technology (IM&T) agendas,
including:
Ensuring risks relating to information governance and health informatics are
identified and managed
Leading the development of community-wide IG and IM&T strategies
Developing IM&T to improve communication between services for the benefit of
patients
This annual report will provide an overview of the achievements the IGMT
Committee has led throughout 2015/16 and its objectives for 2016/17.
2. Meetings and Membership
The membership of the Committee reflects the CCGs’ acknowledgement of the
importance of IG and IM&T, the emphasis it places on its contribution to the
commissioning process and the successful implementation of projects of work.
Each CCG is represented on the Committee by their respective leads for IGM&T.
The membership of the IGMT Committee is as follows:
Director of Outcomes and Information (Chair and Representative for South
CCGs)
Each CCG’s SIRO,
3
Each CCG’s Caldicott Guardian,
Information Governance Lead at the Greater East Midlands Commissioning
Support Service
Information Governance Lead at NHS Nottingham City CCG
Director of Health Informatics, NHIS
Head of Transformation, NHIS
GP representative
Governing Body Lay Member.
Members’ qualification, disqualification, appointment, tenure on the Information
Governance, Management and Technology Committee and eligibility for
reappointment are as per Governing Body members is detailed in Section 2 of
Appendix C of each CCG’s constitution. The IGMT Committee has a register of all
its’ members’ interests and declarations of interest is a standing item on all agendas
at the beginning of all meetings to ensure that all interests of members are captured
and handled appropriately.
Others are invited to attend meetings as appropriate and to facilitate cross
community discussion, Nottingham City CCG have been represented in attendance
only to allow consistency across all CCGs in Nottinghamshire.
The IGMT Committee has met on a bi-monthly basis throughout 2015/16. Members
are expected to attend at least 75% of meetings and are responsible for identifying
appropriate deputies to represent their position if unable to attend. Attendance for
the year has been 77.78%. A breakdown of attendance by member is included in
Appendix 1. To be deemed quorate, the meeting must include the Chair or Deputy
Chair, a representative for each CCG and at least one SIRO and one Caldicott
Guardian from across the CCGs. The Committee was quorate for five of the six
meetings held in 2015/16. The September 2015 meeting was not quorate as there
was no Caldicott Guardian present, for this meeting all items for approval were
agreed on the condition that Caldicott Guardian approval was given virtually
following the meeting.
4
Minutes are taken at all meetings by NHS Rushcliffe CCG and circulated unratified,
to members of the Committee for approval at the following meeting. A highlight
report is also produced following each meeting for CCG Governing Bodies. Patients
are represented by a governing body lay member.
3. Committee reporting framework
The IGMT Committee receives updates from several IG and IM&T working groups.
See below reporting framework and purpose of groups:
5
East Midlands Strategic Information Governance Network (EMSIGN)
The EMSIGN provides a forum for Information Governance professionals working in
Health and Social Care across the East Midlands to share knowledge and expertise
relating to the area of Information Governance. The network acts as a conduit for
communication, consultation and dissemination of relevant Information Governance
topics. The group members, where appropriate, comment on national policy and
developments and this is fed up to national Information Governance forums
predominately within NHS England or the Health and Social Care Information
Centre.
The group also provides a support function to all the members to ensure the
development of consistent practices across the East Midlands region; this is
pertinent to ensure effective information sharing across partner agencies.
Records and Information Group
The purpose of the Record and Information Group is to support Health and Social
Care organisations across Nottinghamshire ensure that best practice is applied in
the sharing and management of Information. The group develop robust Information
Governance guidance and recommend these to the member organisations across
the Nottinghamshire Health and Social Care Community for inclusion within
organisational policy. The group develop advice, standards, principles and
documentation to support the adoption of best practice, communicating these to
support staff who provide care
Information Governance (IG) Leads Working Group
The purpose of the IG Leads Working Group is to support the Nottinghamshire
Clinical Commissioning Groups to ensure that best practice is applied in the sharing
and management of information and as a forum to discuss and resolve common
issues or queries in relation to the Information Governance agenda and IG Toolkit
standards.
