Add to collection(s) Add to saved
  1. Business
  2. Management

CALDICOTT COMPLIANCE IMPROVEMENT PLAN 2002/2003 Actions for Improvement

advertisement 
SALFORD COMMUNITY AND SOCIAL SERVICES
CALDICOTT COMPLIANCE IMPROVEMENT PLAN 2002/2003
Compliance
Objective
Appointment of a
Caldicott Guardian
Initial Audit
Outcome
To appoint Caldicott
Guardian
Assessed
Performance
Caldicott Guardian
appointed
2
Registration of
Caldicott Guardian.
To register Caldicott
Guardian
Caldicott Guardian
registered
3
Establishment of
Caldicott Steering
Group
To establish Caldicott
Steering Group
Caldicott Steering
Group Established
Caldicott Steering Group established to deliver work
programme and to report to the Management Board
(Cabinet) and in due course to the SSI
Report to the
Cabinet 16 July
2002
4
Training for Caldicott
Steering Group
members
To Provide training to
Caldicott Steering
Group members
Various Material made available to the Caldicott
Steering Group members; Caldicott Tool Kit session
mounted and available to Group members.
Review training
needs on an ongoing
basis.
5
Caldicott
documentation
available to all
Cabinet members.
To provide Caldicott
documentation to
Cabinet members
Initial training
provided in
resources available/
Caldicott Principles
Information
provided
in accordance with
the Caldicott
Workplan
Information to be
provided to Cabinet
at according to LAC
Workplan timetable;
Dec 2002, Feb 2003
intervals
6
Caldicott Guardian to
attend, where
appropriate, meetings
internal and external
to the Directorate.
To foster internal and
external contacts for
the promotion/ sharing
of Caldicott issues.
Cabinet informed of need to address Caldicott issues
in ‘Future Role and Direction of Community &
Social Services’ report in June 2001. Précis of text of
LAC (2002) 2 to Cabinet members with Stocktake
Report and Improvement Plan for Cabinet
Management Group 24 June 2002 and Cabinet
Meeting 16 July 2002
Internally: Via Caldicott Steering Group, and
working Groups within CSSD and other
Directorates, eg, Legal.
Externally: Caldicott Guardian for the Directorate
attends the Caldicott Committee meetings of the
Primary Care Trust and Mental Health Trust. Aims
to achieve robust links/channels with other
organisations governed by Caldicott.
1
98946464/bmulvihill
Initial contacts
established for the
purpose of
Caldicott Issues.
Actions for Improvement
Principal Officer (Management Information and
Performance) is the Caldicott Guardian for the
Directorate; approved by Cabinet within ‘Future
Role and Direction of Community & Social
Services’ report in June 2001.
Nominated Caldicott Guardian for the Directorate
notified to the Department of Health in August 2001
1
Expected
Outcome
Achieved
No further action
required
Achieved
No further action
required
To widen the
links/contacts of the
Caldicott Guardian
both internally and
externally
SALFORD COMMUNITY AND SOCIAL SERVICES
7
7.1
Compliance
Objective
Completion of initial
management audit
Information for clients
on the proposed uses
of information about
them
Initial Audit
Outcome
Management Audits to
be undertaken and
Stocktake and
Improvement Plan
documents produced
Level 0
Assessed
Performance
Stocktake and
Improvement Plan
completed as at
may 2002
No general leaflet
(although a leaflet
exists in a small
number of areas)
Actions for Improvement
Initial Management Audit Completed and reported to
Cabinet Management Group 24 June 2002 and
Cabinet Meeting 16 July 2002
1. Produce in consultation with the users leaflets and
posters for users and carers.
2. Implement an active information campaign via
Caldicott training and other methods to provide staff
with guidance.
3. Include details about the use of personal
information within information packs for new
service users.
