minutes of the information governance, … · the information governance, management and technology...

The Information Governance, Management and Technology Committee is managed by Rushcliffe Clinical Commissioning Group (CCG) on behalf of Nottingham West CCG, Nottingham North and East CCG, Mansfield and Ashfield CCG and Newark and Sherwood CCG

MINUTES OF THE INFORMATION GOVERNANCE, MANAGEMENT AND TECHNOLOGY COMMITTEE

Friday 23 September 2016, 1.30 pm – 4.00 pm, Meeting rooms 2 and 3, Birch House, Mansfield

MEMBERSHIP Andy Hall Bronwyn Jackson Paul Gardner Sarah Bray (A) Nichola Bramhall Dr Mike O’Neil Hazel Buchanan Elaine Moss Paul Morris (A) Dr Sean Ottey (A) Eddie Olla

Director of Outcomes and Information & SIRO (Chair) Information Governance Manager, Mid Nottinghamshire Information Governance Lead, South Nottinghamshire Chief Finance Officer and Senior Information Risk Owner Director of Nursing and Quality & Caldicott Guardian Clinical Representative & SIRO Director of Operations & SIRO Director of Quality and Governance & Caldicott Guardian Lay Member General Practitioner & Clinical Representative Director of Health Informatics

Nottingham South CCGs Arden and GEM CSU Nottingham City CCG Mansfield & Ashfield CCG and Newark & Sherwood CCG Nottingham South CCGs Nottingham West CCG Nottingham North and East CCG Mansfield & Ashfield CCG Newark and Sherwood CCG Rushcliffe CCG NHIS

IN ATTENDANCE Jacqueline Taylor (A) Gina Holmes Marcus Pratt Caroline Stevens Craig Sharples (A) Diane Butcher (A) Sergio Pappalettera Andy Evans Jason Mather (A) Debbie Pallant Gareth Jones Jules Williams Helen Ben-Fredj

Head of Transformation Corporate Governance Officer Deputy Chief Finance Officer Governance Officer Head of Governance Head of Information & Performance Contract and Information Manager Programme Director Primary Care Development and Service Integration Manager Corporate Governance Manager Assurance Lead Officer Programme Manager Project and Business Change Manager

NHIS Mansfield & Ashfield CCG and Newark & Sherwood CCG Mansfield & Ashfield CCG and Newark & Sherwood CCG Rushcliffe CCG Nottingham West CCG Mansfield & Ashfield CCG and Newark & Sherwood CCG Nottingham North and East CCG Connected Nottinghamshire NHS Nottingham City CCG NHIS Nottingham North and East CCG NHIS NHIS

(A) Depicts Absent/Apologies

The Information Governance, Management and Technology Committee is managed by Rushcliffe Clinical Commissioning Group (CCG) on behalf of Nottingham West CCG, Nottingham North and East CCG, Mansfield and Ashfield CCG and Newark and Sherwood CCG - 2 -

Item No. AGENDA ITEM - KEY POINTS OF DISCUSSION Actions

IGMT/16/093 Welcome and Introductions AH welcomed all to the meeting and a round of introductions took place.

IGMT/16/094 Apologies Apologies were received from Jaki Taylor, Di Butcher, Sean Ottey, Sarah Bray and Paul Morris.

IGMT/16/095 Declarations of Interest There were no declarations of interest

IGMT/16/096 Minutes of Meeting held on 27 May 2016 The minutes of the last meeting held on 27 May 2016 were agreed as an accurate record with the following amendment.

IGMT/16/097

Matters Arising from previous meeting (not picked up within agenda): IGMT/16/066 – NHIS penetration testing was presented to Partnership Board in May. All actions were completed IGMT/15/152 – GH had resent the GP server refresh project board update to CS and this had been disseminated to members IGMT/16/072 – GH had forwarded the GP server Privacy Impact Assessment to CS and this had been disseminated to members IGMT/16/072 – PG and AH had drafted a risk regarding the Sherwood Forest Hospitals Trust (SFHT) and Nottingham University Hospitals (NUH) partnership for the risk register, this was on the meeting agenda IGMT/16/072 – PG and SP had not drafted a risk regarding patients opting out following legislation for the risk register, however, there had been a discussion with Carl Davis, Head of Data Management, this was agreed as an issue rather than risk and would be included on future issues logs. Action: PG to include on issues log IGMT/16/073 – NHIS had made changes to the performance report from September 2016 format to allow comparison with previous month’s performance IGMT/16/074 – JT had discussed sponsorship of non-NHS organisations by the CCGs for access to the Community of Interest Network (COIN) to ensure sponsorship did not present an undue risk for the CCGs. Nigel Callaghan, NHIS had written a paper on the risks of sponsorship and this had been sent to MO for review. Action: To be presented at future IGMT Committee meeting IGMT/16/081 – CS had changed the agenda description for Nottingham

