Summary of Consultations. As the uses of the identifiable data covered by this sharing requirement are restricted to the provision of care, no explicit and direct consultation has been carried with the public in respect of this sharing requirement. However, patient groups were established previously for the specific purpose of commenting on the sharing planned and on the information governance put in place to protect the confidentiality of the data. These groups include CCG and Healthwatch patient representatives with other self-selecting volunteers to form groups that have current awareness with health and social care issues. Risks – identified and assessed (prior to mitigation and controls) A full risk and issues log is maintained for the system. The list below comes from that but is a high level summary in digestible form and only includes risks related to the approved use cases for the system. Risk description Likelihood Consequence / Impact Risk Rating/ Score After mitigation actions implemented CC Risk No. 1 Breach of confidentiality – unlawful access to record (by staff) Unlikely Minor Low CC Risk No. 1 Breach of confidentiality – unlawful access by external party Unlikely Minor Low CC Risk No. 8 Loss of data (temporary or permanent), due to technical / security failure Unlikely Major Low CC Risk No. 3 Alteration of data due to system process failure or technical security failure Unlikely Minor Low CC Risk No. 20 Poor quality data impacting on quality of care delivery Possible Minor Low CC Risk No. 7 Unlawful processing or sharing of data Unlikely Major Low CC Risk No. 29 Excessive processing of data Possible Moderate Low CC Risk No. 28 Individuals are inadequately informed and compromised in exercising their rights Possible Moderate Low CC Risk No. 19 Processes to respond to individual rights requests are insufficient (i.e. Subject Access) Possible Minor Low Likelihood Ratings – Rare (1), Unlikely (2), Possible (3), Likely (4), Almost Certain (5) Consequence/ Impact – Insignificant (1), Minor (2), Moderate (3), Major (4), Catastrophic (5) Risk Rating – Green = Low, Amber, Medium - Moderate, Red – High, Purple – Extremely High Measures to reduce risks Risk description Measures to reduce, or remove risk Effect on risk Residual risk Measure approved? Y/N 1 Breach of confidentiality – unlawful access to record (by staff) • Single Sign on – launch from patient record in operational system – reduced ability to ‘browse’ records. • Training for all staff • Employment contracts • Pr...

Summary of Consultations. As the uses of the identifiable data covered by this sharing requirement are restricted to the provision of care, no explicit and direct consultation has been carried with the public in respect of this sharing requirement. Agreement Implementation Status On behalf of the Sharing Organisation I confirm that the information sharing arrangements described in this schedule are agreed and the information described in this schedule is to be made available to the User Organisations and individuals identified in this schedule starting on the Sharing Requirement Start Date and ending on the Sharing Requirement End Date. Agreed by as Senior Information Risk Owner for and on behalf of Surrey County Council Annex D.1 – Sharing Service Profiles The data access capabilities of each of the Surrey Care Record role profiles is presented in the table below User Group: Clinical Practitioner Health Professional Social Worker Admin/Clinical Support Clerical Demographics/ Allergies Demographics • • • • • Allergies • • • • • GP Medications Repeat Medications • • • • Medications Issued • • • • GP Problems Active Problems • • • Past Problems • • • Additional Problems • • • GP Results Results • • GP Lifestyle Alcohol • • • • • Smoking • • • • • Exercise/Diet • • • • • GP Vitals Height/weight • • • • • Blood Pressure • • • • • Physiological Function • • • • • GP Additional Information GP Encounters • • • • Vaccs & Imms • • Contraindications • • • OTC & Prophylactic Therapy • • • • GP Family History • • • • Child Health • • Diabetes Diagnosis • • Chronic Disease Monitoring • • Medication Administration • • • • Pregnancy, Birth & Post Natal • • Contraception & HRT • • Hospital Activity Summary Outpatient Activity • • • • • Inpatient Actvity • • • • • Emergency Activity • • • • • Dianoses and Procedures • • Social Care Summary Summary Case Details • • • • Case Worker • • • • Carer Details • • • • Disabilities • • • • Risks • • • • Community & Mental Health Summary Next of Kin/Personal Contacts • • • Inpatient Activity • • • Outpatient Activity • • • Referrals • • • • Inpatient Activity • • • Outpatient Activity • • • Personal Contacts • • • • • Diagnoses • • • Care Programme Approach (CPA) • • • Mental Health Act (MHA) • • Risk Summary • • • Care Plans • • • Annex D.2 – Opt-in/opt-out and Consent Model The key opt-in/opt-out and consent model policies for the Surrey Care Record are:

