• No results found

Data Protection Policy

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Data Protection Policy"

Copied!
12
0
0

Loading.... (view fulltext now)

Download now ( 12 Page )

Full text

(1)
(2)

Document Number: POL_1006 Issue Date: June 2014 Version Number: 2.0

Status: Approved Next Review Date: May 2017 Page 2 of 12

Data Protection Policy

Issue Date: June 2014

Document Number: POL_1006

Prepared by: Information Governance Senior Manager

Insert heading depending on line length; please delete other cover options once you have chosen one. 20pt Insert heading depending on line length; please delete other cover options once you have chosen one. 20pt Insert heading depending

on line length; please delete

other cover options once

you have chosen one. 20pt

(3)

Document Number: POL_1006 Issue Date: June 2014 Version Number: 2.0

Status: Approved Next Review Date: May 2017 Page 3 of 12

Information Reader Box

Directorate Purpose

Medical Tools

Nursing Guidance

Patients & Information Resources

Finance Consultations

Operations

Commissioning Development Policy

Transformation & Corporate Operations

Publications Gateway Reference 00149

Document Purpose Policy and High Level Procedures Document Name Data Protection Policy

Publication Date April 2013

Target Audience All NHS England staff Additional Circulation List n/a

Description Policy and high level procedures for compliance with the Data Protection Act

Cross Reference n/a

Superseded Document n/a

Action Required To Note

Timing/Deadlines n/a

Author Carol Mitchell, Information Governance Senior Manager 5e40, Quarry House

LEEDS

Tel: 01132545935

E-mail: [email protected]

(4)

Document Number: POL_1006 Issue Date: June 2014 Version Number: 2.0

Status: Approved Next Review Date: May 2017 Page 4 of 12

Document Status

This is a controlled document. Whilst this document may be printed, the electronic version posted on the intranet is the controlled copy. Any printed copies of this document are not controlled.

As a controlled document, this document should not be saved onto local or network drives but should always be accessed from the intranet.

(5)

Document Number: POL_1006 Issue Date: June 2014 Version Number: 2.0

Status: Approved Next Review Date: May 2017 Page 5 of 12

Contents

Information Reader Box ... 3

Document Status ... 4

Contents ... 5

1. Introduction... 6

2. Scope ... 7

3. Roles and Responsibilities ... 7

4. Distribution and Implementation ... 9

5. Monitoring... 9

6. Equality Impact Assessment ... 9

7. Associated Documents ... 10

Version Control Tracker ... 11

(6)

Document Number: POL_1006 Issue Date: June 2014 Version Number: 2.0

Status: Approved Next Review Date: May 2017 Page 6 of 12

1. Introduction

1.1 Background

1.1.1 NHS England needs to collect personal information about people with whom it deals in order to carry out its business and provide its services.

Such people include patients, employees (present, past and prospective), suppliers and other business contacts. The information includes name, address, email address, data of birth, private and confidential information, sensitive information. In addition, we may occasionally be required to collect and use certain types of such personal information to comply with the requirements of the law. No matter how it is collected, recorded and used (e.g. on a computer or on paper) this personal information must be dealt with properly to ensure compliance with the Data Protection Act 1998 (the Act).

1.1.2 The lawful and proper treatment of personal information by NHS England is extremely important to the success of our business and in order to maintain the confidence of our service users and employees. We ensure that the NHS England treats personal information lawfully and correctly.

1.2 Data Protection Principles

1.2.1 NHS England fully supports and complies with the eight principles of the Act which are summarised below:

1. Personal data shall be processed fairly and lawfully.

2. Personal data shall be obtained/processed for specific lawful purposes.

3. Personal data held must be adequate, relevant and not excessive.

4. Personal data must be accurate and kept up to date.

5. Personal data shall not be kept for longer than necessary.

6. Personal data shall be processed in accordance with rights of data subjects.

7. Personal data must be kept secure.

8. Personal data shall not be transferred outside the European Economic Area (EEA) unless there is adequate protection.

(7)

Document Number: POL_1006 Issue Date: June 2014 Version Number: 2.0

Status: Approved Next Review Date: May 2017 Page 7 of 12

2. Scope

2.1 Staff of the following NHS England areas are within the scope of this document:

• National Teams;

• Regional Teams;

• Area Teams;

• All Commissioning Support Units;

• NHSIQ;

• Leadership Academy;

• Sustainable Development Unit;

• Strategic Clinical Networks;

• Clinical Senates and,

• Staff working in or on behalf of NHS England (this includes contractors, temporary staff, secondees and all permanent employees).

3. Roles and Responsibilities

3.1 NHS England will:-

• ensure that there is always one person with overall

responsibility for data protection. Currently this person is the Information Governance Senior Manager, Transformation &

Corporate Operations Directorate.

• provide training for all staff members who handle personal information

• provide clear lines of report and supervision for compliance with data protection

• carry out regular checks to monitor and assess new processing of personal data and to ensure the NHS England notification to the Information Commissioner is updated to take account of any changes in processing of personal data

(8)

Document Number: POL_1006 Issue Date: June 2014 Version Number: 2.0

Status: Approved Next Review Date: May 2017 Page 8 of 12

• develop and maintain DPA procedures to include: roles and responsibilities, notification, subject access, training and compliance testing

3.2 Employee Responsibilities

3.2.1 All employees will, through appropriate training and responsible management:

• Observe all forms of guidance, codes of practice and procedures about the collection and use of personal information.

