| Req No |
Description
|
Action
|
|
Information Governance Management
|
| 14.1-114 |
Responsibility for Information Governance has been assigned to an appropriate member, or members, of staff
|
|
| 14.1-115 |
There is an information governance policy that addresses the overall requirements of information governance
|
|
| 14.1-116 |
All contracts (staff, contractor and third party) contain clauses that clearly identify information governance responsibilities
|
|
| 14.1-117 |
All staff members are provided with appropriate training on information governance requirements
|
|
|
Confidentiality and Data Protection Assurance
|
| 14.1-202 |
Confidential personal information is only shared and used in a lawful manner and objections to the disclosure or use of this information are appropriately respected
|
|
| 14.1-209 |
All person identifiable data processed outside of the UK complies with the Data Protection Act 1998 and Department of Health guidelines
|
|
| 14.1-213 |
There is a publicly available and easy to understand information leaflet that informs patients/service users how their information is used, who may have access to that information, and their own rights to see and obtain copies of their records
|
|
| 14.1-214 |
There is a confidentiality code of conduct that provides staff with clear guidance on the disclosure of personal information
|
|
| 14.1-215 |
All new processes, services and systems are developed and implemented to comply with information security, information quality and confidentiality and data protection requirements
|
|
| 14.1-216 |
There are appropriate confidentiality audit procedures to monitor access to confidential personal information
|
|
|
Information Security Assurance
|
| 14.1-304 |
Monitoring and enforcement processes are in place to ensure NHS national application Smartcard users comply with the terms and conditions of use
|
|
| 14.1-316 |
There is an information asset register that includes all key information, software, hardware and services
|
|
| 14.1-317 |
Unauthorised access to the premises, equipment, records and other assets is prevented
|
|
| 14.1-318 |
The use of mobile computing systems is controlled, monitored and audited to ensure their correct operation and to prevent unauthorised access
|
|
| 14.1-319 |
There are documented plans and procedures to support business continuity in the event of power failures, system failures, natural disasters and other disruptions
|
|
| 14.1-320 |
There are documented incident management and reporting procedures
|
|
| 14.1-321 |
There are appropriate procedures in place to manage access to computer-based information systems
|
|
| 14.1-322 |
All transfers of hardcopy and digital personal and sensitive information have been identified, mapped and risk assessed; technical and organisational measures adequately secure these transfers
|
|
| 14.1-325 |
Policy and procedures are in place to ensure that Information Communication Technology (ICT) networks operate securely
|
|
|
Clinical Information Assurance
|
| 14.1-412 |
Procedures are in place to ensure the accuracy of service user information on all systems and /or records that support the provision of care, support and advisory services
|
|