Simple Action Plan Template by iez18146

VIEWS: 12,646 PAGES: 8

More Info
									                                                        [Insert name of dental practice] Information Governance workplan
No.    Initial              Requirement                            Purpose                  Work to be done to      Knowledgebase                Target   Progress
         IGT                                                                               progress to next level resources available              IGT
        level                                                                                                                                     level
 107             The dental practice should have       To provide guidance to staff        Develop records               Template records
                 records management procedures         regarding individual                management procedures,        management
                 that include guidance for staff on    responsibility for accuracy and     covering the creation, use,   procedure including
                 creation, use, storage and disposal   appropriate storage of records      storage and disposal of       guidelines for staff;
                 of patient records.                   and ensure that dental records      patient records. Ensure       Template tracking
                                                       are properly created, accessible    your staff comply with the    register;
                                                       and available for use and           procedures.                   Template log of
                                                       eventual disposal in line with                                    patient record
                                                       dental service regulations and                                    disposal decisions
                                                       the Records Management NHS
                                                       Code of Practice.


114              The dental practice should assign     To ensure that all staff are able   Nominate who is going to IG lead
                 responsibilities for Information      to access guidance in the           be IG lead in the practice. responsibilities - see
                 Governance to an appropriate          practice in the event of IG         This person needs to be IG template IG policy
                 member or members of staff. This      issues, problems and queries.       aware and ideally have
                 key role should lead the co-                                              undertaken some IG
                 ordination, publicising and                                               training, e.g. via the IG
                 monitoring of Information                                                 Training Tool.
                 Governance arrangements
                 including the development and
                 implementation of an IG work
                 plan.
No.    Initial               Requirement                              Purpose                    Work to be done to         Knowledgebase       Target   Progress
         IGT                                                                                    progress to next level    resources available     IGT
        level                                                                                                                                    level
 115             The dental practice should have an       To demonstrate the practice's       Document an IG policy. To Template IG policy;
                 Information Governance policy            commitment to handling              ensure your staff are fully Template staff
                 that addresses the overall               patients' information within the    aware of the do's & don'ts declaration form
                 requirements of information              law and professional code of        of your policy and
                 quality, security and                    conduct. To make all staff aware    procedures consider
                 confidentiality.                         of the policy and underpinning      supplying them with a
                                                          procedures.                         copy. Ensure staff sign a
                                                                                              declaration form
                                                                                              confirming that they have
                                                                                              read and understand
                                                                                              materials issued to them.



 116             The dental practice should ensure        Under the DPA 1998, a data          Check all your staff       Template
                 that all contracts, staff, contractor    controller (the practice) must      contracts to ensure they confidentiality
                 and third party, contain clauses         take reasonable steps to ensure     contain the relevant       agreement for staff
                 that clearly identify responsibilities   the reliability of any employees    clause. If not, you could
                 for confidentiality, data protection     or third parties that have access   adapt the one-page
                 and security.                            to personal data. A contract        confidentiality agreement
                                                          clause should explicitly and        and ask all your staff to
                                                          unambiguously state the             sign. This can then be
                                                          obligation to keep patient          added as an appendix to
                                                          information confidential,           their contract. Where
                                                          otherwise the dental practice       necessary, you should
                                                          may have little or no defence in    check your contracts with
                                                          the event of an accidental or       third party contractors
                                                          intentional breach by a member      that are able to access
                                                          of staff or contractor.             confidential personal
                                                                                              information, e.g IT system
                                                                                              suppliers.
No.    Initial             Requirement                            Purpose                    Work to be done to            Knowledgebase          Target   Progress
         IGT                                                                                progress to next level       resources available        IGT
        level                                                                                                                                      level
 117             The dental practice should ensure    To assist practices to ensure       There is an online IG         Access the online IGTT
                 that staff members are provided      their staff are adequately          Training Tool which           at:
                 with awareness and training across   informed of their responsibility    contains an introduction      www.connectingforhe
                 the Information Governance           to keep patient information         to IG for dental practices.   alth.nhs.uk/igtrainingt
                 agenda.                              confidential, secure, accurate      Other relevant modules        ool
                                                      and up to date. It supports the     include, information
                                                      requirement for confidentiality     security guidelines,
                                                      clauses in contracts (116).         password management,
                                                                                          and records management.



