More Information Can Be Obtained From

/ NHS information security

Introduction

This document is to summarise the different processes/agreements that may have to be put in place when conducting clinical research within the NHS.

Overview

Document/process

/

Purpose:

/

Needed for:

/

UoB process:

/

More information can be obtained from:

NHS Information Governance (IG) Toolkit / The IG toolkit is an online system which allows NHS organisations and partners to assess themselves against DoH Information Governance policies and standards. / NIHR contract / The IT Services Head of Architecture, Security & Innovation (at time of writing David Deighton) is responsible for ensuring the IG Toolkit is completed on a yearly basis. This was completed for the first time in January 2013. / David Deighton
In addition, the latest information can be found on the internet page:
NHS IT Security Undertaking / DH announced a systems level security policy no longer acceptable. All customers requesting data need to provide an information security assurance to be signed by senior information risk owner in order to provide necessary assurances on security in order for NHS information centre to provide data. In longer term IGT may be used for this also but not yet confirmed. / applications for medical research information services ( / CI to confirm understanding of/compliance with the points listed for the data controller/data custodian
College Director of Operations (for MDS at time of writing Dr. Emma Robinson) to confirm the college will ensure relevant management practices are in place to ensure operational adherence to the terms of the agreement
Director of IT Services (at time of writing Dr. Sean Duffy) to sign as being the Senior Information Risk Owner. / Sean Jennings
NHS Data Sharing Agreement / The Data Sharing Agreement should be signed by someone in the organisation who has the same responsibilities as the NHS CaldicottGuardian, the research team should read the agreement and sign the individual declarations agreeing to abide by the terms of the agreement. / Applications for medical research information services / PVC of R&KT to sign agreement as Caldicott Guardian.
Director of IT Services (at time of writing Dr. Sean Duffy) to sign as being the Senior Information Risk Owner. / Clark Crawford
Sean Jennings
Carolyn Pike
Erica Conway
NIGB Form / The NIGB form requires a declaration signing by the Information Guardian. / Submission to NIGB / Head of School to sign as Information Guardian. / Clark Crawford
Sean Jennings

References

NHS Information Governance Toolkit:

Caldicott Guardian Roles:





Information Guardian Role:

NHS information security summary v 1.0 / Page 1 of 2