| Req No |
Description
|
Action
|
|
Information Governance Management
|
| 14.1-140 |
Responsibility for Information Governance has been assigned to an appropriate member, or members, of staff
|
|
| 14.1-141 |
There is an information governance policy that addresses the overall requirements of information governance
|
|
| 14.1-142 |
All contracts (staff, contractor and third party) contain clauses that clearly identify information governance responsibilities
|
|
| 14.1-143 |
All staff members are provided with appropriate training on information governance requirements
|
|
|
Confidentiality and Data Protection Assurance
|
| 14.1-240 |
All person identifiable data processed outside of the UK complies with the Data Protection Act 1998 and Department of Health guidelines
|
|
| 14.1-241 |
All transfers of personal and sensitive information are conducted in a secure and confidential manner
|
|
| 14.1-242 |
Consent is appropriately sought before personal information is used in ways that do not directly contribute to the delivery of care, and objections to the disclosure of confidential personal information are appropriately respected
|
|
| 14.1-243 |
There is a publicly available and easy to understand information leaflet that informs patients/service users how their information is used, who may have access to that information, and their own rights to see and obtain copies of their records
|
|
| 14.1-244 |
There is a confidentiality code of conduct that provides staff with clear guidance on the disclosure of personal information
|
|
|
Information Security Assurance
|
| 14.1-303 |
There are established business processes and procedures that satisfy the organisation’s obligations as a Registration Authority
|
|
| 14.1-360 |
Monitoring and enforcement processes are in place to ensure NHS national application Smartcard users comply with the terms and conditions of use
|
|
| 14.1-361 |
There is an information asset register that includes all key information, software, hardware and services
|
|
| 14.1-362 |
Unauthorised access to the premises, equipment, records and other assets is prevented
|
|
| 14.1-363 |
The use of mobile computing systems is controlled, monitored and audited to ensure their correct operation and to prevent unauthorised access
|
|
| 14.1-364 |
There are documented plans and procedures to support business continuity in the event of power failures, system failures, natural disasters and other disruption
|
|
| 14.1-365 |
There are documented incident management and reporting procedures
|
|
| 14.1-366 |
There are appropriate procedures in place to manage access to computer-based information systems
|
|
| 14.1-367 |
Policy and procedures are in place to ensure that Information Communication Technology (ICT) networks operate securely
|
|
|
Clinical Information Assurance
|
| 14.1-430 |
Procedures are in place to ensure the accuracy of service user information on all systems and /or records that support the provision of care, support and advisory service
|
|