Data Management Group
The Nottinghamshire Data Management Group (DMG) act as the body agreeing the
tactical and strategic priorities of the Nottinghamshire Data Management Team
6
(DMT). The DMG agree a set of common priorities which allow the DMT to deliver
the rapid and dynamic implementation of solutions including:
Setting the overall data management strategy for Nottinghamshire CCGs;
Agreeing the prioritisation of IGM&T product developments in relation to Business
Intelligence and Data Warehousing environments;
Supporting the implementation of products in individual CCGs;
Ensuring risks relating to information governance and health informatics are
identified and managed;
Supporting the CCGs in defining product specifications which meet the agreed
functionality.
In doing so it ensures the DMT:
Support clinical commissioning innovation;
Provide rapid and responsive developments;
Operate within a sound governance environment which adheres to CCGs’
policies; and
Work to robust management processes which are documented.
The DMG focuses its business on strategic-level discussions and rely on the more
frequent discussions between SIROs to agree arrangements for more operational
changes and issues of a more urgent nature.
Nottinghamshire IM&T SRO Programme Board
The Connected Nottinghamshire IM&T SRO Programme Board is responsible for the
creation of the Digital Roadmap, setting the overall ambition and strategic direction
for IM&T in the City and County of Nottinghamshire. It aligns the programme with
key business and transformation agendas and monitors, reviews and reports overall
progress. Specifically the Board ensures alignment with the Sustainable
Transformation Plan for the Nottinghamshire Digital Footprint.
The Board translates the strategy into tangible projects, ensuring they are delivered
and their benefits realised across the clinical, care and managerial environment
across the health and social care community.
7
It also ensures IGM&T contributes towards the overall strategic direction of individual
organisations and realises financial benefits relating to both the improved quality and
productivity of clinical and care services and cost effectiveness of IM&T service
providers.
4. Work Programme 2015/16
Key areas of work for the IGMT Committee in 2015/16 have included:
Continuing progression of the implementation of the necessary changes to
ensure compliance with changes in statutory legislation.
Further progression of the use of Data Services for Commissioners will move the
CCGs to align with organisations supplying data services under the Lead
Provider Framework.
The publication of a Data Management Strategy in order to provide assurance to
CCGs that sensitive and confidential data is being processed in accordance with
the requirements for encryption and pseudonymisation.
Reviewing Cyber Security to ensure CCGs and GP Practices are well placed to
mitigate any risk associated with malicious attempts to breach security
arrangements.
Monitoring the CCGs’ progress of completion of the Information Governance
Toolkit.
Maintaining an information governance risk register for the CCGs.
Receiving quarterly data quality reports on SUS data submitted by trusts relating
to their patients.
Following the progress of all local IT projects and agreeing a range of policies
and procedures.
Agreed relevant information governance, information management and
information technology policies with amendments as necessary reflecting
changes in legislation or local ambition.
Maintaining the contract management arrangements with Nottinghamshire Health
Informatics Service (NHIS) in order to demonstrate improvements to the delivery
of services to the agreed standards.
8
The IGMT Committee approved the following documents in 2015/16:
Bring Your Own Device Policy
Data Quality Policy
Data Warehouse Access Authorisation form and process
IGMT Strategy
Information Governance Leads Meeting Terms of Reference
Information Governance Management Framework
Information Governance, Management and Technology Committee Terms of
Reference
Information Risk Policy
Network Security Policy
Privacy Impact Assessment Guidance and Template
Smart Card Policy
Information Governance
Each CCG has an Information Governance lead that works closely with their CCG’s
Caldicott Guardian and Senior Information Risk Owner (SIRO) to fulfil the
organisations’ information governance requirements.
