Information governance for health practices
The service includes a Certified Information System Security Professional (CISSP) visiting the practice to carry out an initial audit, report the findings and help to fill in any gaps that may be found, including:
- Checking the information governance policy and ensure that it addresses the overall requirements of information governance;
- Ensuring that all contracts (staff, contractor and third party) contain clauses that clearly identify information governance responsibilities;
- Appropriate training for all staff members on information governance requirements;
- Help write letters of assurance to find if all person identifiable data processed outside of the UK complies with the Data Protection Act 1998 and Department of Health guidelines;
- Help assemble confidentiality code of conduct that provides staff with clear guidance on the disclosure of personal information;
- Independently check that enforcement processes are in place to ensure NHS national application Smartcard users comply with the terms and conditions of use;
- Advise and help to assemble an information asset register that includes all key information, software, hardware and services;
- Independently review the physical security of the building to ensure that unauthorised access to the premises, equipment, records and other assets is prevented;
- Audit the use of mobile computing systems ensure their correct operation and to prevent unauthorised access and advise on best practice;
- Advise and help to write plans and procedures to support business continuity in the event of power failures, system failures, natural disasters and other disruptions;
- Assemble incident management and reporting procedures and train staff in security awareness;
- Audit and help complete any gaps to ensure that are appropriate procedures in place to manage access to computer-based information systems;
- Help ensure that all transfers of hardcopy and digital personal and sensitive information have been identified, mapped and risk assessed; technical and organisational measures adequately secure these transfers
As can be seen, there is a lot to get done, but our trained staff would work with you and aim to complete many of the difficult and specialist tasks within a day – with the option of a follow up visit to ensure that the smaller, outstanding action points (if any), have been completed by the practice.
How to obtain the service:
Join the Quality Guild whereby all the above points are covered, but in addition:
- Free Legal Advice from Burnetts Solicitors
- A manual will be agreed by both parties at which point the QG ISS logo will be able to be used on letterheads and websites to give customers and regulators confidence.
- A certificate of conformance will be issued to show that an Information Security Management System (ISMS) is in place to help comply with regulations.
- A CISSP will audit the documented system on an annual basis
Quality Guild can be contacted on: 01228 631 681 or firstname.lastname@example.org