See All (8)

Summary of Consultations. As the uses of the identifiable data covered by this sharing requirement are restricted to the provision of care, and no material changes have been made to Clinisys ICE, no explicit and direct consultation has been carried with the public in respect of this sharing requirement. Agreement Implementation Status On behalf of the Sharing Organisation I confirm that the information sharing arrangements described in this schedule are agreed and the information described in this schedule is to be made available to the User Organisations and individuals identified in this schedule starting on the Sharing Requirement Start Date and ending on the Sharing Requirement End Date. Agreed by {{!guardian_es_:font(name=calibri,size=10) }} as Caldicott Guardian / Designated Officer / Data Protection Officer, for and on behalf of {{!org_es_:font(name=calibri,size=10) }} {{!addr_es_:font(name=calibri,size=10) }}. End of Schedule K Schedule L – PC200013/DPIA0036 – BSPS Diagnostic Requests and Results This schedule to the Regional Health and Social Care Information Sharing Agreement provides key questions covering six risk categories which when answered objectively offer an initial assessment of the additional risks to privacy posed by the proposed sharing of information. Where a question gives rise to an affirmative answer, it does not automatically follow that a full scale Data Protection Impact Assessment is required. Each affirmative answer needs to be assessed for materiality (probability and impact) and for ways in which the potential risks can be avoided or materially mitigated with a revised solution or additional measures. Where a substantial number of questions give rise to an affirmative answer this is a good indicator that a full scale Data Protection Impact Assessment is required and project plans should include the costs and timescales of this activity and any associated consultation that may be needed. Wherever practical the rationale for an answer should be included with the answer concerned. Questions relating to “identity risk” (questions 2 to 8) are of heightened importance in the context of data that has not been anonymised or pseudonymised. These questions have been revised to include the current guidance provided by the Information Commissioner’s Office at the time of writing. Other aspects are based on guidance from the Information Governance Alliance. Technology Risk

See All (6)

Summary of Consultations. As the uses of the identifiable data covered by this sharing requirement are restricted to the secondary use of data for Population Health Management purposes by organisations that have a lawful basis to undertake this, no direct consultation with the public has taken place. Direct consultation has been carried with the public in respect of this sharing requirement via the TVS Ethics Group. Agreement Implementation Status On behalf of the Sharing Organisation I confirm that the information sharing arrangements described in this schedule are agreed and the information described in this schedule is to be made available to the User Organisations and individuals identified in this schedule starting on the Sharing Requirement Start Date and ending on the Sharing Requirement End Date. Agreed by as Caldicott Guardian / Designated Officer for and on behalf of Central Surrey Health Limited Annex D.1 – Sharing Service Profiles The data access capabilities of each of the Surrey Care Record role profiles is presented in the table below:

See All (6)

See All (5)

