DATA PROTECTION ACT (1998) SUBJECT ACCESS REQUEST PROCEDURE

Similar documents
Access to Health Records Procedure

Access to Health Records under the Data Protection Act 1998 (As set out by the Department of Health)

Access to Records Procedure under Data Protection Act 1998 Access to Health Records Act 1990

Access to Health Records Application (Subject Access Request)

Central Alerting System (CAS) Policy

Executive Director of Nursing and Chief Operating Officer

DATA PROTECTION POLICY

How to Apply for your Health Records

I write in response to your request of 21 January 2009 (received 22 January 2009) requesting copies of your medical records.

Diagnostic Testing Procedures in Urodynamics V3.0

ACCESS TO HEALTH RECORDS POLICY & PROCEDURE

How we use your information. Information for patients and service users

ACCESS TO HEALTH RECORDS POLICY & PROCEDURE

Date ratified November Review Date November This Policy supersedes the following document which must now be destroyed:

Central Alerting System (CAS) Policy

Non Attendance (Did Not Attend-DNA ) Policy. Executive Director of Nursing and Chief Operating Officer

RD SOP12 Research Passport Honorary Contracts / Letters of Access

COMPLAINTS MANAGEMENT PROCEDURE

Application to Access Health Records (DPA1)

Research Passport Application Form Version 3 01/09/2012

Framework for managing performer concerns NHS (Performers Lists) (England) Regulations 2013

How to register under the Health and Social Care Act 2008

Overarching Section 75 Agreement Adults Integrated Health and Social Care Services. Subject. Cabinet Member

NHS RESEARCH PASSPORT POLICY AND PROCEDURE

Standard Operating Procedures (SOP) Research and Development Office

Wandsworth CCG. Continuing Healthcare Commissioning Policy

CLINICAL SERVICES POLICY & PROCEDURE (CSPP No. 25) Clinical Photography Policy in the Pre-Hospital Setting. January 2017

SAFEGUARDING CHILDEN POLICY. Policy Reference: Version: 1 Status: Approved

Standards of Practice for Optometrists and Dispensing Opticians

Positive and Safe Management of Post incident Support and Debrief. Ron Weddle Deputy Director, Positive and Safe Care

FUNDING FOR TREATMENT IN THE EEA APPLICATION FORM

Diagnostic Testing Procedures in Neurophysiology V1.0

SABP/INFORMATIONSECURITY- SUMMARY CARE RECORD ACCESS/0003

Accessing Your Medical Records at Lonsdale Medical Centre

Freedom to speak up: raising concerns (whistleblowing) policy

RECEIPT & SCRUTINY OF MENTAL HEALTH ACT PAPERS

Birmingham, Sandwell and Solihull Eligibility Criteria Policy for NHS Non-Emergency Patient Transport (NEPT)

Health and Safety Policy

Adults and Safeguarding Committee 7 th March 2016

They are updated regularly as new NICE guidance is published. To view the latest version of this NICE Pathway see:

Diagnostic Testing Procedures for Ophthalmic Science

Section 19 Mental Health Act 1983 Regulations as to the transfer of patients

Code of Guidance for Private Practice for Consultants and Speciality Doctors

Medicines Reconciliation Policy

Occupational Health Privacy Notice

SUBJECT ACCESS REQUEST HEADER PAGE to be supplied with all SAR/TSAR responses 1. The purpose(s) of the processing

Barnet Health Overview and Scrutiny Committee 6 October 2016

POLICY FOR THE IMPLEMENTATION OF SECTION 132 OF THE MENTAL HEALTH ACT (MHA) 1983 AS AMENDED BY THE MHA 2007:

WORKING WITH THE PHARMACEUTICAL INDUSTRY

Pan Dorset Procedure for the Management of the Closure of a Care Home Supporting people in Dorset to lead healthier lives