PG JT



City CCG ICT Committee from minutes to update following agreement that the minutes would no longer be presented at the meeting IGMT/16/086 – NHIS had contacted other organisations to confirm password reset requirements. This had now been agreed and was set to 90 days with stronger passwords required for all users from 3 October 2016 IGMT/16/087 – NHIS had considered new technologies to support telemedicine following patient story. Mike Press, NHIS proposed setting up a sub-committee of the IGMT Committee to pilot these technologies. AE noted that the Sustainable Transformation Plan (STP) included an area on telemedicine with particular growing focus on assisted technology with the aim of supporting patients to live independently and longer at home. AE had identified five different groups looking at telemedicine and was keen under the banner of the STP to align those and bring all learning together. Action: AE to liaise with Mike Press to align existing groups IGMT/16/088 – AH had forwarded TPP QRisk Calculator communication to Mid Nottinghamshire CCG colleagues for dissemination to practices. IGMT/16/090 – GH had developed an overview of indicators where Mid Nottinghamshire CCGs had achieved level 3. This would be reviewed at the following Information Governance (IG) Leads meeting. Action: PG to include on next IG Leads agenda IGMT/16/091 – JT and CS had populated the forward plan with NHIS projects including a review of EDSM IGMT/16/092 – SIROs had reviewed and fed back regarding the Privacy Notice, this had required further amendments following initial submission and the updated version was on the agenda. IGMT/16/069 – Terms Of Reference and membership had been agreed, however attendance of some members was low. The Committee was keen that attendance was reiterated to Governing Bodies Action: Members to highlight at Governing Body meetings All other actions were agreed complete

AE PG ALL

IGMT/16/098

NHSmail2 HBF attended the Committee to deliver an update regarding NHSmail2. Following the introduction of the new Information Standards Board (ISB) 1596 Secure Email Specification the CCGs agreed to migrate the existing email system to NHSmail rather than upgrade. NHSmail was a national system supported by NHS Digital and the CCGs had agreed to migrate with support of Accenture. HBF explained that all staff would have a nhs.net email account created



through NHSmail unless they already had an account. All emails within staff nhs.uk accounts would be migrated across to their new nhs.net accounts and all emails into the nhs.uk would be forwarded onto the nhsmail accounts. During the period of migration, users would have both accounts running concurrently, this was expected to be for approximately three months. In answer to a question, HBF explained that nhs.uk emails would be mirrored in nhs.net accounts rather than emails forwarded so should not be transferring confidential data insecurely between the two accounts. Action: HBF to clarify process for mirroring to ensure data transfer is secure The branding of the new accounts was still unclear, however, further national guidance was expected in October 2016. Branding would be limited to 15 characters, and GP practices would be linked to their CCG rather than including a practice name. South Nottinghamshire CCGs had agreed not to include ‘CCG’ in the email branding, just including the geographical e.g. Rushcliffe, however, Mid Nottinghamshire would include CCG, e.g. NewarkandSherwoodCCG. Accenture were highlighting branding issues with NHS Digital. The standard mailbox size for nhs.net accounts was 4GB, although it had been identified that some staff members across the CCGs and practices currently had larger mailboxes. Whilst it was possible to accommodate larger mailboxes, there would be a cost attached to this, therefore, all users had been asked to ensure that mailboxes were managed within the standard 4GB. Email management guidance had been disseminated, however, there was no guidance on archiving and use of pst files as this was not supported by NHIS due to risk of loss and storage issues. There would be a charge for each user migrated so NHIS had run a baseline of existing users. This had highlighted some accounts for staff that had left the organisations which had since been archived. Information about the migration had been communicated to all CCG staff and NHIS had engaged with Practice Manager Forums and patient groups about the migration. Technical policies were in the process of being drafted including a starters’ and leavers’ policy. Email account authorisation forms had also been sent to all organisations to list all accounts that required migrating and a Frequently Asked Questions document would be available on the NHIS portal. Exact dates for the migration were not yet known, however, it had been scheduled to pilot the migration with 360 Assurance and PICS ahead of rolling out to CCGs. HBF noted that during migration, users could seek advice and support through the NHIS online customer portal. Three specific staff members would be in post to take calls and resolve portal queries relating to migration. There would also be a trainer attached to the project who

