To make sure our patients information is secure we (the Trust) follow a privacy by design approach to make sure your information and privacy is a top priority for any new system. We use a process known as a Data Privacy Impact Assessment also called a DPIA for screening new systems (or significant changes to existing systems) to highlight any risks to confidential data. Where a DPIA highlights risks these are appropriately managed and action taken to ensure the risk is removed or significantly reduced.
The DPIA is a tool recommended by the Information Commissioners Office (ICO) to help us make sure your data is used properly, legally and securely. You can find out more about the ICO at: https://ico.org.uk .
A summary of DPIA’s completed for new systems is available in this document.
Information Governance and Data Protection
We are committed to being open and transparent about how we use and protect personal information. Publishing our Information Governance Policy and Data Protection Policy helps patients, staff, and the public understand how we handle information lawfully, fairly, and securely.
These policies set out the standards and controls we follow to ensure personal data is:
• Used only for legitimate purposes
• Kept safe and secure
• Shared appropriately and lawfully
• Retained only for as long as necessary
They also explain individuals’ rights under data protection legislation and how concerns or questions about information use can be raised.
By making these policies publicly available, we demonstrate our commitment to accountability, trust, and good information governance across all our services.