Your NHS number and how we use your information in the NHS

Practising as a midwife in the UK

Information Governance Management Framework

Application for Recognition or Expansion of Recognition

EAST CALDER & RATHO MEDICAL PRACTICE YOUR INFORMATION

RECEIPT OF APPLICATIONS FOR DETENTION UNDER THE MENTAL HEALTH ACT 1983

NHS England Complaints Policy

NHS Constitution summary of rights and responsibilities

ANPR Policy Version , March 2016

Can I Help You? V3.0 December 2013

Office of the Australian Information Commissioner

EQUAL OPPORTUNITY & ANTI DISCRIMINATION POLICY. Equal Opportunity & Anti Discrimination Policy Document Number: HR Ver 4

DERBY TEACHING HOSPITALS NHS FOUNDATION TRUST

Health and Safety Strategy

Registration prescribed information handbook

Safeguarding Adults Policy

Registering as a dentist with the General Dental Council (EU/EEA/Switzerland)

APPLICATION FOR ACCESS TO HEALTH RECORDS. Data Protection Act 2018 and other relevant legislation

Visiting Celebrities, VIPs and other Official Visitors

Registering as a dental care professional with the General Dental Council

Policy Summary. Policy Title: Policy and Procedure for Clinical Coding

SUGGESTIONS, COMPLIMENTS & COMPLAINTS POLICY

Independent Group Advising (NHS Digital) on the Release of Data (IGARD)

NHS Continuing Healthcare Service Provider and Local Authority NHS Continuing Healthcare Inter-agency Disputes Policy

GUIDELINES ON SECTION 17 LEAVE OF ABSENCE MHA (1983)

Personal Identifiable Information Policy

Recruitment of Approved Mental Health Practitioners (AMHPs)

Consultation on developing our approach to regulating registered pharmacies

I SBN Crown copyright Astron B31267

How NICE clinical guidelines are developed

Prof. Paula Whitty Director of Research, Innovation and Clinical Effectiveness. Author(s) (name and designation) Date ratified January 2015

CCG CO21 Continuing Healthcare Policy on the Commissioning of Care

Freedom of Information Policy

NHS Continuing Healthcare Choice Policy Supporting people in Dorset to lead healthier lives

Section 132 of the Mental Health Act 1983 Procedure for Informing Detained Patients of their Legal Rights

Patient Identification

The Newcastle upon Tyne Hospitals NHS Foundation Trust

Specialised Services: CPL-008 Referral Management Policy

Trust Quality Impact Assessment (QIA) Policy

Serious Incident Management Policy

Application for Volunteer Work

Application for incorporation as a Scottish Charitable Incorporated Organisation (SCIO): application form and guidance notes

PRIVACY BREACH MANAGEMENT POLICY

The Mental Health (Wales) Measure Part 1 Scheme. Local Primary Mental Health Support Services. for

Policy for the use of Leave under Section 17 of the Mental Health Act 1983 (as amended) Version: 9

Application to be restored to the register

CHC30113 Certificate III in Early Childhood Education and Care

Responsive, Flexible & Sensitive Domiciliary Care. Service User Handbook

VOLUNTEER APPLICATION

Management of Diagnostic Testing and Screening Procedures Policy

Transcription:

DATA PROTECTION ACT (1998) SUBJECT ACCESS REQUEST PROCEDURE Date effective from: 1 st September 2014 Review date: 1 st September 2017 Version number: 4.0 See Document Summary Sheet for full details Date effective from: 1 st September 2014 Page 1 of 23

CONTENTS Document Summary Sheet 3 Document Amendment sheet 4 PART A Section Description Page 1 Executive summary 6 2 The content of the procedural document 7 2.1 Flow chart of procedure 7 2.2 Description of procedure/process 8 3 Duties 9 4 Training 11 5 Glossary of Definitions 11 6 Appendices relevant to the procedural document 11 A Subject Access Request Form 12 PART B Section Description Page 7 Purpose of Document 17 7.1 Policy statement 17 7.2 Purpose of document 17 8 Identification of Stakeholders 17 9 References, Evidence Base 17 10 Associated Documentation 17 11 Equality Impact Assessment 18 12 Plan for Dissemination and Implementation 21 13 Standards/key performance indicators 22 14 Monitoring Compliance with, & the Effectiveness of the Procedure 23 Date effective from: 1 st September 2014 Page 2 of 23

