Data Protection of Project

Document Sample
Data Protection of Project Powered By Docstoc
					             DATA PROTECTION ACT 1998 – IMPLEMENTATION PROJECT

                                Project Initiation Document


Background
The main provision of the Data Protection Act 1998 came into force on 23 October 2001
although certain provisions relating to manual records are deferred until 23 October 2007.
The Act replaces the existing Data Protection Act 1984 and most of the Access to Health
Records Act 1990.

Scope
To identify the Trust’s responsibilities under the Data Protection Act 1998, to review the
existing policies and procedures for data protection established by the Trust and to revise
and consolidate these policies and procedures as appropriate to meet the requirements of
the Act. Appropriate links, and decisions about lead responsibility, will need to be made with
projects focusing on information security and on Caldicott/confidentiality as many of the Data
Protection requirements also apply to these work areas.

Benefits
The project will ensure that the Trust complies with its legal obligations and with good
practice on data protection and confidentiality issues. The risks of legal or other action
against the Trust and/or adverse publicity will be minimised.

Products/Deliverables

   1.      To revise the Trust policy statement on Data Protection, and to identify the
           individuals responsible for ensuring the Trust’s compliance. Product = policy
           statement; management arrangements statement

   2.      To review the procedures for ensuring the right of subject access for patients and
           other members of the public. Product = product document

   3.      To review the procedures for ensuring the right of subject access for members of
           the Trust’s staff. Product = procedure document

   4.      To establish means to ensure that patients (and other members of the public) are
           adequately informed about the Trust’s uses of personal data and their rights of
           subject access. This to be delivered as a joint product with work to satisfy
           confidentiality/consent requirements. Product = publicity material

   5.      To establish means to ensure that staff are adequately informed about the Trust’s
           uses of personal data and their rights of subject access. Product = publicity
           material

   6.      To review all existing holdings of personal data within the Trust. Products =
           inventory of personal data held; DP Act notification amendment if necessary

   7.      To establish procedures to identify changes and additions to holdings of personal
           data within the Trust. Product = procedure document

   8.      To promote and maintain awareness of data protection, confidentiality and
           information security issues throughout the Trust. This to be delivered as a joint
           product with work to satisfy confidentiality and information security requirements.
           Products = briefing notes; training presentations
Roles and Responsibilities

Project Manager:

Project Team:

The project will report to the Information Governance Steering Group

The project team will form working groups with appropriate membership to address specific
products/deliverables

Resources
Support to the project will be provided by the Senior Information Officer and the support staff
of the Confidentiality & Security Manager (all posts already funded)

Timescales
The project team will ensure that all policies and procedures are in place by [date]. The
project team will draw up a timetable which may include earlier deadlines for certain
deliverable

Risks
The Trust Board are corporately and personally liable for offences under the Data Protection
Act. Non-compliance with the Act may also result in adverse publicity for the Trust.

Quality Plan
The quality assurance role will be undertaken by the Information Governance Group

Controls
The project will additionally be monitored by the IM&T Programme Board

Constraints
The project must address all of the requirements for Data Protection compliance outlined in
the NHSIA Information Governance toolkit, and progress must be recorded appropriately
within the toolkit performance assessment facility by [date] .

Interfaces
The project will take account of:

      Data Protection policies and procedures in other organisations within the local health
       community

And parallel work to address information governance requirements relating to:

      Caldicott/Confidentiality
      Information Security
      Information Quality Assurance
      Records Management

				
DOCUMENT INFO
Description: Data Protection of Project document sample