Data Protection Act 1998 Implementation Project

Data Protection Act 1998 Implementation Project

INFORMATION GOVERNANCE – IMPLEMENTATION PROJECT

Project Initiation Document

Background

Information Governance allows organisations and individuals to ensure that personal information is dealt with legally, securely, efficiently and effectively, in order to deliver the best possible care.

It provides a framework to bring together all of the requirements, standards and best practice that apply to the handling of personal information, allowing:

• Implementation of Department of Health advice and guidance

• Compliance with the law

• Year on year improvement plans

Scope

To identify the Trust’s responsibilities for Information Governance, to review the existing policies and procedures established by the Trust and to revise and consolidate these policies and procedures as appropriate to meet Information Governance requirements. Appropriate links, and decisions about lead responsibility, will need to be made with projects focusing on all aspects of Information Governance including Confidentiality, Data Protection, Freedom of Information, Records Management, Information Quality, Information Security and Information Governance Management.

Benefits

The project will ensure that the Trust complies with its legal obligations and with good practice on Information Governance issues. The risks of legal or other action against the Trust and/or adverse publicity will be minimised.

Products/Deliverables

  1. To revise the Trust policy statement on Information Governance, and to identify the individuals responsible for ensuring the Trust’s compliance. Product = policy statement; management arrangements statement
  1. To review the procedures for ensuring the right of subject access for patients and other members of the public. Product = product document
  1. To review the procedures for ensuring the right of subject access for members of the Trust’s staff. Product = procedure document
  1. To establish means to ensure that patients (and other members of the public) are adequately informed about the Trust’s uses of personal data and their rights of subject access. This to be delivered as a joint product with work to satisfy confidentiality/consent requirements. Product = publicity material
  1. To establish means to ensure that staff are adequately informed about the Trust’s uses of personal data and their rights of subject access. Product = publicity material
  1. To review all existing holdings of personal data within the Trust. Products = inventory of personal data held; DP Act notification amendment if necessary
  1. To establish procedures to identify changes and additions to holdings of personal data within the Trust. Product = procedure document
  1. To promote and maintain awareness of data protection,confidentiality and information security issues throughout the Trust. This to be delivered as a joint product with work to satisfy confidentiality and information security requirements. Products = briefing notes; training presentations
  1. To ensure that the Trust complies with information publication requirements as required by the Freedom of Information Act . Product = procedure document

Roles and Responsibilities

Project Manager:

Project Team:

The project will report to the Information Governance Steering Group

The project team will form working groups with appropriate membership to address specific products/deliverables

Resources

Support to the project will be provided by the Senior Information Officer and the support staff of the Confidentiality & Security Manager (all posts already funded)

Timescales

The project team will ensure that all policies and procedures are in place by [date]. The project team will draw up a timetable which may include earlier deadlines for certain deliverable

Risks

The Trust Board are corporately and personally liable for offences under the Data Protection Act. Non-compliance with the Act may also result in adverse publicity for the Trust.

Quality Plan

The quality assurance role will be undertaken by the Information Governance Group

Controls

The project will additionally be monitored by the IM&T Programme Board

Constraints

The project must address all of the requirements outlined in the NHSIA Information Governance toolkit, and progress must be recorded appropriately within the toolkit performance assessment facility by [date].

Interfaces

The project will take account of:

  • Policies and procedures for Information Governance in other organisations within the local health community
Top View