The CCGs also commissioned Information Governance support to provide expert
support, advice and guidance to the strategic and technical information governance
arrangements. NHS Newark and Sherwood CCG and NHS Mansfield and Ashfield
CCG commissioned the support from Greater East Midlands Commissioning Support
Unit (GEMCSU) and NHS Rushcliffe CCG, NHS Nottingham West CCG and NHS
Nottingham North and East CCG commissioned the support from NHS Nottingham
City CCG.
The table below identifies the information governance objectives for the CCGs as
identified in the IGMT Committee’s terms of reference and the Committee’s progress
and outcomes towards achieving the objectives.
Table 1 – Information Governance Objectives and Outcomes
9
Objective
Outcome
1) Ensure that an appropriate comprehensive information
governance framework and systems are in place
throughout the constituent organisations in line with
national standards.
The IGMT Committee approved the CCGs’ Information
Governance Management Framework in September 2015. The
Framework set out the accountability arrangements, method of
dissemination of policies and revised terms of reference of the
IGMT Committee.
2) Receive regular action plans with regard to the
organisations’ progress on the annual Information
Governance Toolkit submission.
The IG Working group reported to the IGMT Committee
regularly on progress made towards the annual Information
Governance Toolkit Submission throughout the year.
3) Ensure that information is effectively managed, and that
appropriate policies, procedures and management
accountability are provided in relation to confidentiality,
security and records management.
The IGMT Committee agreed all information governance
policies requiring review in 2015/16. Appendix 2 lists all the IG
and IM&T policies and their status.
4) Ensure that information risks are identified, assessed and
managed in line with the Information Governance
Assurance Framework and recommend actions to the
Senior Information Risk Owner (SIRO) to ensure risks are
mitigated.
The Information Governance Risk Register was a standing
item for the IGMT Committee and so all risks were reviewed,
updated and new risks identified at every meeting throughout
2015/16. The latest risk register presented at the March 2016
IGMT Committee meeting is in Appendix 3.
10
5) Ensure that information risks for commissioned services,
including GP practices are identified and managed in line
with National Serious Incident Framework, NHS England,
March 2015. This will include incidents that result in a
serious breach in confidentiality or data loss.
The IGMT Committee prepared to decommission GP System
of Choice (GPSOC) systems for redundant practices in
2015/16. Through the support of the IGMT Committee and
commissioned services from GEM CSU and Nottingham City
CCG, CCGs have supported GP practices in the identification,
management and reporting of information governance
incidents.
6) Assure the CCGs’ Governing Bodies that all person
identifiable information is processed in accordance with the
Data Protection Act and that all staff are aware and comply
with the NHS Code of Confidentiality and other professional
codes of conduct.
The IG leads working group assured the IGMT committee that
all data flows of person identifiable information is processed
appropriately through the mapping exercises completed as part
of the IG toolkit. The IGMT Committee were also assured via
the IG leads working group that all staff were fully trained.
7) Ensure that new or proposed changes to organisational
processes or information assets are identified and risk
assessed, considering any impact on information quality
and identifying any new security measures that may be
required.
Privacy Impact Assessments were a standing agenda item for
the IGMT Committee meetings and the Committee received
updates of completed and ongoing assessments. The IG
working group also assured the Committee that an information
asset register was completed annually and risk assessed as
part of the IG toolkit work programme.
8) Provide oversight and monitoring of provider IG Toolkit
compliance on behalf of the CCGs, advising the relevant
Quality Scrutiny Panels regarding any areas of concern.
Provider IG Toolkit compliance is monitored through the
reporting of incidents and quality monitoring of contract
performance.
11
9) Ensure that all locally-developed clinical information
systems are accredited and signed off by the IM&T Clinical
Safety Officer as laid out by statute and the relevant Data
Set Change Notices.
The IGMT Committee prepared to decommission GP System
of Choice (GPSOC) systems for redundant practices in
2015/16.
10) Receive regular compliance reports on the processing of
Freedom of Information requests; determining exemptions
as appropriate.
