Common use of Monitor and Review Clause in Contracts

Monitor and Review. The Memorandum of Understanding (Tier Zero) will be subject to regular formal review by representatives of the partners to this agreement through the HCP S2C Information Governance Strategy Review Group, following changes to law, ethics and policy in relation to the security and confidentiality of information or as a minimum on a bi-annual basis. These reviews will and must be documented within the group’s minutes. The use and effectiveness of the Tier One will be evaluated as follows: • Breaches of GDPR and/or DPA which further result in breaches of the agreement may be logged and reported by any partner organisation (Data Controller and/or Data Processor), including complaints as a result of information sharing. • Breaches of any supplementary individual local agreements (Tier Two) may be logged and reported by any partner organisation, including complaints as a result of information sharing. • Any general difficulties encountered in applying the Tier One may be logged and reported by any partner organisation. • Any such reported breaches/difficulties will form part of the evaluation process, e.g.: o Refusal to share information o Conditions being placed on disclosure o Delays in responding to requests o No legitimate reason for sharing o Poor quality data o Disregard for the Memorandum of Understanding (Tier Zero) o Use of shared information for ‘further’ purpose(s) incompatible with those agreed o Non-compliant security arrangements Complaints Responsible officers of the signatory organisations will be notified of any complaint arising from the disclosure of any information in accordance with the Memorandum of Understanding (Tier Zero). All partner organisations will assist each other as necessary in responding to any complaints. The organisation in receipt of the complaint shall use its Complaints Policy and procedure in investigating the complaint.

Monitor and Review. The Memorandum of Understanding (Tier Zero) will be subject to regular formal review by representatives of the partners to this agreement through the HCP S2C ICS Information Governance Strategy Review GroupCommittee, following changes to law, ethics and policy in relation to the security and confidentiality of information or as a minimum on a bi-annual basis. These reviews will and must be documented within the groupCommittee’s minutes. The use and effectiveness of the Tier One will be evaluated as follows: • Breaches of GDPR GDPR, common law’ duty of confidentiality, and/or DPA which further result in breaches of the agreement may be logged and reported by any partner organisation (Data Controller and/or Data Processor), including complaints as a result of information sharing. • Breaches of any supplementary individual local agreements (Tier Two) may be logged and reported by any partner organisation, including complaints as a result of information sharing. • Any general difficulties encountered in applying the Tier One may be logged and reported by any partner organisation. • Any such reported breaches/difficulties will form part of the evaluation process, e.g.: o Refusal to share information o Conditions being placed on disclosure o Delays in responding to requests o No legitimate reason for sharing o Poor quality data o Disregard for the Memorandum of Understanding (Tier Zero) o Use of shared information for ‘further’ purpose(s) incompatible with those agreed o Non-compliant security arrangements Complaints Responsible officers of the signatory organisations will be notified of any complaint arising from the disclosure of any information in accordance with the Memorandum of Understanding (Tier Zero). All partner organisations will assist each other as necessary in responding to any complaints. The organisation in receipt of the complaint shall use its Complaints Policy and procedure in investigating the complaint.

Monitor and Review. The Memorandum of Understanding (Tier Zero) will be subject to regular formal review by representatives of the partners to this agreement through the HCP S2C ICS Information Governance Strategy Review GroupCommittee, following changes to law, ethics and policy in relation to the security and confidentiality of information or as a minimum on a bi-annual basis. These reviews will and must be documented within the groupCommittee’s minutes. The use and effectiveness of the Tier One will be evaluated as follows: • Breaches of GDPR and/or DPA which further result in breaches of the agreement may be logged and reported by any partner organisation (Data Controller and/or Data Processor), including complaints as a result of information sharing. • Breaches of any supplementary individual local agreements (Tier Two) may be logged and reported by any partner organisation, including complaints as a result of information sharing. • Any general difficulties encountered in applying the Tier One may be logged and reported by any partner organisation. • Any such reported breaches/difficulties will form part of the evaluation process, e.g.: o Refusal to share information o Conditions being placed on disclosure o Delays in responding to requests o No legitimate reason for sharing o Poor quality data o Disregard for the Memorandum of Understanding (Tier Zero) o Use of shared information for ‘further’ purpose(s) incompatible with those agreed o Non-compliant security arrangements Complaints Responsible officers of the signatory organisations will be notified of any complaint arising from the disclosure of any information in accordance with the Memorandum of Understanding (Tier Zero). All partner organisations will assist each other as necessary in responding to any complaints. The organisation in receipt of the complaint shall use its Complaints Policy and procedure in investigating the complaint.