HBF



would attend the practices to support onsite and training resources would be made available to all staff ahead of the migration. New accounts would need to be activated via Webmail and then mobile devices and Outlook could be configured to access. Accounts would need to be managed for starters, leavers and long term absence. Passwords for accounts would need to be changed every 90 days. If accounts were not accessed for 90 days they would be archived and if not accessed for a further 90 days after archiving accounts would be deleted with no option to retrieve. The Committee asked if a mechanism could be established to notify Practice Managers or CCG leads of inactive accounts. Action: HBF to enquire regarding notification of inactive accounts In answer to a question PG agreed to forward on the completed Privacy Impact Assessment (PIA) for NHSmail to those involved in the project. Action: PG to forward PIA for NHSmail onto to project board members In answer to a question HBF explained that other CCGs had started their migration as part of wave one, however, there was no learning from this as not yet completed. The Committee NOTED the update

HBF PG

IGMT/16/100 Information Governance Management Framework PG and BJ presented the frameworks to the Committee for approval. The frameworks set out the CCGs’ process for managing Information Governance and assurance and was key evidence for IGT standard 14- 130. Two frameworks were presented for approval, one for Mid Nottinghamshire CCGs and one for South Nottinghamshire CCGs. The Committee noted that the frameworks were reviewed and approved annually. The Committee APPROVED the frameworks.

IGMT/16/101

Information Asset Register Procedure PG presented Procedure to the Committee for approval. The information asset management procedure ensured a robust process for the management of the organisations’ Information Assets. The procedure was an operational document that set out the key responsibilities for Information Asset Owners and Information Asset Assistants as well as the assurance process for Senior Information Risk Owners (SIROs). The Committee APPROVED the procedure



IGMT/16/102 Electronic Remote Working Policy PG presented the Policy to the Committee for approval. The Electronic Remote Working Policy set out the responsibilities of staff with regard to the confidentiality and security of information when working remotely. The policy referred to iPads and iPhones and included responsibilities of local organisations to audit. PG expected that some small changes would need to be made to align with the National Data Guardian review. Committee members noted the following amendments:

Section 1.3, acronym for Bring Your Own Device required explained

Section 5.2, requests could also be made via the NHIS online portal

Appendix A, an updated form for application for remote access was now available

The IGM&T Committee APPROVED the policy with the above amendments

IGMT/16/103 Records Management Policy CS presented the Policy to the Committee for approval. This Policy set out the approach taken within the CCG to provide a robust Records Management system for the management of corporate and clinical information. The previous policy had been updated to bring together the Information Lifecycle Management Policy and Records Management Policy. The policy covered both the management of clinical and corporate records, however, focus on corporate records given the nature and business of CCGs. The update also reflected the new ‘20 year rule’ and incorporated updates from the Records Management Code of Practice for Health and Social Care 2016. Records management was an individual CCG function and did not form part of the contracts with Nottingham City CCG or Arden and GEM CSU. PG had shared Nottingham City’s policy and provided advice to the CCGs on policy development. The policy would be reviewed this year as part of the IG toolkit audit The Committee noted its thanks to PG for his support in the policy’s development The IGM&T Committee APPROVED the policy

IGMT/16/104 Information Governance Working Group Terms of Reference PG presented the Information Governance Working Group Terms of Reference to the Committee for approval. The terms of reference had been reviewed by the IG leads operational



group and set out the responsibilities of the group. The group would support the Nottinghamshire Clinical Commissioning Groups to ensure that best practice was applied in the sharing and management of information and as a forum to discuss and resolve common issues or queries in relation to the Information Governance agenda and IG Toolkit standards (as required). The group reported into the IGMT Committee. Minimal changes had been made to the previous version. The IGMT Committee APPROVED the terms of reference