Summary of Consultations. The integrated commissioning teams are being formed following consultation with a range of stakeholders, including health and social care provider organisations. Agreement Implementation Status On behalf of the Sharing Organisation I confirm that the information sharing arrangements described in this schedule are agreed and the information described in this schedule is to be made available to the User Organisations and individuals identified in this schedule starting on the Sharing Requirement Start Date and ending on the Sharing Requirement End Date. Agreed by as Caldicott Guardian for and on behalf of NHS Surrey Heartlands Clinical Commissioning Group Annex D.1 – Sharing Service Profiles The following roles profiles are to be used for both SCC and CCG when determining access under this Sharing Schedule: • Integrated Commissioning Team – Team Member: access to patient data and non-sensitive staff personal data only; • Integrated Commissioning Team – Line / Team Manager: access to patient data, non-sensitive staff personal data, and special category staff data for staff for which they have line management responsibility only; • Integrated Commissioning Team – Support Staff (e.g. Business Intelligence, Information Governance, Contracting, Finance, Human Resources, ICT etc.): access to data that is required to deliver their function only and which may include patient data, non-sensitive staff personal data, and special category staff data for staff. Annex D.2 – Opt-in/opt-out and Consent Model • Staff of the CCG / SCC can object to the processing of their data for purposes detailed by contacting the IG Team / Data Protection Officers of their employing organisation. • Patients / services users can object to having their data used for certain secondary purposes by contacting the Data Protection Officers of the SCC and CCG. • The National Opt-out does not apply to pseudonymised patient data for commissioning which is provided by NHS Digital via the Data Services for Commissioners Regional Office. • The National Opt-out will apply to pseudonymised data used for commissioning which is provided via the Thames Valley & Surrey Care Record Programme. • The right to object or opt-out applicable to anonymised data which is provided via the Thames Valley & Surrey Care Record Programme being used for commissioning. Annex D.3 – Sharing Dataset Definitions (CCG extract only) The table below provides detailed definitions for each of the categories of data that are shared u...

See All (4)

Summary of Consultations. Surrey and Borders NHS Foundation Trust has been field testing the GPimhs model in conjunction with Surrey Heartlands since March 2019. Prior to this a number of stakeholder workshops and clinical engagement events were facilitated, supported by the National Association of Primary Care. Since receiving the NHSE funding in the autumn of 2019, a range of events and meetings have been held with over 320 individuals across both Frimley and Surrey Heartlands ICS’ to socialise the Community Mental Health Transformation model and seek feedback on the GPimhs and MHICS models. Participants have included people who use services, representatives from service user and carer groups; VCSE organisations; County, District and Borough authorities including representation from adult social care, housing, DWP, Public Health and Learning Disability; Housing Associations; Community Policing; and clinical and non- clinical workforce from PCNs. A separate event was held with youth focused stakeholders in programme design for 18-25-year olds. Clinical Engagement Workshops have been held in some of the participating Wave 1 and 2 PCNs with 80+ Clinical and non- clinical staff from primary care in order to socialise and mobilise the service. PCN clinical meetings included representatives from place based mental health services (CMHRS; Single Point of Access; Recovery College; as well as Integrated Care Team representatives, Social Care and Housing representatives, IAPT and VCSE partners). Communications are routinely circulated through the CMHTP Strategic Programme Board and through both ICS Mental Health Transformation Boards where there is representation from a wide range of mental health stakeholders including citizen ambassadors and other patient led organisations. Agreement Implementation Status On behalf of the Sharing Organisation I confirm that the information sharing arrangements described in this schedule are agreed and the information described in this schedule is to be made available to the User Organisations and individuals identified in this schedule starting on the Sharing Requirement Start Date and ending on the Sharing Requirement End Date. Signature: Email: Agreed by as [Caldicott / SIRO] for and on behalf of Surrey and Borders Partnership NHS Foundation Trust 00 Xxxx Xxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxx XX00 0XX End of Schedule K Schedule L – GP Integrated Mental Health Service Surrey Heartlands Information Sharing Agreement Data Protection Impact Assessment Summary T...

See All (4)

Summary of Consultations. As the uses of the identifiable data covered by this sharing requirement are restricted to the secondary use of data for Population Health Management purposes by organisations that have a lawful basis to undertake this, no direct consultation with the public has taken place. Direct consultation has been carried with the public in respect of this sharing requirement via the TVS Ethics Group. Agreement Implementation Status On behalf of the Sharing Organisation I confirm that the information sharing arrangements described in this schedule are agreed and the information described in this schedule is to be made available to the User Organisations and individuals identified in this schedule starting on the Sharing Requirement Start Date and ending on the Sharing Requirement End Date. Agreed by as Caldicott Guardian / Designated Officer for and on behalf of Surrey County Council Annex D.1 – Sharing Service Profiles The RBAC model has general 'Personas' which are used to map to a users role. A user can have more than 1 persona as they may have the need to access patient identifiable data as well as high level aggregated data

Summary of Consultations Sample Clauses

Filter & Search

Related Clauses