The IGMT Committee received quarterly reports on compliance
of processing Freedom of Information requests. Compliance
with responding to Freedom of Information requests within
required timeframes for 2015/16 was 95%.
11) Develop an information governance training programme
and monitor the progress of the staff training and
awareness in line with the National Department of Health
requirements.
The IG Leads working group monitored progress against the
IG work plan which included all CCG staff completing annual
information governance training. The IG working group
reported to each IGMT meeting.
12) Support the Caldicott function, working with the Caldicott
Guardian to ensure work related to confidentiality and data
protection is appropriately carried out and any risks
reported appropriately.
The Caldicott Guardians were members of the IGMT and
support was provided to key roles through the Committee and
attendance at the meetings.
13) Work with independent contractors and commissioned
services to ensure their compliance with the Information
Governance Toolkit.
NHS England is responsible for ensuring that GP practices
have completed their IG toolkits, however, the CCGs
commissioned IG support for practices through the contract
with GEM CSU and Nottingham City CCG.
12
Information Management and Technology
The Director of Outcomes and Information is the CCGs’ Lead for Information Management and Technology and manages the
contract with NHIS to provide IM&T systems and support.
Table 2 – Information Management and Technology Objectives and Outcomes
Objective
Outcome
1) Promote new technologies across the CCGs to ensure
quality of patient services.
The IGMT Committee identified new technologies and
highlights as appropriate to the Governing Bodies through the
Highlight Report. The IT Refresh Programmes for GP Practices
and CCGs implemented the necessary upgrades for hardware,
operating system and software applications to ensure
compliance with minimum standards.
2) Develop the CCG’s IM&T Strategy ensuring it is congruent
with both national and local strategy, and complements the
business plans of individual Clinical Commissioning
Groups; providing Governing Body assurance on the plan.
The IGMT Committee approved the IGMT Strategy in January
2016. The strategy describes how Information and Technology
will support NHS Nottinghamshire Clinical Commissioning
Group’s future vision for a digitally mature health care profile
over the next five years.
13
3) Ensure that the individual CCGs’ components of the
programme are delivered in accordance with the timescales
and milestones laid out in a project plan.
The IGMT Committee received a project update report from
NHIS detailing progress with all IM&T Projects at every
meeting. The report provides an overview of achievement for
each project and a breakdown by practice of progress. The
IGMT Committee also received overviews of several projects
as presentations at the start each meeting throughout 2015/16.
4) Act as the Project Assurance mechanism for any significant
IM&T investment within the CCGs ensuring that the
appropriate rigour has been applied to the case for change,
specification, procurement, implementation and
mobilisation of such investment plans.
The IGMT Committee received a project update report from
NHIS detailing progress with all IM&T Projects at every
meeting. The report provides an overview of achievement for
each project and a breakdown by practice of progress. The
IGMT Committee also received overviews of several projects
as presentations at the start each meeting throughout 2015/16.
5) Ensure that the CCGs have mechanisms and plans in place
to raise the basic competencies and skills of the
commissioning organisation in order to base decisions on
knowledge and information.
The IG working group monitored progress against the IG work
plan which included all CCG staff completing relevant annual
training. The IG working group reported to each IGMT meeting.
6) Agree the relative priority of IM&T investment projects
where flexibility exists outside of any national programmes.
An extra IGMT meeting was held in December 2015 for
selected members to agree the IT project priorities for 2016/17
this was based project priority, timescales and funding
available and linked to those priorities in the CCGs’ corporate
plans.
14
7) Provide assurance to the Governing Bodies that sufficient
attention is being placed on data quality of both mandated
and local datasets generated by the CCGs and their
providers.
The IGMT Committee received quarterly data quality reports
providing assurance of the quality of local datasets. Assurance
was provided to the CCGs’ Governing Bodies via the
Committee Highlight Report.
8) Ensure the CCGs are able to maximise all clinical and non-
clinical benefits from planned and existing information
systems and IT infrastructure.