IGMT/16/106 eDischarge AE presented the paper to the Committee for discussion. As part of the Transfer of Care initiative supported by NHS Digital the 2016/17 NHS standard contract set out requirements that stated there must be electronic delivery of e-Discharge summaries between Primary Care and Acute, Mental Health and Community Providers (all NHS funded care including independent sector) by 1 December 2016. This initiative was aligned to the National Information Board and NHS England five year forward plan and as such formed part of our Local Digital Roadmap core objectives. In October 2015 providers had to meet a related deadline to remove the use of faxes and adopt an alternative secure mode of transfer e.g. NHS.net email. This latest initiative was the second phase. AE noted that GP practices would require some help to start receiving e-Discharges. At the time of the meeting, there was variation in how practices received this information, some were receiving in one system, downloading and then uploading into another system, some were receiving via email and some were receiving as intended under this initiative. In answer to a question about how the CCGs would gain assurance that providers were compliant, AE explained that a paper would be presented to the IM&T SRO Programme Board the following week regarding e-Discharge. AE confirmed that local providers were expected to meet the deadline of 1 December 2016. Assurance had already been gained from Sherwood Forest Hospitals Trust (SFHT) and Nottinghamshire Healthcare Trust (NHCT), and confirmation of position from Nottingham University Hospitals (NUH) would be received the following week. In answer to a question, AE explained that costs to the CCGs for this phase of the initiative would only include support to practices for implementation of changes to system where needed. Changes had been communicated to practices nationally.



The IGM&T Committee NOTED the paper

IGMT/16/107 NHIS Network Assurance Report EO provided an update to the Committee on network assurance for discussion.

NHIS had been requested to provide the Committee with assurances regarding the proactive nature of what NHIS did in exploring the world of threats and what products / techniques / processes could be put in place to reduce these threats to a manageable level. NHIS had a number of existing assurances in place:

IG Toolkit submission for version 13 was at 73% and NHIS were working towards version 14. Evidence was provided to the CCGs’ IG Leads in year for the Information Security assurance section of their toolkits.

Cyber Essentials Certification had recently renewed for 2016-17. In answer to a question, DP explained that this was the basic certification and that plus certification had been delayed due to the merger

Vulnerability testing had been completed, a number of recommendations were being reviewed and implemented, however, no major issues were identified. Further testing was planned for the CoIN infrastructure when deployed.

ISO27001 certification was slightly delayed by the merger, however, an initial confirm and challenge audit was scheduled at the end of 2016 and in completion expected in 2017.

CareCERT bulletins were reviewed each week for vulnerabilities and risks. Urgent high level threats were reviewed immediately and assurances circulated to partners and customers; advice notes regarding new ransomware signatures and guidance notes for staff.

NHIS had signed up for the Care ASSURE early adopter scheme, which would provide an assessment of NHIS’ cyber security preparedness.

NHIS had also engaged with 360 Assurance to commission a piece of work around an assurance framework for clients. This would take the form of the following activities, planned to take place in Quarter 4 2016/17:

Review of the reporting metrics proposed by NHIS to challenge whether they provide optimum information for clients, regarding the cyber security/information security framework in place.

Arranging a client workshop to discuss the above, the client needs and develop the optimum reporting framework.

Providing assurance over response to CareCERT alerts, ensuring that there were robust internal processes in place to ensure actions were logged, evaluated and addressed.

Providing NHIS with an assessment against the data security



standards in the National Data Guardian Report and current assurances in place (as above).

The Committee noted that NHIS would provide an update paper having been reviewed by 360 Assurance and having undertaken a client workshop to the March 2017 Committee meeting. The IGM&T Committee NOTED the paper

IGMT/16/108 Portal Update AE provided an update to Committee regarding progress of the portal

The governance around the portal had been a challenge and a steering group and project board had been established. There was concern around decision making, although, work had been progressing. Phase one would be live in October 2016, this included internal systems at SFH and NUH. The connection of NHCT had been slightly delayed and was expected early 2017. In answer to a question, AE stated there was a risk to delivery as at that time, it had not yet started, however, JT was now taking oversight of the delivery and there was a good understanding of what was needed across the community. The IGM&T Committee NOTED the update

IGMT/16/109 360 Assurance Briefing paper on National Data Guardian and Care Quality Commission reports PG presented the paper to the Committee for discussion.

The purpose of the paper was to provide the Committee with a summary of the National Data Guardian Report and CQC Report ‘Safe Data, Safe Care’ collated by 360 Assurance.

