Consultancy
A full range of independent consultancy services are provided to health and social care sectors and the education sector.
We design specific tools to enable you to audit, performance monitor and deliver high quality services.
contact us for more details
Information Governance Toolkit & IG Assurance Visits
Information Governance Toolkit and GDPR consultancy
The Information Governance Toolkit is a tool to help organisations which process NHS patient information implement good Information Governance (IG)standards.
Completion of the IG Statement of Compliance is one of the terms and conditions for access to a number of services, including the N3 network. It is also a contractual requirement for most tenders that organisations achieve level 2 compliance. The process requires that organisations undertake an annual IG assessment using the IG Toolkit and accept the IG Assurance Statement.
The consequences of not being IG compliant for organisations dealing with personal Identifiable Data or suffering a data breach from an IT system or physical records are quite serious. In addition to the reputational damage, the Information Commissioner’s office has the statutory power to impose financial penalties.
To support organisations with this assurance process, we can provide advice and support with IG Toolkit completion to include data uploads, use and adaption of our up to date policies and procedures, confidentiality spot checks and staff training updates on good Information Governance practices.
The areas we have just assessed for General Practice Version 14 (2016-2017) are listed below:
Requirements List.
Description
Information Governance Management
14-114
Responsibility for Information Governance has been assigned to an appropriate member, or members, of staff
14-115
There is an information governance policy that addresses the overall requirements of information governance
14-116
All contracts (staff, contractor and third party) contain clauses that clearly identify information governance responsibilities
14-117
All staff members are provided with appropriate training on information governance requirements.
Confidentiality and Data Protection Assurance
14-211
All transfers of personal and sensitive information are conducted in a secure and confidential manner
14-212
Consent is appropriately sought before personal information is used in ways that do not directly contribute to the delivery of care services and objections to the disclosure of confidential personal information are appropriately respected
14-213
There is a publicly available and easy to understand information leaflet that informs patients/service users how their information is used, who may have access to that information, and their own rights to see and obtain copies of their records.
Information Security Assurance
14-304
Monitoring and enforcement processes are in place to ensure NHS national application Smartcard users comply with the terms and conditions of use
14-316
There is an information asset register that includes all key information, software, hardware and services
14-317
Unauthorised access to the premises, equipment, records and other assets is prevented
14-318
The use of mobile computing systems is controlled, monitored and audited to ensure their correct operation and to prevent unauthorised access
14-319
There are documented plans and procedures to support business continuity in the event of power failures, system failures, natural disasters and other disruptions
14-320
There are documented incident management and reporting procedures
Information Governance toolkit consultancy