DOCUMENT SUMMARY SHEET ALL sections of this form must be completed. Those marked with * will be used as search information on Staffnet. Document title*: Document Reference Number * Member of the Executive Team Responsible* (Title): Document author* (Name and title): Approved by (group): Data Protection Act (1998) Subject Access Request Procedure IG-0008 Director of Finance Carl Starbuck, Information and Knowledge Manager Michael Batters, Health Records Manager IG Group Date approved: 23 rd July 2014 Ratified by (group/board): SIRO, Caldicott Guardian, CIO Date ratified: 14 th August 2014 Review date: 1 st September 2017 Frequency of review: Responsible for the review: Target audience: (List, by title, the people this procedural document is essential for) Responsible for dissemination: Every three years Information and Knowledge Manager Medical Records staff Clinical staff Other health care professionals Clinical Administrative staff Information and Knowledge Manager Date effective from: 1 st September 2014 Page 3 of 23

DOCUMENT AMENDMENT SHEET Please record what changes you have made to the procedural document since the last version. This is a summary of changes to the document and is designed to show people exactly what has changed. The version number recorded below should correspond to the ratified version number shown on the Document Summary Sheet. Version Amendment Reason 0.1 First draft for review Re-drafted into NHSLA format. 0.2 Minor tweaks: actions on billing, access on site Second draft review by Annette Booth accompanied by staff 1.0 Ratified Ratified by Executive Team 15/03/2011 2.0 Health Records Manager contact update Lynda Clapham 15/01/2012 3.0 Updated SAR form Permission to update from SIRO & Caldicott Guardian IGSSG 17/04/2013 3.1 Reviewed and updated Periodic review date reached 4.0 Ratified Ratified 14 th August 2014 confirmed by SIRO. Caldicott Guardian & CIO present at approving meeting Date effective from: 1 st September 2014 Page 4 of 23

PART A Date effective from: 1 st September 2014 Page 5 of 23

1 EXECUTIVE SUMMARY Under Section 7 of the Data Protection Act (1998), data subjects have the right to access and to be provided with copies of their health records and other information held by the Trust about them. Most requests of this type are by service users, but they might also come from staff, carers, Foundation Trust members or anyone else about whom we hold any form of records. In this context, records encompass still photographs, video footage, audio recordings, and any paper or electronic record in which the data subject is identified. The right of access to information is not absolute, and there are grounds on which information can be withheld. This procedural document is designed to provide the procedural framework for staff on the application of the subject access provisions of the Data Protection Act (1998). It informs staff in receipt of or otherwise involved in the processing of subject access requests the steps required to ensure the Trust fulfils its legal obligations under the Act. It forms part of the Trust s overall approach to Information Governance and aims to assist compliance with Section 7 of the Data Protection Act (1998) and to support the rights of data subjects in accessing their information. Date effective from: 1 st September 2014 Page 6 of 23

2 THE CONTENT OF THE PROCEDURAL DOCUMENT 2.1 Flow chart of procedure Requests must be made in writing by the patient or their representative. Representatives are simply those helping the patient make the request, whether relatives, legal appointees, solicitors, the police, etc. What distinguishes a subject access request is that it is made with the consent of the patient. Requests should always be The Medical Records Team will locate the records and ensure they are made available to the appropriate health professional Patient or patient s representative MEDICAL RECORDS TEAM The appropriate health professional reviews the record and advises of any contents they believe should be withheld to preserve third-party confidences or to avoid potential serious harm. APPROPRIATE HEALTH PROFESSIONAL Using the advice of the appropriate health professional, and from other sources as appropriate, the Medical Records Team decides which parts of the record it is appropriate to release and either copies and sends the material itself or advises the local team in doing this. MEDICAL RECORDS TEAM Patient or patient s representative Date effective from: 1 st September 2014 Page 7 of 23

