The Northern, Yorkshire & Humberside

NHS Directors of Informatics Forum

Information Governance Sub-Group

Yorkshire & Humber Area Strategic Information Governance Network (SIGN)

Minutes of the Meeting held on Friday 12th May 2017

Present: Sue Meakin - Rotherham, Doncaster & S/Humber (Chair)

Derek Stowe - Rotherham

Sue Drury - IGA

Andy Nutting – Leeds City Council

Iain Twedily – Calderdale & Huddersfield (THIS)

Kathryn Wise – Calderdale & Huddersfield (THIS)

Mark Culling – Embed

Caroline Squires – NHS Calderdale CCG

Caroline Britten – Leeds City Healthcare

Roy Underwood – Doncaster & Bassetlaw

Adam Moseley – The Retreat, York

Joanne Robertshaw – Rotherham, Doncaster & S/Humber (notes)

Apologies: Sue Cross – Sheffield Children’s Hospital

Rachael Smith – South West Yorkshire

Amy Cooper – Sheffield Teaching Hospital

Peter Wilson – Sheffield Teaching Hospital

Carolyn Sampson – Sheffield Children’s Hospital

Barry Jackson – Embed

Jo Higgins – Harrogate & District

Kay Hill – Harrogate & District

Caroline Million – Embed

Jeremy Daws – North Lincolnshire & Goole

Narissa Leyland – NHS England

Jenny Pope – NHS Digital

Julie Shippen – NHS Digital

ACTIONS
2. / Minutes of the last meeting held on 7th April 2017 – Paper A
CB noted her organisation was incorrect on the list of attendees. With the above amendment, the minutes were agreed as a true and accurate record.
3. / Dec 2015 [9] – Chair confirmed she had sent the group collective nomination and is now awaiting a response.
Mar 2017 [7] – chair emailed ICO regarding GDPR fees relating to SARs and is awaiting their response.
April 2017 [4] – chair emailed John Hodson and was informed that the group will receive an invitation for them to sign up to the pilot workgroups, but has not received it todate.
April 2017 [8] – group discussion took place around current situation with portal and which areas were already on board (Leeds, West Yorks, Manchester, etc) and which were in discussions (North Yorks, and the developments that are ongoing, ie fees, PIAs, legal gateways for sharing, data processing/transfer agreements, etc. Chair agreed to contact Helen Speed or John Whitaker to confirm date to attend group to discuss further. AN suggested Steve Blackburn who spoke at the recent workshop in West Yorks, may be available to attend and he was happy to contact him if necessary to arrange.
All outstanding/new actions are noted on Paper B
ROUND THE TABLE INTRODUCTIONS FOR NEW ATTENDEES
4. / Regional/national Event Updates
None.
5. / IG Education/Personal Development Updates
SD confirmed that the IGA briefing that was due to be released in May will now be released in June. SMe agreed to re-circulate her Trust’s action plan to the group as it was felt it would be helpful to other organisations. A group discussion took place around what they had put in place in readiness for the GDPR coming in to force.
GDPR – Job Description [Agenda Item 8]- Paper C The document was discussed and the general feeling from the group was that it was not feasible for a new person to fill the role, and that it would end up being added to the current role of the IG Manager (or equivalent). MC noted that from his organisation it would probably be one person covering several CCGs. One organisation was asked to put together options for the role and he worked out the “cheapest” option would be for the current/existing IG staff to be moved up a pay band, and pay for one additional admin role. It was agreed that the ICO should provide guidance on the role of the DPO. SD agreed to check with NHS England to see if there are any workgroups specifically for the DPO role and feedback to the group.
CSq asked the group if they were aware of any conversion courses in relation to changes due to GDPR. JR noted that she asked one of the prominent training companies at the recent ICO conference if they would be providing “add on” training for the GDPR rather than having to go through the whole Act again and was informed that they advised to wait until GDPR was in place before attending any training. DS said that he noticed “attended” rather than “certified” courses were running.
SMe noted that Barry Moult was the new Chair of the SIGN Chairs Group. / SMe
SD
6. / Information Governance Toolkit
RU asked the group if anyone has seen the beta version? SMe noted that John Hodson has agreed to attend the June meeting to give a demo.
7. / Confidentiality, Data Protection, Freedom of Information
Confidentiality
-  SMe was asked by RS to raise an issue on her behalf in relation to a request they received in relation to CQUIN indicators, seeking the group’s comments, as she felt the information requested was excessive. SMe noted that she discussed with her CQUIN team, who looked blank. DS said that he received but has not done anything with it yet. CB noted that cannot release without consent unless justified. SMe agreed to feedback to RS the group’s comments and also circulate the email to the group for information.
-  SMe asked the group what they do with students with smartcards in relation to accessing clinical databases, when they have not undertaken IT/IG training. A general discussion took place where the consensus was that unless appropriately training, access was denied. One group member noted that she was aware of staff providing certificates of IG Training undertaken through an agency, but was unable to confirm the content of the training to ensure it was as robust (or equivalent) to that of NHS training. CSq asked if there was a date for when the updated training package would be available, and SMe confirmed that she had already contacted John Hodson, but had not received a response todate.
FOI
-  CB noted that she circulated an FOI request relating to the STP, to the group prior to the meeting and had received several responses, but confirmed that she told her staff that if they do not have the information requested, to say that to the requestor, but redirected them to the STP. / SME
8. / GDPR
See [Agenda Item 5]
9. / Data and IT/Information Security
None
10. / AOB
-  SMe made the group aware of a request from 360 Auditors (a private auditing company who have worked with the NHS) to join the group. A group discussion took place and several questions were raised - why? What will the group get out of it? The group were concerned that their attendance may ‘stump’ the group’s conversations/attendance and that the group could be seen to be supporting the organisation. SMe agreed to contact the organisation for more information. / SMe
11. / Date and Time of Next Meeting
14th July 2017 – Lecture Room – 1-4pm

Page 4 of 4