 118             The dental practice should           This requirement is only            To fulfil the IG Toolkit
                 implement its IG management          relevant to those practices that    aspect of the IGSoC
                 arrangements to ensure the NHS       require access to NHS CFH           requires attainment level
                 CFH IG Statement of Compliance       products and services such as:      2 on each of the IG Toolkit
                 (IGSoC) is satisfied.                the Summary Care Record;            requirements.
                                                      Choose and Book; the National
                                                      Network (N3) etc that are
                                                      directly accessing the N3
                                                      network rather than obtaining
                                                      access via an aggregator. It aims
                                                      to ensure that all directly
                                                      connected organisations have
                                                      appropriate systems and
                                                      processes in place to maintain
                                                      the security of the N3 network.
No.    Initial              Requirement                             Purpose                    Work to be done to            Knowledgebase          Target   Progress
         IGT                                                                                  progress to next level       resources available        IGT
        level                                                                                                                                        level
 119             The dental practice must ensure        This requirement is only            All staff with NHS CFH    Template compliance
                 that staff and all those working for   relevant to those practices that    smartcards must be issued monitoring form
                 or on behalf of it issued with         require access to NHS CFH           with the RA01 leaflet
                 smartcards, comply with the terms      products and services such as:      which sets out the terms
                 and conditions set out in the RA01     the Summary Care Record;            & conditions of use. The
                 form.                                  Choose and Book; Personal           practice will need to
                                                        Demographics Service, etc. Its      inform staff that
                                                        purpose is to establish a           compliance monitoring
                                                        baseline of good dental practice    will be carried out.
                                                        and monitoring to ensure staff
                                                        comply with the conditions set
                                                        out in the RA01 form.



 201             The dental practice must have a        To provide guidance to staff        Document a code of            Template code of
                 confidentiality code of conduct        regarding individual                conduct. Alternatively, the   conduct, including
                 that provides staff with clear         responsibility for safeguarding     practice can adopt the        guidelines for staff on
                 guidance on the disclosure of          and preserving confidentiality      Confidentiality NHS Code      disclosure;
                 personal information.                  and information security to         of Practice and issue staff   Confidentiality NHS
                                                        assist the practice to ensure       with practice-specific        Code of Practice
                                                        their organisational duty is met.   information about
                                                                                            handling patient
                                                                                            information and ensure
                                                                                            that they read and
                                                                                            understand the
                                                                                            obligations around the
                                                                                            disclosure of information.
No.    Initial              Requirement                             Purpose                   Work to be done to            Knowledgebase       Target   Progress
         IGT                                                                                 progress to next level       resources available     IGT
        level                                                                                                                                    level
 208             The dental practice should map all     To enable dental practices to      Use the examples on the       Template map of
                 flows of personal information and      assess risks to the information    guidance document to          information flow;
                 assess risks in line with              they hold or transfer, so that     identify your flows. If you   Template information
                 Department of Health guidelines.       processes can be applied to        identify any risk areas,      handling procedure
                                                        ensure confidential information    indicate what action you      including guidelines
                                                        remains protected.                 intend to take. Document      for staff;
                                                                                           procedures setting out        Template compliance
                                                                                           how confidential              monitoring form;
                                                                                           information is to be held
                                                                                           or transferred.

 209             The dental practice ensures that all   To ensure that dental practices    Use your mapped data        Template map of
                 person identifiable data processed     are aware of who is processing     flows (Req 208) to identify information flow
                 outside of the UK complies with        person identifiable data           any overseas processing. If
                 the Data Protection Act 1998 and       overseas and consider the legal    you use third party
                 Department of Health guidelines.       implications when entering into    contractors, you need to
                                                        a contract for data processing.    check where they are
                                                                                           processing your data.



 212             The dental practice should ensure      To ensure the practice has         Ensure procedures are      Template staff
                 that patients are generally asked      procedures in place to gain        contained within your      declaration form
                 before their personal information      specific informed consent to use   code of conduct or
                 is used in ways that do not directly   patient information for a          equivalent document
                 contribute to, or support the          secondary purpose.                 referred to in requirement
                 delivery of, their care and that                                          201. Ensure staff have
                 patients' decisions to restrict the                                       read and understood the
                 disclosure of their personal                                              document.
                 information are appropriately
                 respected.
No.    Initial             Requirement                            Purpose                   Work to be done to            Knowledgebase       Target   Progress
         IGT                                                                               progress to next level       resources available     IGT
        level                                                                                                                                  level
 213             The dental practice should have a    To assist dental practices to      Document a patient           BDA - Model Data
                 publicly available and easy to       comply with the Data Protection    information leaflet and      Protection Code of
                 understand patient information       Act 1998 provisions and            ensure it is available to    Practice for patients
                 leaflet that informs patients how    contractual obligations to         patients, e.g. in reception,
                 their information is used, who may   ensure patients are effectively    sent with appointment
                 have access to that information,     informed about the use of their    letters. Ensure your staff
                 and their own rights to see and      information.                       are adequately informed
                 obtain copies of their records.                                         about the leaflet so they
                                                                                         can either assist with
                                                                                         patient queries or know
                                                                                         where to obtain advice.