Expected
Outcome
Production of Work
Programme and
Improvement plan
for 2002/03
Level 1 by
December 2002
Action: J Phillips/B Colman
7.2
7.3
Staff code of conduct
in respect of
confidentiality
Staff Induction
procedures
Level 1
Level 1
Departmental
notice to staff on
confidentiality
exists but needs
updating
Basic requirements
outlined as part of
induction process
Review Departmental notice on Confidentiality and
update associated procedure.
Action: J Phillips
Action: J Phillips
1.Staff Development policy to be formally launched.
2. Review inclusion within ‘Welcome to Social Services’
training.
3. Raise awareness further via Caldicott training
Action: S Dawson/M Mahon
98946464/bmulvihill
Level 2 by
December 2002
2
Level 2 by
December 2002
SALFORD COMMUNITY AND SOCIAL SERVICES
Compliance
Objective
7.4
7.5
7.6
Confidentiality and
security training needs
assessment
Initial Audit
Outcome
Level 2
Training provision
– confidentiality &
security, including
appropriate and
lawful information
sharing
Level 1
Staff contracts
Level 2
98946464/bmulvihill
Assessed
Performance
Training needs re
information
confidentiality and
security are
assessed
systematically for
most staff at the
induction
stage/supervision
/appraisal.
Training provided
to managers within
the recent launch of
Records Policy; to
be cascaded to
front line staff
Confidentiality
requirements
included in initial
contracts;
secondary contracts
refer back to initial
contract clauses.
Also included for
Personnel approved
Agencies.
Actions for Improvement
Re-inforce through Caldicott training.
Expected
Outcome
Maintain Level 2
Action: Caldicott Training Sub Group
1. Identify appropriate training plan to needs of the
department.
2. Provide opportunities for focussed and relevant
training.
Level 2
Ongoing process
Action: Caldicott Steering Group
1. Maintain existing policy, procedures and
practices.
Action: M Mahon
3
Maintain Level 2
SALFORD COMMUNITY AND SOCIAL SERVICES
7.7
Compliance
Objective
Contracts placed with
other organisations
Initial Audit
Outcome
Level 1
Assessed
Performance
1. Contracts
section:
confidentiality
clause included in
all contracts with
service providers.
2. Staff Agencies:
confidentiality
requirements
included for
Personnel approved
agencies; other
agencies may also
be used.
3. Supplies &
Services contracts
(eg, photocopier
repairers): no
confidentiality
clause
4. Development
Services/IT:
confidentiality
clause in some
contracts
Actions for Improvement
1. Maintain existing policy & practice in respect of
contracts with care service providers.
2. Ensure all staffing agencies go through the approval
process.
3. Include confidentiality requirement in next round of
contracts placed through Supplies & Services.
4.
Liaise with Development Services to include
confidentiality requirement in contracts placed with
all contractors engaged to work within City Council
buildings occupied by Community & Social
Services. Liaise with Legal section to ensure
inclusion of confidentiality clause in all contracts.
Action: M Mahon/J Phillips/K Whittick
98946464/bmulvihill
4
Expected
Outcome
Ensuring
mechanisms to
maintain Level 1
SALFORD COMMUNITY AND SOCIAL SERVICES
7.8
Compliance
Objective
Reviewing
information flows
containing patientidentifiable
information
Initial Audit
Outcome
N/A
Assessed
Performance
N/A
Actions for Improvement
LAC (2002)2 states that this audit area will not be
measured in the first stock take and that more clarity
and central guidance is required before Councils
with Social Services Responsibilities can be
expected to make sufficient progress.
“Ownership”
established for
each logically
discrete set of
information
(includes electronic
databases and
manual records)
Level 0
7.10
“Safe Haven”
procedures for
personallyidentifiable
information flows
N/A
N/A
LAC (2002)2 states that this audit area will not be
measured in the first stock take and that more clarity
and central guidance is required before Councils
with Social Services Responsibilities can be
expected to make sufficient progress.