• Understand fully the purposes for which the NHS England uses personal information.

• Collect and process appropriate information, and only in accordance with the purposes for which it is to be used by the NHS England to meet its service needs or legal requirements.

• Ensure the information is correctly input into the NHS England systems.

• Ensure the information is destroyed (in accordance with the provisions of the Act) when it is no longer required.

• On receipt of a request from an individual for information held about them by or on behalf of immediately notify their line manager.

• Not send any personal information outside of the United Kingdom without the authority of the Caldicott Guardian.

• Understand that breaches of this Policy may result in disciplinary action, including dismissal.

(9)

Document Number: POL_1006 Issue Date: June 2014 Version Number: 2.0

Status: Approved Next Review Date: May 2017 Page 9 of 12

4. Distribution and Implementation

4.1 Distribution Plan

4.1.1 This document will be made available to all Staff via the NHS England internet site.

4.1.2 A global notice will be sent to all Staff notifying them of the release of this document.

4.1.3 A link to this document will be provided from the Policy Directorate intranet site.

4.2 Training Plan

4.2.1 A training needs analysis will be undertaken with Staff affected by this document.

4.2.2 Based on the findings of that analysis appropriate training will be provided to Staff as necessary.

4.2.3 Guidance will be provided on the Transformation & Corporate Operations Directorate intranet site.

5. Monitoring

5.1 Compliance with the policies and procedures laid down in this document will be monitored via the Information Governance team, together with independent reviews by both Internal and External Audit.

5.2 The Information Governance Senior Manager is responsible for the monitoring, revision and updating of this document on a 3 yearly basis or sooner if the need arises.

6. Equality Impact Assessment

6.1 This document forms part of NHS England’s commitment to create a positive culture of respect for all staff and service users. The intention is to identify, remove or minimise discriminatory practice in relation to the protected characteristics (race, disability, gender, sexual orientation, age, religious or other belief, marriage and civil partnership, gender

reassignment and pregnancy and maternity), as well as to promote

positive practice and value the diversity of all individuals and communities.

(10)

Document Number: POL_1006 Issue Date: June 2014 Version Number: 2.0

Status: Approved Next Review Date: May 2017 Page 10 of 12

6.2 As part of its development this document and its impact on equality has been analysed and no detriment identified.

7. Associated Documents

7.1 The following documents will provide additional information:

REF NO

DOC REFERENCE NUMBER

TITLE VERSION

Freedom of Information Policy 1.0

Information Governance Policy 2.0

Confidentiality Policy 2.0

Document and Records Management Policy

3.0

Information Security Policy 2.0

Information Sharing Policy 1.0

(11)

Document Number: POL_1006 Issue Date: June 2014 Version Number: 2.0

Status: Approved Next Review Date: May 2017 Page 11 of 12

Version Control Tracker

Version

Number Date Author Title Status Comment/Reason for Issue/Approving Body

1.0 April 2013

Information Governance Senior Manager

Approved New policy

2.0 June 2014

Information Governance Senior Manager

Updated to reflect change of Policy directorate to Transformation &

Corporate Operations directorate

(12)

Document Number: POL_1006 Issue Date: June 2014 Version Number: 2.0

Status: Approved Next Review Date: May 2017 Page 12 of 12

NHS England 2014 First published April 2013

References

Download now ( PDF - 12 Page - 160.52 KB )

Related documents

IT and Mobile Devices Security Policy

Policy Name: IT and Mobil e Devices Security Policy Policy No: P04002 Approved Date: May 2014 Review Date: May 2016 Approved by: Senior Management Team EqIA Completed:

National Recognition RPL Application Form

Document: NovaCore CMS\SNR\FormNational Recognition-RPL Application Form Approved By: RTOADM Next Review Date: 02-04-2016.. Version: 1.0 Approved Date: 02-04-2015 Page 1

Document Group: Version Number: Issue Date: 06/28/19 Supercedes Date: 05/03/19

Select and use gloves and/or protective clothing approved to relevant local standards to prevent skin contact based on the results of an exposure assessment. Selection should be

Document Group: Version Number: 4.03 Issue Date: 07/20/20 Supercedes Date: 12/12/17

Select and use gloves and/or protective clothing approved to relevant local standards to prevent skin contact based on the results of an exposure assessment.. Selection should be

Document Group: Version Number: 2.05 Issue Date: 03/17/20 Supercedes Date: 07/26/18

NH4 Polyphosphate Inhalation respiratory irritation Some positive data exist, but the data are not sufficient for classification similar health hazards NOAEL Not

Document Group: Version Number: 4.01 Issue Date: 03/21/19 Supercedes Date: 11/12/14

Refer to other sections of this SDS for information regarding physical and health hazards, respiratory protection, ventilation, and personal protective

Policy Information Management

Document Title: Policy Information Management Issue Date: October 2013.. Document Status: Approved IGC 23 Oct 2013 Review Date:

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

a) Use of MCG Health e-mail services is primarily for business use. Personal use is allowed only as set forth in the General Usage section of this policy. b) E-mail services