Information Governance (IG) is the practice used by all organisations to ensure that information/data is efficiently managed and that appropriate policies, system processes and effective management accountability provides a robust governance framework for safeguarding information.

The IG handbook is intended to provide information to support and assist staff in meeting their obligations regarding good Information Governance and should be read in conjunction with the Information Governance Code of Conduct and Information Governance & Data Security and Protection Policies.

The overarching Data Security and Protection policy provides an overview of the organisation’s approach to information governance and includes data protection and other related information governance policies, and details about the roles and management responsible for data security and protection in the organisation.

The Staff Code of Conduct sets out clear guidance and the Information Governance standards expected of staff working for the CCG.  All employees working in the CCG, including temporary staff such as all contractors, voluntary staff, and students are bound by a legal duty of confidence to protect personal information they may come into contact with during the course of their work.

The Privacy Notice explains how NHS Shropshire, Telford and Wrekin CCG respects your rights with regards to data privacy and data protection when you communicate (online or offline) with us through our websites, programmes and events.

This policy relates to all forms of fraud, bribery and corruption and is intended to provide direction and help to all CCG staff and other stakeholders (including patients, visitors, temporary employees, locums, agency staff, contractors, suppliers and visiting clinicians) who may identify fraud or bribery, or suspect that fraud or bribery may have taken place.

The Breach Reporting Standing Operating Procedure (SOP) sets out what staff should do when they become aware of a data security and protection breach/breach.

The Standing Operating Procedure (SOP) sets out what staff should do when receiving a request for personal information, such as medical information or staff information, and applies to NHS Shropshire, Telford and Wrekin Clinical Commissioning Group for records for which they are the Data Controller (or Data Processor as required).

As part of its employment activities, NHS Shropshire, Telford and Wrekin CCG collects, stores and processes personal information about prospective, current and former staff.  The Privacy Notice includes applicants, employees (and former employees), workers (including agency, casual and contracted staff), volunteers, trainees and those carrying out work experience.

The CCG recognises the need to treat staff personal and sensitive data in a fair and lawful manner. No personal information held by the CCG will be processed unless the requirements for fair and lawful processing can be met.

The localised retention schedule has been produced to support NHS Shropshire, Telford and Wrekin CCG employees to adopt a consistent approach to the practice of managing records.  The schedule is not an exhaustive list and focuses on the types of records as listed in the organisation’s asset register. The schedule is based on the NHSX Records Management Code of Practice for Health and Social Care 2020 and the NHS England Corporate Records Retention 2019. The schedule replaces guidance produced under Records Management: NHS Code of Practice 2016