Consultancy

A full range of independent consultancy services are provided to health and social care sectors and the education sector.

We design specific tools to enable you to audit, performance monitor and deliver high quality services. 

contact us for more details

Information Governance Toolkit & IG Assurance  Visits

Information Governance Toolkit and GDPR  consultancy

The Information Governance Toolkit is a tool to help organisations which process NHS patient information implement good Information Governance (IG)standards.

Completion of the IG Statement of Compliance is one of the terms and conditions for access to a number of services, including the N3 network. It is also a contractual requirement for most tenders that organisations achieve level 2 compliance.  The process requires that organisations undertake an annual IG assessment using the IG Toolkit and accept the IG Assurance Statement.

The consequences of not being IG compliant for organisations dealing with personal Identifiable Data or suffering a data breach from an IT system or physical records are quite serious. In addition to the reputational damage, the Information Commissioner’s office has the statutory power to impose financial penalties.

To support organisations with this assurance process, we can provide advice and support with IG Toolkit completion to include data uploads, use and adaption of our up to date policies and procedures, confidentiality  spot checks and staff training updates on good Information Governance practices.

The areas  we have just assessed for General Practice Version 14 (2016-2017) are listed below:

Requirements List.

Description

Information Governance Management

14-114

Responsibility for Information Governance has been assigned to an appropriate member, or members, of staff

14-115

There is an information governance policy that addresses the overall requirements of information governance

14-116

All contracts (staff, contractor and third party) contain clauses that clearly identify information governance responsibilities

14-117

All staff members are provided with appropriate training on information governance requirements.

Confidentiality and Data Protection Assurance

14-211

All transfers of personal and sensitive information are conducted in a secure and confidential manner

14-212

Consent is appropriately sought before personal information is used in ways that do not directly contribute to the delivery of care services and objections to the disclosure of confidential personal information are appropriately respected

14-213

There is a publicly available and easy to understand information leaflet that informs patients/service users how their information is used, who may have access to that information, and their own rights to see and obtain copies of their records.

Information Security Assurance

14-304

Monitoring and enforcement processes are in place to ensure NHS national application Smartcard users comply with the terms and conditions of use

14-316

There is an information asset register that includes all key information, software, hardware and services

14-317

Unauthorised access to the premises, equipment, records and other assets is prevented

14-318

The use of mobile computing systems is controlled, monitored and audited to ensure their correct operation and to prevent unauthorised access

14-319

There are documented plans and procedures to support business continuity in the event of power failures, system failures, natural disasters and other disruptions

14-320

There are documented incident management and reporting procedures

Information Governance toolkit consultancy