Through a number of the 2015/16 projects the realisation of
benefits from clinical systems has been achieved with no
additional software costs. For example, the creation and
implementation of a single SystmOne unit to support federated
access to patient records for clinicians working outside of their
normal practice environment.
9) Facilitate development and local implementation of health
informatics policies ensuring they are consistent with
national and local strategy.
The IGMT Committee agreed all information management
policies due for review in 2015/16. Appendix 2 lists all the IG
and IM&T policies and their status.
10) Receive reports relating to the Nottinghamshire Health
Informatics Service (NHIS), its services, the performance of
the SLA between the NHIS and CCGs and progress
against specific projects.
The IGMT Committee received performance reports from NHIS
at every meeting. The report included achievement against the
Service Level Agreement key performance indicators.
11) Monitor and review data and hardware security
arrangements.
The IGMT Committee reviewed hardware security
arrangements throughout 2015/16, this included reports
regarding GP refresh and GP server from NHIS.
15
12) Ensure appropriate business continuity arrangements are in
place relating to information technology.
The IG working group monitored progress against the IG
workplan for the IG toolkit which included business continuity
of information technology. The IG working group reported to
the each IGMT meeting.
Data Management
The Director of Outcomes and Information is the CCGs’ Lead for Data Management.
Table 3 – Data Management Objectives and Outcomes
Objective
Outcome
1) Enable data sharing across care settings for direct patient
care through GP Repository for Clinical Care (GPRCC).
Positive meetings with various stakeholders.
User Interface available and split into three views to suit needs
and appropriate access rights for different users
2) Create an electronic framework for managing and auditing
Data Processing and Data Sharing Agreements/ Contracts.
Including eSigning of basic agreement with Schedules that
can be updated electronically (e.g. for new Read Codes to
be extracted for the GP Repository for Clinical Care
An integrated tool encompassing Privacy Impact Assessments
(PIAs), Equality & Diversity Impact Assessements (EIA), and
Quality Impact Assessments (QIAs) has been developed and
is in final testing.
A generic Data Processing Contract template has been drafted
16
(GPRCC) without requiring a signature each time. and an automatic document compiler has been built and
tested. A data structure for managing electronic contracts has
been designed and is currently being built.
Content updated to reflect changes in GPRCC specification
(e.g. inclusion of patient name). Sample contracts generated
3) Ensure functions support budget monitoring and financial/
contract management. Broaden the number of contracting
processes that we report on developing interactive
interfaces and regular reports that reduce the amount of
bespoke work that analysts need to do
Initial version of analysis engine released with NUH data -
positive feedback from South County Finance team, resulting
in tweaks to UI and validation rules. Circle Treatment Centre
data added.
First cut of M3 data loaded to development cube. Reporting
schedule agreed with Finance. Business rules for more fully
automated processing being developed
Choose & Book (C&B) referrals cube and module released.
This is integrated with the Referrals log so that practices using
the referrals log can see clinical data about C&B referrals.
4) Remove the barrier of remembering usernames and
passwords that prevents more frequent access by end
users for eHealthscope. Allow CHP users (on a different
domain) to access eHealthScope.
Trial Smartcard mechanism in place
5) Enable secure access to eHealthScope across N3 sites.
Creating a safe environment in which healthcare providers
User roles and permissions on all eHealthScope servers
checked and cleansed.
17
can contribute data in the knowledge that transfer, storage
and access to the data will be secure
Reporting permissions separated from standard event
permissions to give greater ability for non-clinical staff to see
aggregate data.
6) Make it easier for practices to search for problems in
eHealthScope and create a pushed report that highlighted
areas where they may be performing well or that need
investigation.
Choose and Book data automatically integrated with practice’s
own recording of data using the referral log.
Aggregate reports made available to analysts to show use of
eHealthScope (broken down by each function in
eHealthScope) by each practice with the aim of providing help
where usage is low.
7) Create an assessment of available tools for benchmarking
against other CCGs to compare admissions, A&E, OPD
and mortality rates across UK. Compare GP performance
across UK.