The consultation closed on 7 September 2016 and finalised recommendations were awaited. The Head of Information Governance and Information Governance Leads for the CCGs would ensure the Committee was kept up to date on any significant changes in this area and that appropriate assurances were provided that the CCGs were meeting any new obligations. The IGM&T Committee NOTED the paper

IGMT/16/110 Information Governance Risk Register and Issues Log PG presented the updated risk register and issues log to the Committee for discussion. The Committee agreed there was no further update to the existing risks recorded and agreed an additional risk regarding the merger of Sherwood Forest Hospitals Trust and Nottingham University Hospitals (NUH) Trust. The Committee noted that the partnership arrangements would continue and assurances had been received from NUH that



nothing would get worse although there was still risk related to the transition of merging. The Committee NOTED the register

IGMT/16/111

NHIS Update Performance Report EO presented the performance report to the Committee for information. EO highlighted the call abandonment standard that was missed. EO explained that focus on the merger could explain some reduction in performance. The Committee noted that a separate contract meeting with NHIS was held every month. The Committee NOTED the report

IGMT/16/112 NHIS Update Project Status Report JW presented the project status report to the Committee for information The COIN project had encountered some issues. These had been escalated to BT and NHIS met with BT last week, although there are still a number of issues. A letter of complaint had been written to BT’s Chief Executive to highlight this. Connections were now in place at Kings Mill Hospital and the Mary Potter Health Centre and the remaining should be in place by the following week. The PC Refresh project had to be extended to accommodate this. In answer to a question, JW confirmed that all practices in Mid Nottinghamshire had now migrated to new GP servers, however, if the COIN was not ready the following week, this project would stand still. AE confirmed that a response had been received from the BT Chief Executive quickly and the issue was being resolved within contractual requirements. AE highlighted that NOTIS was not working and NUH had offered a solution for this. Action: NHIS to take away and investigate The Committee NOTED the report

NHIS

IGMT/16/113

Capital Bids – Projects Financial Status AE presented the capital bid documents to the Committee for noting. AE noted that there were some anomalies with reporting, with expense to Rushcliffe CCG and not recharged, therefore, so not all finances were exact. Overviews were presented for the following projects:



GP mobile working

GP PC refresh (JT had reported that the estate was in a good position and the digital maturity assessment would demonstrate this).

GPRCC (this project was progressing well and at pace). The funds for this project had now been spent and the income stream would now change to vanguard funds for Mid Nottinghamshire

GP server was progressing

Seven day working

GP systems migration, AE noted that there was an accounting error, not recharged back from CCG expenditure

Interoperability Portal Action: AE and JT to review and resolve The IGM&T Committee NOTED the reports

AE and JT

IGMT/16/114 Project Briefs The Committee NOTED that there were no Project Briefs

IGMT/16/115 CfH Exit and Transition EO provided an update to the Committee regarding the Connecting for Health (CfH) exit and transition The CfH contract had ended on 7 July 2016. All GP practices were moved across onto the General Practice System of Choice (GPSoC) contract in advance of this date. The contract for TPP SystmOne Community units (not including Nottingham CityCare and Notts Healthcare as they did their own procurement) had been set up with SFHT being the contract holder. NHIS would be sending the recharge invoices out soon as agreed previously. Costs would be slightly less than the paper presented previously quoted for the annual charges as this year would run from July until the end of March. AE highlighted that East Midlands Ambulance Service (EMAS) had not progressed their system since funding had ceased as at the end of the contract the cost of the licence could not be met, this had left a shortfall of between £1.1 and £1.5 million. This would be discussed at the IM&T SRO Programme Board the following week. The Committee agreed to keep this standing agenda item for a further meeting The Committee NOTED the update

IGMT/16/116 Accessible Information Standard AH provided an update to the Committee regarding progress with the implementation of the Accessible Information Standard. National deadlines for implementation had now passed. Local guidance



for SystmOne practices had been developed locally on how to set up alerts/ flags for patients with coded communication needs and guidance had been shared with practices about how to email with patients. NHIS were setting up generic NHS.net accounts as requested to support email with patients and consent forms for patients to complete regarding emailing personal information had been disseminated. The Committee NOTED the update.

