PCT IG STEERING GROUP BRIEFING PAPER – MODEL PURPOSE To inform the IG steering group of current IG developments and requirements and provide an update to the Steering group of the PCT’s current position in regard to the following areas; [Examples] The PCTs IG Assurance Process The IGT self assessment The PCT Statement of Compliance The GP Statement of Compliance Prison Health IG Assessment (If applicable) Information Security Incidents Caldicott Reports FOI requests [Other areas for inclusion might be: staffing & resource availability, training issues etc]. THE INFORMATION GOVERNANCE ASSURANCE PROCESS The PCT has undertaken a comprehensive security assurance review of all inbound and outbound sensitive / person-identifiable data, (data mapping exercise) following the letter of the 4 December 2007 from the NHS Chief Executive. The [insert designation] has already addressed high-level risk issues and is looking to mitigate all remaining risks e.g. implementation of the recent nationally procured encryption software. The PCT has continued to raise staff awareness of information security issues, alongside this review, encouraging reporting and offering training, support and advice across provider and commissioning arms. Action Completed: [insert date] SENIOR INFORMATION RISK OWNER New guidance was issued on the 20 May 2008 requested that organisations identify a Senior Information Risk Owner (SIRO) at Board level. The PCT has designated [specify] to undertake this role. PCT INFORMATION GOVERNANCE ASSESSMENT The PCT is currently working towards its annual self-assessment of its Information Governance arrangements through completion and submission of the Information Governance Toolkit. Last year, the PCT scored [insert figure] % on its information governance assessment, which falls into the banding of [Green/Amber/Red]. The overall predicted score for this year is [insert figure] % that will [again] place overall compliance with Information Governance into a banding of [Green/Amber/Red]. A significant amount of work has been undertaken during the [period] particularly in areas relating to: [Specify the areas of work]: Only [x] out of [y] standards still have work to be undertaken before 31 March to reach the planned target levels, which, on satisfactory completion will support the PCT’s key Strategic Performance targets towards Achieving Balanced Health. The latest position on the IG Toolkit return due on 31 March [insert year] is attached to this report. This provides a summary of the scores and the standards to which these relate. All level 3 standards have an associated action plan to ensure that the standard is maintained throughout the year. Those at levels 1 and 2 have action plans in place to work towards the next level during the next few weeks. Key action required includes: [Specify key actions required] PCT STATEMENT OF COMPLIANCE As part of its information governance assessment submission in March 2008, the PCT was able to demonstrate that it had attained a minimum level of 2 on the IG Statement of Compliance Standard 108 and on the specific standards that support this. Progress on the action plan, agreed with NHS CFH as part of this processes, is outlined in the supporting paper attached. GENERAL PRACTICE STATEMENT OF COMPLIANCE The PCT is currently working with GPs to complete the IG Statement of Compliance by 31 October 2008. To date [insert number] Practices have successfully signed off their IG Statement of Compliance, whilst a further [insert number] have agreed action plans to reach the required level of compliance preparatory to sign off. [Insert number] Practices have not yet engaged with the process and further work is being undertaken to liaise with the Practices and to provide further support where necessary. The PCT has started working with some of its Pharmacists to engage with the Information Governance process. POLICIES AND PROCEDURES In order to continue to meet legal and Department of Health requirements for Information Governance, the PCT has identified the need to establish/amend a number of policies as follows: The Steering Group is asked to review and endorse the policies detailed below prior to their formal submission for approval by the PCT Board. [List the policies] Information Governance briefing paper (Ref:) Author Date