2.2 Description of Procedure/Process 2.3 Receiving and recording subject access requests To be valid, any subject access request must be made in writing. The data subject must provide enough information to allow the Trust to process the request. Standard forms such as the example at Appendix A - can be issued to applicants making a subject access request. It should be noted that a subject is under no obligation to use our forms, but the forms are provided to aid the process and assist both the subject and staff in specifying the request. This form may be modified for non-health records uses as required. Details of subject access requests will be logged by the Medical Records Team.. Details will include but not be limited to: Name of requestor Date of request Confirmation of identity Fee received (where applicable) 2.4 Fees The Medical Records Team reports to the Information Governance Group, where the Trust s performance in responding to subject access requests is monitored. The Trust will not ordinarily charge service users for providing access to information held about them. If the subject access request is made by an organisation (e.g. solicitors, insurers) then a charge will be made. This charge can be up to 50. Where payment is necessary an invoice and accompanying fees notice will be raised. 2.5 Timescales Subject access requests must be dealt with and sent to the requester within 40 calendar days. Day one is upon receipt of the request, or on provision of sufficient information to identify the person making the request and to locate the information requested, should clarification be requested. 2.6 Processing requests Date effective from: 1 st September 2014 Page 8 of 23

Request the information from whoever holds it and check that you have all parts of the record. Once you have found the information requested, it must be checked to ensure that: In the case of health records, an appropriate clinician has reviewed the record to ensure that none of the content is likely to cause significant harm or distress to the subject or anybody else. Any information provided by, and the identities of, any third parties not acting in a professional capacity have been redacted, or consent for disclosure from the third parties has been obtained. Unintelligible terms are explained or an offer of facilitation is made. Records show the origin of the record. In the case of health records, where exemptions are to be applied the request will be passed on to the Health Records Manager and where required the Health Records Manager will liaise with the Caldicott Guardian or an appropriate deputising officer. Any course of action identified as a result of the subject access request must be followed through. 2.7 Sending information The information relating to the subject access request will normally be delivered by mail, using the recorded delivery service. Increasingly, scanning and emailing documents to requestors is becoming an option. This must only be done if the requestor asks or agrees, and if we are confident the information can be sent securely in accordance with the Trust s Confidentiality Code of Conduct (IG-0003) If the subject would prefer to collect the information in person, then proof of identity and a signature is required. Alternatively the records may be viewed on site by the requester, facilitated by an appropriate member of staff. 3 DUTIES AND RESPONSIBILITIES The duties within the organisation are as follows: Staff group All staff Medical and clinical staff Duties All staff have a duty to identify incoming subject access requests, route them to an appropriate subject access practitioner within the Trust and co-operate with the assembly and disclosure of information required to assist the subject access practitioner to comply with the request within the statutory timescale. Under the Data Protection (Subject Access Modification) (Health) Order 2000, it is a duty of medical / clinical staff assisting with the compilation of Date effective from: 1 st September 2014 Page 9 of 23

information for a subject access request to ensure that no information is disclosed which may cause serious physical or mental harm or distress to the subject or any third party. Consideration of the above under the Data Protection (Subjects Access Modification) (Health) Order 2000 should be carried out by an appropriate health professional, i.e: a. The health professional who is currently or was most recently responsible for the care of the subject, or b. Where care is shared by a team, the health professional who is the most suitable to advise on the matters to which the information relates, or c. Where neither of the above are available, a health professional who has the necessary experience and qualifications to advise on the matters to which the information relates. Point c. is relevant when the appropriate professional for point a. or b. has left the organisation. Medical Records Team Health Records Manager / Information and Knowledge Manager Caldicott Guardian The Medical Records Team is based across the four records libraries at the Trust. Staff in the records libraries will receive subject access requests either directly from subjects or re-routed by internal recipients and ensure that requests are complied with within the appropriate timescales. They will liaise with and assist the clinical and other teams in dealing with subject access requests. Have a duty to oversee subject access provisions and act as the first line of expertise relating to subject access requests, assisting with any difficulties in processing requests. These staff form part of the Trust s wider Information Governance Framework, and will be expected to maintain an appropriate level of knowledge of legislation and best practice with regard to subject access. The Caldicott Guardian serves the Trust as the final arbiter of disclosure decisions relating to service users and will provide expertise and input where required on subject access cases if such escalation is appropriate. Date effective from: 1 st September 2014 Page 10 of 23