7.11
Protocols governing
the sharing of patientidentifiable
information with other
Directorates and
organisations locally
agreed
N/A
N/A
LAC (2002)2 states that this audit area will not be
measured in the first stock take and that more clarity
and central guidance is required before Councils
with Social Services Responsibilities can be
expected to make sufficient progress.
7.9
98946464/bmulvihill
Ownership of Data
sets and register
not formally
completed
Expected
Outcome
1. Ownership to be identified and determined for all
electronic and manual information systems/data
sets.
2. Develop a register of high level ownership for
electronic and manual information/data sets.
3. Establish register and operational systems to support
its use.
Action: Caldicott Steering Group
5
Level 1 by
December 2002
SALFORD COMMUNITY AND SOCIAL SERVICES
-
Compliance
Objective
7.12
7.13
7.14
Security Policy
Document (see
BS7799 for
Guidance on
Content)
Security responsibilities
Information risk
Management
Programme
Initial
Audit
Outcome
Level 1
Level 0
Level 0
Assessed
Performance
IT Security Policy
BS7799
compliant; agreed
and reviewed.
Info security
covered in
records policy
(for manual and
IT records) but
may not be
BS7799
compliant
Security
responsibilities
are reflected
within Records
Policy but this
needs enhancing
No programme of
information risk
management
exists
Actions for Improvement
1. Review IT security Policy and reissue.
Action: IT Services
2. Review information security aspect of records policy to determine compliancy
with BS7799; develop separate security policy for manual records if required.
Expected
Outcome
Maintain Level 1
in preparation for
increase to Level
2
Action: Data Protection Act Group
1. Develop Caldicott training programme to include security
responsibilities and reinforce security policy documents.
Level 1
Action: Caldicott Training Sub Group
1. Develop a risk assessment tool to highlight areas of risk, low-high.
2. Undertake a directorate-wide risk assessment.
3. Produce report for consideration by Directorate Management Group
Level 1
Action: Caldicott Steering Group
7.15
Security Incidents
98946464/bmulvihill
Level 0
No procedures
exist; security
incidents
addressed as they
arise but may not
take on board
issue of
information loss
1. Develop procedure for action to be undertaken in the event of a security
incident, covering information and other aspects. (include Caldicott,
Supplies and Services, IT, Health & Safety)
2. Launch procedure into operations of the Directorate.
Action: Caldicott Steering Group
6
Level 1
SALFORD COMMUNITY AND SOCIAL SERVICES
Compliance
Objective
7.16
Security Monitoring
Initial
Audit
Outcome
Level 0
Assessed
Performance
No formal central
monitoring of
security incidents
Actions for Improvement
1. Development of procedure for action to take place in the event of a
security incident (see 7.15) to include reporting of incidents.
2. Implement incident reporting procedure.
Expected
Outcome
Level 1
Action: Caldicott Steering Group
7.17
7.18
Systems user
responsibilities for
password
management
Controlling access
to manual and
systems based
confidential
information
98946464/bmulvihill
Level 1
Level 0
Systems users
encouraged to
change passwords
regularly but this
is generally at
their discretion
Generally reliant
on honour
system; many
offices have
limited physical
controls.
1. Maintain system of encouragement through IT systems training and
reinforce through issue of revised IT Security Policy.
2. Determine with IT systems support possibility of systems password
change enforcement; set up appropriate programme of implementation.
Move towards
level 2 generally;
achieve Level 2
for more systems.
Action: IT Systems Support
1. Ownership to be established for all manual and electronic information
systems/data sets.
Level 1
2. Develop high level ownership register and determine access levels.
3. All staff groups requiring access to be identified and approved by service lead
4. Access rights to be agreed by the Caldicott Guardian.
Action: Caldicott Steering Group
7
Related documents
caldicott_protocol
caldicott_protocol
PART 1 (OPEN TO THE PUBLIC) ITEM NO
PART 1 (OPEN TO THE PUBLIC) ITEM NO
Information security is like contraception because***
Information security is like contraception because***
Download
advertisement