 305             The dental practice should ensure    To enable the dental practice to   Document a procedure to       Template access
                 that there are appropriate           effectively control access to      allocate and remove user      control procedure
                 procedures in place to manage        information held on its            accounts. Ensure you          including guidelines
                 access to computer-based             computer systems and ensure        provide guidance to your      for staff;
                 information systems.                 that only authorised personnel     staff to ensure they use      Template compliance
                                                      have access to use and share       the system appropriately.     monitoring form;
                                                      information held within the        Monitor usage.                Template staff
                                                      systems the practice manages.                                    declaration form



 308             The dental practice should ensure To maintain the security and          Use your mapped data          Template information
                 that confidential patient          confidentiality of patient           flows (Req 208) to identify   handling procedure
                 information is secured in transit. information during transfers and     who you share                 including guidelines
                                                    transport of records,                confidential information      for staff; Template
                                                    correspondence, faxes, e-mail,       with. Ensure procedures       compliance
                                                    telephone messages, and other        for secure transfer are       monitoring form
                                                    communications.                      included in the document
                                                                                         produced for Req 208.
No.    Initial              Requirement                            Purpose                   Work to be done to             Knowledgebase          Target   Progress
         IGT                                                                                progress to next level        resources available        IGT
        level                                                                                                                                       level
 316             The dental practice should have an To enable the practice to locate Record your practice's       Template information
                 information asset register.        and track all its information    assets in a simple register. asset register
                                                    assets and ensure that
                                                    appropriate protection is
                                                    maintained.

 317             The dental practice should ensure     To ensure that dental practice     Assess the physical            Template physical
                 it prevents unauthorised access to    assets (premises, equipment        security of your practice.     security risk
                 the practice premises, equipment,     and information) and staff are     Where necessary put in         assessment and
                 records and other assets.             protected by physical security     place measures to delay        action plan;
                                                       measures. Staff should be          and prevent unauthorised       Template incident
                                                       encouraged to feedback to the      access and to detect           reporting form;
                                                       responsible person, any            attempted or actual            Template incident
                                                       potential risks they identify in   unauthorised access.           register
                                                       the course of their duties.        Ensure your staff know
                                                                                          what to do in the event
                                                                                          that unauthorised access
                                                                                          does occur.

 318             The dental practice should control,   To protect personal information    Ensure you have a log of       Template mobile
                 monitor and audit the use of          held on the dental practice’s      all staff issued with mobile   computing equipment
                 mobile computing systems to           mobile IT systems by ensuring      computing equipment.           asset log; Template
                 ensure their correct operation and    that access is only available to   Document procedures on         staff guidelines on the
                 to prevent unauthorised access.       authorised personnel.              the use of mobile              use of mobile
                                                                                          computing devices and          computing
                                                                                          issue them to your staff.      equipment;
                                                                                                                         Template assignment
                                                                                                                         of mobile computing
                                                                                                                         equipment form
No.    Initial             Requirement                              Purpose                     Work to be done to               Knowledgebase         Target   Progress
         IGT                                                                                   progress to next level          resources available       IGT
        level                                                                                                                                           level
 319             The dental practice should have       To ensure that the dental             Carry out an assessment          Template business
                 documented plans and procedures       practice is still able to carry out   of the risks to all systems      impact analysis sheet;
                 to support business continuity in     vital business processes in the       where information critical       Template business
                 the event of power failures, system   event of a security failure or a      to the running of the            continuity plan
                 failures, natural disasters and       disaster. To ensure all staff         practice is held. In the first
                 other disruptions.                    know what they need to do in          instance document the
                                                       the event of a security failure or    impacts on your practice
                                                       disaster.                             in the event of a security
                                                                                             failure or disaster. This
                                                                                             should be developed into
                                                                                             a business continuity plan.




 320             The dental practice should have To ensure that where incidents              Allocate responsibility for      Template incident
                 documented incident management occur, the damage from them is               managing information             management
                 and reporting procedures.       minimised and lessons are                   incidents and put                procedure including
                                                 learnt from them. To ensure all             procedures in place for          guidelines for staff;
                                                 staff know to report all incidents          the reporting and                Template incident
                                                 and near-misses are so that they            management of incidents.         reporting form;
                                                 can be recorded and                                                          Template incident
                                                 appropriately managed.                                                       register

								
To top