4 TRAINING Subject access requests are an aspect of the annual information governance training that all Trust staff are required to complete annually. Staff are referred to the training needs analysis in the Compulsory Training Procedure (HR- 0015). 5 GLOSSARY OF DEFINITIONS The following definitions are of relevance to this document: Definition Meaning Data Protection An Act of Parliament that sets out the legal framework Act 1998 for the collection, storage, use, confidentiality and disposal of personal and sensitive personal information. Subject Subject Access 6 APPENDICES The person the information is about The right of a living individual to access information held about them. The term may also be used when a third party (such as a solicitor or person with power of attorney) makes a request on behalf of the subject. Date effective from: 1 st September 2014 Page 11 of 23

Appendix A Subject Access Request Form Health Records APPLICATION FOR ACCESS TO HEALTH RECORDS As a patient, or patient s bona-fide representative, you have the right to access the personal information that Leeds and York Partnership NHS Foundation Trust holds about you or the patient you represent. To exercise this right you should complete this application form and return it to either of the following addresses: Medical Records Manager Medical Records Department Newsam Centre Seacroft Hospital York Road Leeds LS14 6WB Medical Records Supervisor Medical Records Department Bootham Park Hospital Bootham York YO30 7BY Although use of this form is not compulsory, its use will help you to present all the information we need to deal with your request efficiently. If you prefer to contact us or send the form by email, you can do this by using either of the following email addresses: MedicalRecordsNewsam.Lypft@nhs.net MedicalRecordsBoothamPark.Lypft@nhs.net Please note, however, that internet email is not necessarily a secure means of communication and if you choose to contact us this way you will be accepting that risk. Once we have received your application we will endeavour to process it as soon as possible and are legally obliged to do so within 40 days. We will contact you if anything delays this process. Please print clearly Patient s surname: DETAILS OF RECORD(S) TO BE ACCESSED Forename(s): Address: Telephone number: Date of birth: NHS number (if known): Hospital unit number: If the name and / or address was different from the above during the period(s) to which the application relates, please give details: Date effective from: 1 st September 2014 Page 12 of 23

Any previous names: Previous address (if applicable): Patient s hospital or clinic contacts: Please provide as much information as possible about the records you are interested in. The more detail you can provide, and the more specific you are about the records required, the quicker we will be able to provide those records. Hospital/clinic attended Dates Ward, community health team, etc Consultant/ health professional Additional information or comments. Please specify here if your interest is in non-care records e.g. personnel, complaints or other non-care files, and indicate who may hold them. DETAILS OF PERSON MAKING THE APPLICATION Surname: Forename(s): Declaration: I declare that the information given by me is correct to the best of my knowledge and that I am entitled to apply for access to the health record referred above under the terms of the Data Protection Act (1998) or Access to Health Records Act (1990) (please tick as appropriate): I am the patient I have been asked to act by the patient and attach the patient s written authorisation I have legal authority to act on the patient s behalf I am acting in loco parentis as the patient is under age 16 and is / is not (delete as appropriate) capable of understanding the request and has / has not (delete as appropriate) consented to my making this request I am the deceased patient s personal representative and attach confirmation of my appointment Date effective from: 1 st September 2014 Page 13 of 23

I have a claim arising from the patient s death and wish to access information relevant to it (please indicate the grounds on which this claim arises and include appropriate supporting documentation): Signed Date PROOF OF ID Proof of identity is required as set out below. Please tick the appropriate boxes. For the member of staff confirming the identity of the data subject: I am a member of staff who confirms the service user is known to me, and I validate their identity for the purpose of Subject Access. For the data subject, i.e. the person whose records are being sought: Preferably, a copy of either a driving licence (photo-card) or passport (copy of photo page) If neither of the above is available, please submit two forms of nonphotographic ID, e.g. copies of recent utility bills (dated within the last 3 months), pension book or other official documentation If you are the patient s representative, please also provide: A copy of the data subject s express permission to act on their behalf or a copy of your legal authority to do so, or If you are a person with parental responsibility applying on behalf of a child, please provide a copy of the birth certificate and a copy of recent (within the last 3 months) correspondence addressed to you relating to the patient. Contact details of staff confirming identity OR please list the documents supplied: NB: Please send photocopies of identification not originals. Leeds and York Partnership NHS Foundation Trust cannot be held responsible for any items lost in the post. Date effective from: 1 st September 2014 Page 14 of 23