Positive initial meeting with HED team, exploring opportunities
to collaborate with eHealthScope.
QoF process fully overhauled and updated in eHealthscope.
Currently, the challenges of processing the whole country
outweigh potential benefits locally, but we will review when the
eHealthscope data cubes have been developed.
8) Provide a mechanism for providers to upload data into our
data-warehouse with near provider data quality testing and
pseudonymisation at source. Improve efficiency by
reducing personnel required to manually import data.
Development of eHealthScope user interface to allow file
upload on demand by the data provider.
Contracts in place for enterprise reporting facility to extract
data from SystmOne and EMISWeb
9) Move eHealthScope onto a modern platform increasing Data refresh of all eHealthScope data to reflect merged
18
maintainability, robustness, speed, data security. practices, changes in practice contracts
QoF process overhauled and translated from Access into SQL.
2013/2014 data importated into eHealthScope.
Commenced development of an admissions cube to replace
the ‘old eHealthScope’ DSR calculation mechanism.
City and County Accounts merged into a cube and now
reported via a single, common interface.
10) Develop procedures and tests to mitigate against the
potential for errors to be introduced in other modules each
time changes are made.
Test database of each data statement as a resource for
automatic testing built
11) Increase the range of tools for clinicians to help manage
care of patients particularly where that involves data from
other providers.
Formal release of the Screening Register (with Bowel Cancer
data).
Agreement with CityCare for daily caseload data to be shared.
Agreement with NUH for weekly admissions and readmissions
data to be shared.
12) Work with County social services and then City services to
establish indicators that social services can share (patients
who are falling, are socially isolated) which predict patients
at risk of admission
Initial meeting to scope options
Agreement to standardise coding
19
5. Work Programme 2016/17
Key areas of work for the IGMT Committee in 2016/17 will include:
Continued progression of the implementation of the necessary changes to ensure
compliance with changes in statutory legislation. This will be built on the
successes seen during 2015/16 and address any new legislation or Regulations
published during 2016/17.
Continued review of Cyber Security to ensure CCGs and GP Practices are well
placed to mitigate any risk associated with malicious attempts to breach security
arrangements.
Monitoring the CCGs’ progress of completion of the Information Governance
Toolkit.
Maintaining an information governance risk register for the CCGs.
Receiving quarterly data quality reports on SUS data submitted by trusts relating
to their patients.
Following the progress of all local IT projects and agreeing a range of policies
and procedures.
Agreed relevant information governance, information management and
information technology policies with amendments as necessary reflecting
changes in legislation or local ambition.
Maintain the contract management arrangements with Nottinghamshire Health
Informatics Service (NHIS) in order to demonstrate improvements to the delivery
of services to the agreed standards.
Support application of the IGMT Strategy, including implementation of a
Community-wide Care Portal allowing access into patient records for secondary
care, community services and primary care and development of the Digital
Roadmap across Nottinghamshire.