IGMT/16/117 Privacy Impact Assessments Overview/ Summary PG and BJ presented the Privacy Impact Assessment (PIA) summary to the Committee for information. Consent for secondary use was still being agreed and guidance had been discussed at the Records and Information Group meeting. The Committee NOTED the summary

IGMT/16/118 Cyber Security Bulletin – reporting framework DP presented the paper to the Committee for information. At the Committee meeting in May 2016, a paper was presented setting out the cyber security assurances across both NHIS and the CCGs. This paper set out a framework for reporting assurances that cyber security alerts were managed within the terms of the contract with NHIS. NHIS proposed monthly reporting to SIROs by exception, and quarterly reporting to the Committee summarising actions undertaken by NHIS to mitigate cyber threats. The Committee NOTED the summary

IGMT/16/119

National Updates AE highlighted the Dr Robert Wachter report, that concluded the paperless by 2020 goal as “unrealistic”. Recommendations included taking the learning from the National Programme for Information Technology (NPfIT), extending funding further to support the goal and working to develop clinicians to have better understanding of technology MP highlighted a recent King’s Fund paper on the digital agenda and plans for implementation. The report looked at the key commitments made and what was known about progress to date, grouped under three broad themes: interoperable electronic health records patient-focused digital technology secondary use of data, transparency and consent.

It identified barriers to further progress and opportunities for delivering on the digital agenda. Action: MP to send link to report to CS for dissemination to Committee members

MP and CS



EO highlighted a webinar on Introducing NHS Digital and the National Informatics Board programmes scheduled for 7 October 2016 Action: EO to send details of webinar to AE and AH The Committee NOTED the updates

EO

IGMT/16/120 Nottingham City CCG ICT Committee Meeting Update This item was deferred in JM’s absence

IGMT/16/121 Partnership Board update AH provided an update to the Committee regarding the Partnership Board. A meeting was scheduled for the following week and an update would be circulated following this. The Committee discussed the implications of the merger and the pause of the merger on service delivery. The Service Level Agreement with NHIS was annual and would be honoured by NUH. NUH had been asking for detail to inform the target operating model to which the CCGs had responded. Action: EO to share the target operating model with members The Committee NOTED the update

EO

IGMT/16/122 Data Management Group minutes AH presented the minutes of the last two Data Management Group meetings. The meetings had now moved to quarterly. MO noted that great progress had been noted with over 90 practices now receiving data through the General Practice Repository for Clinical Care (GPRCC) and 120 registered to also receive. AH also noted that hem MO and Carl Davis, Head of Data Management were liaising with the Vanguard in Rushcliffe to discuss future plans for use. The Committee the significant step forward in achieving this and congratulated all involved. The Committee NOTED the minutes

IGMT/16/123 IG Leads meeting update PG provided an update from the IG leads meeting to the Committee for information. The group had last met 8 September 2016 and reviewed the policies and



terms of reference presented for approval to this committee. The next meeting was scheduled for December and would review the IG toolkit position. The group also reviewed the Care Quality Commission (CQC) guidance highlighting that CQC would now be monitoring practice IG Toolkit scores as part of inspections. The group noted that additional support may be required for practices. CCGs had responsibility for this, however, additional provision would also be available as NHS Midlands and Lancashire CSU had been commissioned nationally to support GP practices with elements of information governance. Further information would be disseminated to practices. The Committee NOTED the update

IGMT/16/124 Records and Information Group Update PG provided an update on the Records and Information Group (RIG) to the Committee for information The group had revised the consent model and Electronic Data Sharing Model (EDSM) guidance. Implied consent had been agreed to be in best interest of patients. The group were also developing a guidance document for secondary use PG noted that the group was still seeking a clinical chair. An email would be circulated to clinicians inviting candidates, the Committee agreed that a clinician with a Caldicott Guardian role was required. AH reported that Dr. Ian Trimble previously a Nottingham City GP, had recently retired and was now recruited as an independent GP advisor to Rushcliffe CCG and clinical lead for Connected Nottinghamshire, would also provide the IM&T Clinical Safety Officer role previously held by Dr George Ewbank. The IGM&T Committee NOTED the update and report

IGMT/16/125 Quarterly Data Quality Report AH presented the Quarterly Data Quality Report to the Committee for information. The report assured members of the Committee of the overall data quality by providing reports on Secondary Uses Services (SUS) data submitted by Trusts relating to their patients. The validity of a number of key data items was presented at National, North Midlands Area Team and Provider level The Committee noted that improvements had been seen in Sherwood Forest Hospitals Trust (SFHT) in last couple of months. The Committee NOTED the report



IGMT/16/126 Quarterly Information Governance Report PG presented the Quarterly Information Governance Report to the Committee for information. The purpose of the paper was to provide the Committee with an update with regards to all the reporting requirements within the Information Governance agenda and provide assurance that the requisite compliance areas were being met. Furthermore the report provided an update with regards to any national developments that may have an impact on the CCGs. The Committee noted there were no areas of risk or concern and the CCGs were in line with and complying with requirements. The Committee NOTED the report