FAQ Will the entire contents of the health record be released to me? In general, all the personal records you request will be released to you, although there may be circumstances where some information is withheld. These include where it is considered that information in the records, if released, could cause serious harm to you or anyone else and where there is personal information concerning another person contained within the records requested, other than those acting in a professional capacity regarding your care. How will the information be provided? We usually make copies of the records and send them to you (or you can collect them if you prefer). Alternatively, you may wish simply to view the records, in which case we will arrange with you a suitable time and location for you to come along and do that. It may also be possible to email the records to you if this is something you would specifically prefer, however you must accept the risks of unsecured email transmission. Will I be charged for access to the records? Regulations in the Data Protection Act (1998) allow for charges to be made (up to a maximum of 50). The Trust generally does not charge for processing subject access requests from patients, but reserves the right to do so. If there is to be a charge we will always inform you in advance and require payment before processing the request. What if I am not satisfied with the Trust s response? In the first instance you should write to the Trust s complaints department at: Complaints and Claims Manager Leeds and York NHS Partnership Foundation Trust 2150 Century Way Thorpe Park Leeds LS15 8ZB If you remain dissatisfied with the Trust's response you can contact the Office of the Information Commissioner, the body with responsibility for enforcing the Data Protection Act (1998). The address is: Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Or you may wish to access the website at www.ico.gov.uk WARNING Making false or misleading statements in order to obtain access to personal information to which you are not entitled is a criminal offence. A teaching organisation providing mental health and learning disability services Date effective from: 1 st September 2014 Page 15 of 23

PART B Date effective from: 1 st September 2014 Page 16 of 23

7 PURPOSE OF DOCUMENT 7.1 Policy Statement This is a procedural document setting out the Trust s approach to the subject access request provisions of the Data Protection Act (1998). 7.2 Purpose of Document To provide a procedural framework to staff on how to deal with subject access requests under the Data Protection Act (1998) in accordance with the Trust policies and the Information Governance Framework.. 8 IDENTIFICATION OF STAKEHOLDERS The table below should be used as a summary Stakeholder Service users Health professionals, administrative and medical records staff Information Governance Group Business & Finance Committee Level of involvement Feedback Consultation Approval Ratification 9 REFERENCES, EVIDENCE BASE Data Protection Act (1998) 10 ASSOCIATED DOCUMENTATION IG-0001 - Information Governance Policy IG-0003 - Confidentiality Code of Conduct Date effective from: 1 st September 2014 Page 17 of 23

11 EQUALITY IMPACT ASSESSMENT The general equality duty that is set out in the Equality Act 2010 requires public authorities, in the exercise of their functions, to have due regard to the need to: Eliminate unlawful discrimination, harassment and victimisation and other conduct prohibited by the Act. Advance equality of opportunity between people who share a protected characteristic and those who do not. Foster good relations between people who share a protected characteristic and those who do not. Please complete the template by following the instructions in each box. If you require any guidance on how to complete the template please contact the Diversity and Inclusion Team on 0113 2954413. Title: Data Protection Act (1998) Subject Access Request Procedure What are the intended outcomes of this work? To support the subject access process throughout the Trust and to ensure subject access requests are always processed within statutory timescales to the satisfaction of data subjects Who will be affected? Service users, along with clinical and administrative staff Evidence What evidence have you considered? Principally, prior experience with service users and the approaches taken by other NHS organisations. Disability This procedure is in place to support the right of access to the information the Trust holds about them available to all service users, staff and others. The exercise of that right requires making written contact with the Trust. This can present difficulties for people with some disabilities, but the law recognises this and provides that representatives can make or support these requests on their behalf. The Trust works closely with these representatives. The Trust also never insists on unnecessary journeys to collect notes and makes no charge for the service it provides to individual service users.. Sex No differential impact.. Race There may be difficulties for non-english speakers wishing to exercise their rights here. But the Trust will obtain interpretation services where it can, and will happily work with properly-appointed English-speaking representatives. Age No differential impact. Date effective from: 1 st September 2014 Page 18 of 23