20
Appendix 1 – IGMT Committee attendance breakdown
Name, Title, designation
Da
te
22
/05
/20
1
5
Date
24
/07
/20
1
5
Date
25
/09
/20
1
5
Date
27
/11
/20
1
5
Date
22
/01
/20
1
6
Date
18
/03
/20
1
6
To
tal/
po
ss
ible
Andy Hall, Director of Outcomes and Information and Senior
Information Risk Owner (SIRO) Rushcliffe CCG (Chair)
6/6
Alexis Farrow, Head of Information Governance, GEM Deputy 5+1D/6
Paul Gardner, Head of Information Governance, Nottingham City
CCG
6/6
Petra O’Mahony, Freedom of Information Lead, GEM
Until 31st December 2015
A A A N/A N/A 1/4
Nichola Bramhall, Caldicott Guardian South CCGs A Deputy 4+1D/6
Ei-Cheng Chui, Caldicott Guardian Newark and Sherwood CCG
(Deputy Chair)
Until 27/11/2015
A A N/A N/A 2/4
Mike O’Neil, General Practitioner Nottingham West CCG and
Senior Information Risk Owner (SIRO) Nottingham West
6/6
Hazel Buchanan, Senior Information Risk Owner (SIRO)
Nottingham North and East
Deputy 5/6
21
Elaine Moss, Caldicott Guardian Mansfield and Ashfield CCG and
Newark and Sherwood CCG
Deputy Deputy Deputy Deputy Deputy Deputy 6D/6
Sarah Bray, Senior Information Risk Owner (SIRO) for Mansfield
and Ashfield CCG and Newark and Sherwood CCG
From 8th June 2016
N/A Deputy Deputy Deputy Deputy 1+4D/5
Paul Morris, Governing Body Lay Members of Newark &
Sherwood CCG
A A 4/6
Dr Sean Ottey, General Practitioner Rushcliffe CCG A A A A A 1/6
Jaki Taylor, Head of Transformation A 5/6
Eddie Olla, Director of Health Informatics at NHIS A A 4/6
Marcus Pratt, Interim Senior Information Risk Owner (SIRO) for
Mansfield and Ashfield CCG and Newark and Sherwood CCG
Until 22/05/2015
Deputy N/A N/A N/A N/A N/A 0/1
George Ewbank, Clinical Safety Officer
Until 26th May 2015
N/A N/A N/A N/A N/A 1/1
22
Appendix 2 – Policy Matrix
Ref Name of Policy Lead Approval
Date
Approving
body
Review
Date
Previous
version
IG01 Information Security Policy Paul Gardner 28/11/2014 IGM&T 01/11/2016 15/03/2013
IG02 Information Sharing Protocol Paul Gardner 26/09/2014 IGM&T - NOTED 01/08/2016 22/11/2013
IG06 Safe Haven Procedure Paul Gardner 23/01/2015 IGM&T 23/01/2017 28/03/2014
IG07 Information Governance Policy Paul Gardner 26/09/2014 IGM&T 26/09/2016 15/03/2013
IG08 Data Quality Policy Andy Hall 24/07/2015 IGM&T 24/07/2016 15/03/2013
IG09 Information Asset Register Procedure Paul Gardner 25/07/2014 IGM&T 01/07/2016 15/03/2013
IG10 Access to patient information and use of
smartcards NHIS 27/11/2015 IGM&T 27/11/2017 15/03/2013
IG11 Confidentiality and Data Protection Policy Paul Gardner 23/01/2015 IGM&T 23/01/2017 22/11/2013
IG12 Electronic Remote Working Policy NHIS 23/01/2015 IGM&T 23/01/2017 15/03/2013
IG14 Freedom of Information and Environmental
Information Regulations Policy Paul Gardner 25/07/2014 IGM&T 01/07/2016 15/03/2013
IG18 Internet and Electronic Mail Policy Paul Gardner 28/11/2014 IGM&T 28/11/2016 15/03/2013
IG21 Records Management Policy Paul Gardner 25/07/2014 IGM&T 01/07/2016 15/03/2013
IG24 Information Lifecycle Management Policy Paul Gardner 25/07/2014 IGM&T 01/07/2016
IG27 Information Risk Policy Paul Gardner 27/11/2015 IGM&T 01/11/2016 28/11/2014
IG31 Subject Access Request Procedure Paul Gardner 23/01/2015 IGM&T 23/01/2017 28/03/2014
23
IG32 Network Security Policy NHIS 18/03/2016 IGM&T 01/09/2017 27/03/2015
IG33 Information Governance Management
Framework Paul Gardner 25/09/2015 IGM&T 25/09/2016 26/09/2014
IG40 Privacy Impact Assessment Paul Gardner 25/09/2015 IGM&T 25/09/2016 27/09/2013
IG41 Confidentiality Audit Procedure Paul Gardner 23/01/2015 IGM&T 23/01/2017 22/11/2013
24
Appendix 3 – IG Risk Register at March 2016