You have a right of access to information held about you. We will require proof of identity in order to avoid any breach of confidentiality and if someone makes the application other than the patient, we will need proof that he or she is entitled to make the application.
The Freedom of Information (FOI) Act gives the public a general right of access to the corporate, non-personal, information held by the Trust, subject to exemptions.
A Caldicott Guardian is a senior person within a health or social care organisation who makes sure that the personal information about those who use its services is used legally, ethically and appropriately, and that confidentiality is maintained. Caldicott Guardians provide leadership and informed guidance on complex matters involving confidentiality and information sharing.
The Trust’s Caldicott Guardian is Dr Jugnu Mahajan, Medical Director.
01704 704765 | firstname.lastname@example.org
Data Protection Officer
Health and social care organisations that are public authorities must appoint a Data Protection Officer (DPO).
The Trust must have procedures in place to make sure that the DPO is consulted on all data protection matters at an early stage (as part of privacy by design and default).
The Trust must ensure that the DPO role is independent, free from conflict of interest and reports directly to the highest management level of the organisation – there are specific roles that the DPO cannot perform in conjunction with this new role.
The DPO must have expert knowledge of data protection law and practices and the ability to acquire detailed understanding of the organisation’s business, the purposes for which it processes, or intends to process personal data. The DPO’s responsibilities include:
- Informing and advising organisations about complying with GDPR and other data protection laws
- Monitoring compliance with GDPR and data protection laws – including staff training and internal audits
- Advising on and monitoring data protection impact assessments.
- Cooperating with the ICO
- Being the first contact point for the ICO and citizens in terms of data processing
The Trust’s Data Protection Officer is Audley Charles, Company Secretary.
01704 704769 | email@example.com
Senior Information Risk Owner
The Senior Information Risk Owner (SIRO) should be an Executive Director or other senior member of the board (or equivalent senior management group/committee).
The SIRO may also be the Chief Information Officer (CIO) if the latter is on the board but should not be the Caldicott Guardian, as the SIRO should be part of the organisation's management hierarchy rather than being in an advisory role. The key responsibilities of the SIRO are to:
- Oversee the development of an Information Risk Policy, and a strategy for implementing the policy within the existing Information Governance framework
- Take ownership of the risk assessment process for information and cyber security risk, including review of an annual information risk
- Review and agree action in respect of identified information risks
- Ensure that the organisation’s approach to information risk is effective in terms of resource, commitment and execution and that this is communicated to all staff
- Provide a focal point for the resolution and / or discussion of information risk issues
- Ensure the board is adequately briefed on information risk issues
- Ensure that all care systems information assets have an assigned Information Asset Owner
The Trust’s Senior Information Risk Owner Steve Shanahan, Director of Finance.
01704 704771 | firstname.lastname@example.org