Gender reassignment (including transgender) No differential impact. Sexual orientation No differential impact. Religion or belief Consider and detail (including the source of any evidence) on people with different religions, beliefs or no belief. Pregnancy and maternity No differential impact. Carers No differential impact. Other identified groups No differential impact. Engagement and involvement How have you engaged stakeholders in gathering evidence or testing the evidence available? Through a constant feedback and monitoring process over the years that the subject access request process has been in place. How have you engaged stakeholders in testing the policy or programme proposals? The update to this policy did not involve any specific stakeholder-engaged testing For each engagement activity, please state who was involved, how and when they were engaged, and the key outputs: N/a Summary of Analysis There is scope for the procedure to impact on some people with disabilities and non-english speakers, but the arrangements described above, based mainly on encouraging and working with suitable patient representatives, greatly mitigate that. Now consider and detail below how the proposals impact on elimination of discrimination, harassment and victimisation, advance the equality of opportunity and promote good relations between groups. Eliminate discrimination, harassment and victimisation N/a Advance equality of opportunity Na/ Promote good relations between groups N/a. Date effective from: 1 st September 2014 Page 19 of 23

What is the overall impact? After mitigation, minor. Addressing the impact on equalities N/a Action planning for improvement None For the record Name of person who carried out this assessment: Michael Batters Date assessment completed: 17 July 2014 Name of responsible Director/Director General: Director of Finance Date assessment was signed: Date effective from: 1 st September 2014 Page 20 of 23

12 PLAN FOR DISSEMINATION AND IMPLEMENTATION DETAILS OF DOCUMENT TO BE DISSEMINATED Title of Document Data Protection Act (1998) Subject Access Procedure Date Ratified 14 th August 2014 Dissemination lead name Carl Starbuck Contact details 0113 855 9771 Carl.Starbuck@nhs.net DETAILS OF DISSEMINATION Date put on Staffnet 27 th August 2014 Who is the document to be disseminated to All Staff Disseminated to (either directly or via meetings, etc) Format (electronic/ paper) Date disseminated No of copies sent Contact details/comments Via Staffnet Electronic 1 st September 2014 1 0113 855 9771 Carl.Starbuck@nhs.net Date effective from: 1 st September 2014 Page 21 of 23

13 Standards/key performance indicators The key performance indicator is the 40-day statutory deadline for the Trust to process subject access requests under the Data Protection Act (1998). The Information Governance Group reviews performance in more detail than that, and where requests are urgent expects them to be dealt with more quickly. The Information and Knowledge Manager will report any complaints relating to the performance, quality, completeness or other issues to the IG Group for consideration. Complaints may be received from data subjects, the Information Commissioner s Office or other regulatory bodies. Date effective from: 1 st September 2014 Page 22 of 23

14 MONITORING COMPLIANCE WITH, AND THE EFFECTIVENESS OF THE PROCEDURE Topic 40-day statutory limit Urgent request performance SAR-related complaints (subject or ICO driven) Monitoring/ Audit Monitoring Monitoring Monitoring Lead Manager Data Source Sample Data Collection Method Information & Knowledge Manager Information & Knowledge Manager Information & Knowledge Manager Health Records Managers report to IG Group Health Records Managers report to IG Group Information & Knowledge Manager report to IG Group All requests, 100% sample All urgent requests, 100% sample All complaints, 100% sample Frequency Of Activity Review Body Report to IGG Monthly IG Group Report to IGG Monthly IG Group Report to IGG Monthly IG Group Date effective from: 1 st September 2014 Page 23 of 23

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback