Common use of Service Planning Clause in Contracts

Service Planning. Further details of each of these non-GP data sources are provided in the attached Annex D.4 Sharing Dataset Definitions. Availability of these categories of data through Surrey Care Record / TVS systems is to be phased in during the period of this sharing specification and not all of the data categories identified above are expected to be available through Surrey Care Record or Thames Valley & Surrey care record or analytics immediately but will be available for future reporting requirements. By design, the shared data excludes particularly sensitive records. The clinical terms and Read Codes that are used to identify these sensitive data records are presented in the attached Annex D.5 Excluded Read Codes. Summary of the Initial Data Protection Impact Assessment The project has been carefully designed to place the interests of patients uppermost. Concepts of informed consent and compliance with the Caldicott and Data Protection Principles have been incorporated into the software design. The design, data protection and security risks, and the associated security measures and safeguards have been subjected to a detailed and rigorous impact assessment by representatives from each of the participating partner organisation via the DPIA approvals process done through the Surrey Heartland Data Governance Group and TVS Federated Controller Group. The Surrey Heartlands Chief Clinical Information Officer has confirmed that they are satisfied that all appropriate technical and physical measures against unauthorised or unlawful access, accidental loss or destruction of care data are in place. Frimley Chief Clinical Information Officer has undertaken the same assurance review in their role as Lead Data Controller for TVS systems and has confirmed that they are satisfied that all appropriate technical and physical measures against unauthorised or unlawful access, accidental loss or destruction of care data are in place. A Surrey Heartland Data Governance Group and a Privacy Officer function for the Surrey Care Record has been established to ensure that the identified risks are mitigated to the level that is considered to be acceptable level without disproportionate effort. For TVS the TVS Federated Controller Group and Privacy Officer function has been set up to apply the same controls for TVS level processing of data. The Confidentiality & Data Protection policy of the Surrey Care Record and equivalent polices for TVS Shared Care Record explains how the rights of data subjects will be met and confirms audit arrangements for the system. The Surrey Heartlands Data Governance Group reviewed and approved the Thames Valley and Surrey (TVS) Care Records Programme – TVS DPIA no.4 - Analytics at 16th April DGG meeting.

Service Planning. Further details of each of these non-GP data sources are provided in the attached Annex D.4 Sharing Dataset Definitions. Availability of these categories of data through Surrey Care Record / and TVS systems Care Record is to be phased in during the period of this sharing specification and not all of the data categories identified above are expected to be available through Surrey Care Record or Thames Valley & Surrey care record or analytics immediately but will be available for future reporting requirementsand TVS Care Record immediately. By design, the shared data excludes particularly sensitive records. The clinical terms and Read Codes that are used to identify these sensitive data records are presented in the attached Annex D.5 Excluded Read Codes. Summary of the Initial Data Protection Impact Assessment The project has been carefully designed to place the interests of patients uppermost. Concepts of informed consent and compliance with the Caldicott and Data Protection Principles have been incorporated into the software design. The design, data protection and security risks, and the associated security measures and safeguards have been subjected to a detailed and rigorous impact assessment by representatives from each of the participating partner organisation via the DPIA approvals process done through the Surrey Heartland Data Governance Group and TVS Federated Controller GroupDGG. The Surrey Heartlands Chief Clinical Information Officer has confirmed that they are satisfied that all appropriate technical and physical measures against unauthorised or unlawful access, accidental loss or destruction of care data are in place. Frimley Health’s Chief Clinical Information Officer has undertaken taken the same assurance review in their role as Lead Data Controller for TVS systems process and has confirmed that they are satisfied that all appropriate technical and physical measures against unauthorised or unlawful access, accidental loss or destruction of care data are in place. A Surrey Heartland Data Governance Group and a Privacy Officer function for the Surrey Care Record has been established to ensure that the identified risks are mitigated to the level that is considered to be acceptable level without disproportionate effort. For TVS the TVS Federated Controller Group and Privacy Officer function has been set up to apply the same controls for TVS level processing of data. The Confidentiality & Data Protection policy of the Surrey Care Record and equivalent polices for the TVS Shared Care Record explains how the rights of data subjects will be met and confirms audit arrangements for the system. The Surrey Heartlands Data Governance Group has reviewed and approved the Thames Valley and Surrey (TVS) Care Records Programme – Live use for provision of care, TVS DPIA no.4 - Analytics no.3 at 16th April DGG its March 2021 meeting.

Service Planning. Further details of each of these non-GP data sources are provided in the attached Annex D.4 Sharing Dataset Definitions. Availability of these categories of data through Surrey Care Record / and TVS systems Care Record is to be phased in during the period of this sharing specification and not all of the data categories identified above are expected to be available through Surrey Care Record or Thames Valley & Surrey care record or analytics immediately but will be available for future reporting requirementsand TVS Care Record immediately. By design, the shared data excludes particularly sensitive records. The clinical terms and Read Codes that are used to identify these sensitive data records are presented in the attached Annex D.5 Excluded Read Codes. Summary of the Initial Data Protection Impact Assessment The project has been carefully designed to place the interests of patients uppermost. Concepts of informed consent and compliance with the Caldicott and Data Protection Principles have been incorporated into the software design. The design, data protection and security risks, and the associated security measures and safeguards have been subjected to a detailed and rigorous impact assessment by representatives from each of the participating partner organisation via the DPIA approvals process done through the Surrey Heartland Data Governance Group and TVS Federated Controller GroupDGG. The Surrey Heartlands Chief Clinical Information Officer has confirmed that they are satisfied that all appropriate technical and physical measures against unauthorised or unlawful access, accidental loss or destruction of care data are in place. Frimley Health’s Chief Clinical Information Officer has undertaken the same assurance review in their role as Lead Data Controller for TVS systems process and has confirmed that they are satisfied that all appropriate technical and physical measures against unauthorised or unlawful access, accidental loss or destruction of care data are in place. A Surrey Heartland Data Governance Group and a Privacy Officer function for the Surrey Care Record has been established to ensure that the identified risks are mitigated to the level that is considered to be acceptable level without disproportionate effort. For TVS the TVS Federated Controller Group and Privacy Officer function has been set up to apply the same controls for TVS level processing of data. The Confidentiality & Data Protection policy of the Surrey Care Record and equivalent polices for the TVS Shared Care Record explains how the rights of data subjects will be met and confirms audit arrangements for the system. The Surrey Heartlands Data Governance Group has reviewed and approved the Thames Valley and Surrey (TVS) Care Records Programme – Live use for provision of care, TVS DPIA no.4 - Analytics no.3 at 16th April DGG its March 2021 meeting.

Service Planning. Further details of each of these non-GP data sources are provided in the attached Annex D.4 Sharing Dataset Definitions. Availability of these categories of data through Surrey Care Record / TVS systems is to be phased in during the period of this sharing specification and not all of the data categories identified above are expected to be available through Surrey Care Record or Thames Valley & Surrey care record or analytics immediately but will be available for future reporting requirements. By design, the shared data excludes particularly sensitive records. The clinical terms and Read Codes that are used to identify these sensitive data records are presented in the attached Annex D.5 Excluded Read Codes. Summary of the Initial Data Protection Impact Assessment The project has been carefully designed to place the interests of patients uppermost. Concepts of informed consent and compliance with the Caldicott and Data Protection Principles have been incorporated into the software design. The design, data protection and security risks, and the associated security measures and safeguards have been subjected to a detailed and rigorous impact assessment by representatives from each of the participating partner organisation via the DPIA approvals process done through the Surrey Heartland Data Governance Group and TVS Federated Controller Group. The Surrey Heartlands Chief Clinical Information Officer has confirmed that they are satisfied that all appropriate technical and physical measures against unauthorised or unlawful access, accidental loss or destruction of care data are in place. Frimley Chief Clinical Information Officer has undertaken the same assurance review in their role as Lead Data Controller for TVS systems and has confirmed that they are satisfied that all appropriate technical and physical measures against unauthorised or unlawful access, accidental loss or destruction of care data are in place. A Surrey Heartland Data Governance Group and a Privacy Officer function for the Surrey Care Record has been established to ensure that the identified risks are mitigated to the level that is considered to be acceptable level without disproportionate effort. For TVS the TVS Federated Controller Group and Privacy Officer function has been set up to apply the same controls for TVS level processing of data. The Confidentiality & Data Protection policy of the Surrey Care Record and equivalent polices for TVS Shared Care Record explains how the rights of data subjects will be met and confirms audit arrangements for the system. The Surrey Heartlands Data Governance Group reviewed and approved the Thames Valley and Surrey (TVS) Care Records Programme – TVS DPIA no.4 - Analytics at 16th April DGG meeting.