IGMT/16/127 Local Digital Roadmap AE provided an update to the Committee regarding the Local Digital Roadmap (LDR) for information The initial submission in July 2016 had been well received by NHS England. AE explained that this was the technical component supporting the Sustainable Transformation Plan (STP). The LDR had been recognised as business case ready and was being used by NHS England as an exemplar. AE noted that it was a working document and that an extra Workstream had been added for assisted technology. The Committee agreed to receive an overview of the Local Digital Roadmap at the December 2016 Committee meeting Action: CS to add to December agenda The Committee NOTED the update

CS

IGMT/16/128 Privacy Notice AH provided an update to the Committee regarding the Privacy Notice for information AH reported that the CCG privacy notice had been updated to support the NHS Digital Data Access Request Service (DARS) and Accredited Safe Haven (ASH) application. The updated version had been sent to all CCGs for uploading that day. The committee noted that the updated version needed to be live that day. The Committee NOTED the update

IGMT/16/129 Forward Programme Action: ALL members should forward any other agenda items to CS

ALL



IGMT/16/092

Any Other Business No other business was noted

Date and Time of Next Meeting 1.30 pm – 4.00 pm on Friday 16 December 2016 Clumber Meeting Room, Easthorpe House, Ruddington ‘Members should inform the meeting secretary of any apologies and deputies attending on their behalf at least 10 working days prior of the next meeting. This is to ensure that the meeting is quorate and any action from potential declarations of interest are handled appropriately in advance’.


Abbreviation Meaning

ADT Admissions Discharges and Transfers

AHP Allied Health Professional

AHR Access To Health Record request

AQP Any Qualified Provider

ASH Accredited Safe Haven

AUP Acceptable Use Policy

BAU Business As Usual

BC Business Continuity

CAB/C&B Choose and Book

CAG Confidentiality Advisory Group

CCG Clinical Commissioning Group

CDS Commissioning Data Set

CfH Connecting for Health (now replaced by NHSE and HSCIC)

CG Caldicott Guardian

CSU Commissioning Support Unit

DH/DoH Department of Health

DMIC Data Management Information Centre (old name for DSCRO)

DPA Data Protection Act

DR Disaster Recovery

DSA Data Sharing Agreement

DSC Data Sharing Contract

DSCN Data Set Change Notice

DSCRO Data Service for Commissioners Regional Office

EPR Electronic Patient Record

EPS Electronic Prescribing Services

FOI(A) Freedom of Information (Act)

GEMCSU Greater East Midlands Commissioning Support Unit

GP General Practice

GPES General Practice Extraction Service

HES Hospital Episode Statistics

HIS Health Information Service/System

HPA Health Protection Authority

HSCIC Health & Social Care Information Centre

IAA Information Asset Administrator

IAO Information Asset Owner

ICO Information Commissioners Office

IG Information Governance

IGSoC Information Governance Statement of Compliance

IGT Information Governance Toolkit

IGTT Information Governance Training Tool

ISA Information Sharing Agreement

ISP Information Sharing Protocol

KPI Key Performance Indicator

LA’s Local Authorities

LES Local Enhanced Service


Abbreviation Meaning

LSP Local Service Provider

NACS (Now ODS) National Administrative Codes Service

NHSCB NHS Commissioning Board (old name for NHSE)

NHSE NHS England

NWW NHS Wide Web

ODS (Previously NACS) Organisation Data Service

PCD Personal Confidential Data

PHE Public Health England

PIA Privacy Impact Assessment

QIPP Quality Innovation Productivity and Prevention

QOF Quality Outcome Framework

RA Registration Authority

SAR Subject Access Request

SBS Shared Business Service

SI/SUI Serious Incident/Serious Untoward Incident

SIRO Senior Information Risk Owner

SUS Secondary Use Service

VSO Voluntary Services Organisation

….. Definitions Primary Use of data – is when information is used for healthcare and medical purposes. This would directly contribute to the treatment, diagnosis or the care of the individual. This also includes relevant supporting administrative processes and audit/assurance of the quality of healthcare service provided Weak pseudonym (such as NHS number or postcode) The classification of a weak pseudonym stems from the fact that unless a user has access to another system that requires authorisation and user authentication etc (eg Exeter or the Spine) then the individual cannot be identified from the NHS number alone.

minutes of the information governance, … · the information governance, management and technology...

Documents