| Req No |
Description
|
Action
|
|
Information Governance Management
|
| 14.1-114 |
Responsibility for Information Governance has been assigned to an appropriate member, or members, of staff
|
|
| 14.1-115 |
There is an information governance policy that addresses the overall requirements of information governance
|
|
| 14.1-116 |
All contracts (staff, contractor and third party) contain clauses that clearly identify information governance responsibilities
|
|
| 14.1-117 |
All staff members are provided with appropriate training on information governance requirements
|
|
|
Confidentiality and Data Protection Assurance
|
| 14.1-203 |
Patients, service users and the public understand how personal information is used and shared for both direct and non-direct care, and are fully informed of their rights in relation to such use
|
|
| 14.1-205 |
There are appropriate procedures for recognising and responding to individuals’ requests for access to their personal data
|
|
| 14.1-212 |
Consent is appropriately sought before personal information is used in ways that do not directly contribute to the delivery of care services and objections to the disclosure of confidential personal information are appropriately respected
|
|
| 14.1-214 |
There is a confidentiality code of conduct that provides staff with clear guidance on the disclosure of personal information
|
|
|
Information Security Assurance
|
| 14.1-304 |
Monitoring and enforcement processes are in place to ensure NHS national application Smartcard users comply with the terms and conditions of use
|
|
| 14.1-305 |
Operating and application information systems (under the organisation’s control) support appropriate access control functionality and documented and managed access rights are in place for all users of these systems
|
|
| 14.1-314 |
Policy and procedures ensure that mobile computing and teleworking are secure
|
|
| 14.1-316 |
There is an information asset register that includes all key information, software, hardware and services
|
|
| 14.1-319 |
There are documented plans and procedures to support business continuity in the event of power failures, system failures, natural disasters and other disruptions
|
|
| 14.1-320 |
There are documented incident management and reporting procedures
|
|
| 14.1-322 |
All transfers of hardcopy and digital personal and sensitive information have been identified, mapped and risk assessed; technical and organisational measures adequately secure these transfers
|
|
| 14.1-323 |
All information assets that hold, or are, personal data are protected by appropriate organisational and technical measures
|
|
|
Clinical Information Assurance
|
| 14.1-402 |
Procedures are in place to ensure the accuracy of service user information on all systems and /or records that support the provision of care
|
|
| 14.1-404 |
A multi-professional audit of clinical records across all specialties has been undertaken
|
|