Common use of Service Planning Clause in Contracts

Service Planning. Further details of each of these non-GP data sources are provided in the attached Annex D.4 Sharing Dataset Definitions. Availability of these categories of data through Surrey Care Record is to be phased in during the period of this sharing specification and not all of the data categories identified above are expected to be available through Connected Care immediately. By design, the shared data excludes particularly sensitive records. The clinical terms and Read Codes that are used to identify these sensitive data records are presented in the attached Annex D.5 Excluded Read Codes. Summary of the Initial Data Protection Impact Assessment The project has been carefully designed to place the interests of patients uppermost. Concepts of informed consent and compliance with the Caldicott and Data Protection Principles have been incorporated into the software design. The design and data protection and security risks and the associated security measures and safeguards have been subjected to a detailed and rigorous impact assessment by representatives from each of the participating partner organisation. The Surrey Heartlands Chief Clinical Information Officer has confirmed that they are satisfied that all appropriate technical and physical measures against unauthorised or unlawful access, accidental loss or destruction of care data are in place. A Surrey Heartland Data Governance Group and a Privacy Officer function for the Surrey Care Record has been established to ensure that the identified risks are mitigated to the level that is considered to be acceptable level without disproportionate effort. The Confidentiality & Data Protection policy of the Surrey Care Record explains how the rights of data subjects will be met and confirms audit arrangements for the system.

Service Planning. Further details of each of these non-GP data sources are provided in the attached Annex D.4 Sharing Dataset Definitions. Availability of these categories of data through Surrey Care Record is to be phased in during the period of this sharing specification and not all of the data categories identified above are expected to be available through Connected the Surrey Care Record immediately. By design, the shared data excludes particularly sensitive records. The clinical terms and Read Codes that are used to identify these sensitive data records are presented in the attached Annex D.5 Excluded Read Codes. Summary of the Initial Data Protection Impact Assessment The project has been carefully designed to place the interests of patients uppermost. Concepts of informed consent and compliance with the Caldicott and Data Protection Principles have been incorporated into the software design. The design and data protection and security risks and the associated security measures and safeguards have been subjected to a detailed and rigorous impact assessment by representatives from each of the participating partner organisation. The Surrey Heartlands Chief Clinical Information Officer has confirmed that they are satisfied that all appropriate technical and physical measures against unauthorised or unlawful access, accidental loss or destruction of care data are in place. A Surrey Heartland Data Governance Group and a Privacy Officer function for the Surrey Care Record has been established to ensure that the identified risks are mitigated to the level that is considered to be acceptable level without disproportionate effort. The Confidentiality & Data Protection policy of the Surrey Care Record explains how the rights of data subjects will be met and confirms audit arrangements for the system.

Service Planning. Further details of each of these non-GP data sources are provided in the attached Annex D.4 K.4 Sharing Dataset Definitions. Availability of these categories of data through Surrey Care Record is to be phased in during the period of this sharing specification and not all of the data categories identified above are expected to be available through Connected Surrey Care Record immediately. By design, the shared data excludes particularly sensitive records. The clinical terms and Read Codes that are used to identify these sensitive data records are presented in the attached Annex D.5 K.5 Excluded Read Codes. Summary of the Initial Data Protection Impact Assessment The project has been carefully designed to place the interests of patients uppermost. Concepts of informed consent and compliance with the Caldicott and Data Protection Principles have been incorporated into the software design. The design and data protection and security risks and the associated security measures and safeguards have been subjected to a detailed and rigorous impact assessment by representatives from each of the participating partner organisation. The Surrey Heartlands Chief Clinical Information Officer has confirmed that they are satisfied that all appropriate technical and physical measures against unauthorised or unlawful access, accidental loss or destruction of care data are in place. A Surrey Heartland Data Governance Group and a Privacy Officer function for the Surrey Care Record has been will be established to ensure that the identified risks are mitigated to the level that is considered to be acceptable level without disproportionate effort. The Confidentiality & Data Protection policy of the Surrey Care Record explains how the rights of data subjects will be met and confirms audit arrangements for the system.