Privacy Policy
Equita Community Living – Cromwell House recognises the need for an appropriate balance between openness and confidentiality in the management and use of information. Equita Community Living – Cromwell House fully supports the principles of corporate governance, and equally places importance on the confidentiality of, and the security arrangements to safeguard, both personal information about its People and staff and commercially sensitive information.
Equita Community Living – Cromwell House also recognises the need to share information with other health organisations and other organisations and agencies in a controlled manner consistent with the interests of the Person or worker and, in some circumstances, the public interest. Equita Community Living – Cromwell House believes that accurate, timely and relevant information is essential to deliver the highest quality health care. As such it is the responsibility of all staff to ensure and promote the quality of information and to ensure records are always completed in a timely and appropriate manner.
1. Purpose
This policy and agreement sets out the approach to be taken within Equita Community Living – Cromwell House to ensure legal and regulatory compliance for the management and security of information when it is either shared, or accessed by people involved in the Organisation but not directly employed by Equita Community Living – Cromwell House.
This policy covers the sharing of person-identifiable confidential data, with the individual’s express consent or if it is covered by a legal or statutory requirement for the following purposes:
​
-
Provision of appropriate care services.
-
Improving the health of the population.
-
Prevention or detection of crime.
-
National Security.
-
Investigating serious incidents or inter agency complaints.
-
Protecting people.
-
Supporting legal requirements.
-
Monitoring and protecting public health.
This list is not exhaustive, in the event of changes of policy or legislation this data sharing agreement may be used to cover other instances of data sharing. This policy and appended agreements do not give license for all data sharing. There has to be a legitimate reason for processing as per European General Data Protection Regulation (EU GDPR) (see Appendix 1). We will use these bases to apply a legitimate reason for sharing.
2. Scope
​
The principles cover all aspects of sharing information with organisations who are working with or on behalf of Equita Community Living – Cromwell House. The information may include information related to its People, staff and organisational information. The policy covers all aspects of sharing information, including access to electronic and paper records on Equita Community Living – Cromwell House sites and sending or receiving electronic or paper records either to or from Equita Community Living – Cromwell House.
As well as identifying the legal basis for sharing this policy will help us to identify exactly what information is to be shared and why. This policy will:
​
-
Inform – about the reasons why data may need to be shared and how this sharing will be managed and controlled by the organisations or workers concerned.
-
Identifies - anyone who is party to the protocol.
-
Purposes – provides a defined set of purposes for why the information is shared.
-
Process – provides the process for how the sharing will take place and how and when it will be audited.
3. Duties and Responsibilities
​
It is the role of the Senior Management Team (SMT) to define Equita Community Living – Cromwell House’s policy in respect of Information Sharing, taking into account legal and organisational requirements. The SMT is also responsible for ensuring that sufficient resources are provided to support the requirements of this policy.
Equita Community Living – Cromwell House’s SMT is responsible for overseeing requests to share data. They must make sure the sharing is appropriate and has been risk assessed.
All workers, whether permanent, temporary or contracted, and contractors are responsible for ensuring that they are aware of the requirements incumbent upon them and for ensuring that they comply with these on a day to day basis.
4. Key Roles
SIRO (Senior Information Risk Owner) – Operations Director
The SIRO has overall responsibility for maintaining this policy and the data sharing agreements; the SIRO will provide guidance on the implementation of both documents.
​
Line Managers/Senior Managers
All Line Managers have responsibility to ensure that staff are compliant with and working to all relevant policies and procedures in relation to Information Governance. They also have responsibility for ensuring all Data Sharing that happens within their unit or department takes place appropriately
​
All workers and contractors, and anyone providing a service on behalf of Equita Community Living – Cromwell House
All workers and contractors of Equita Community Living – Cromwell House, whether permanent, temporary or contracted, have responsibilities for Information Governance on a day-to-day basis, particularly if they are the person who is completing the data sharing, whether they work in a clinical or non-clinical environment. Contractors are responsible for ensuring that they are aware of the requirements incumbent upon them and for ensuring that they comply with these. Any incident involving a breach or suspected breach of the European General Data Protection Regulation shall be reported to the unit manager immediately.
​
Data Protection Officer will:
​
-
Review and update the Data Sharing Policy in line with local and national requirements. Review and audit all procedures relating to this policy where appropriate on an ad-hoc basis.
-
Ensure that Line Managers are aware of the requirements of the policy.
-
Raise awareness of best practice in information sharing and associated Standards and legislations.
​
Cyber Security Officer
​
-
Lead in the development and enforcement of information security policies with regard to sharing data.
-
Maintain Equita Community Living – Cromwell House’s security procedures.
-
Maintain appropriate security measures and mechanisms to guard against unauthorised access.
-
Ensure compliance with Data Sharing agreements through adequate and periodic audits.
5. Data Quality
​
Shared data needs to be of a sufficient quality for the intended purpose; this is an essential requirement of all data users and will assist in providing effective service delivery. There are many characteristics of good quality data they are:
​
-
Timeliness – Data should be input as close as possible to the event.
-
Accuracy – Data should be an accurate reflection of the circumstances. If the information is an opinion and not a fact, then should be noted as such.
-
Validity – Data should clearly represent the intended result and should be used in accordance with any rules or definitions
-
Reliability – Data should represent consistent data collection processes and be fit for purpose.
-
Relevance – Data collected should comprise of items that are relevant for the purposes it is being captured.
-
Completeness – All relevant and requested data should be completed missing and incomplete data is not acceptable.
6. Implementation and Review
7.1 Agreeing the data sharing
The policy provides a consistent approach to data sharing. Appendix 2 provides the agreement format.
​
7.2 Monitoring and Review
Formal review of the policy should take place annually, prior to the review date any party involved should provide a list of items for discussion. The number and job role of people needed at the review will depend on the items that need to be discussed.
​
​
​
​