Here are the details of our Information Governance compliance:
Our IG Toolkit framework is available to view on https://www.igt.hscic.gov.uk/ our ID is 8HW22, the summary is attached and I am happy to go through our policies in detail with you IG compliance lead.
Some of the key points about our IG compliance:
We are IG compliant independently from yourselves, passing information to us is the same as sharing information with another carer/clinician.
We use servers provided by a 3rd Party provider called Rackspace Ltd. They are also IG Toolkit compliant, their ID is 8HL77
All data remains in the UK.
The laptops that will contain the data are yours, not ours, and we do not have access to them. Naturally you will already have procedures in place (e.g. secure login, IG training for staff to ensure that the laptops themselves are secure)
1. Information you send to us for a one-off upload (children's data) is kept to a minimum, we do not ask you for address or any other personal information, just the child's name, gender, date of birth (and optionally, NHS number, if you have it).
2. For the purposes of sending the children's data to upload, we'll ask you to use an NHS.Net e-mail address. (mine: firstname.lastname@example.org)
3. Our staff have no access to the data: the program that is running on our server keeps the data separate, so developers, for example, cannot access it. We only give access to the data to ther Systems Administrator for trouble shooting.
4. In addition, your screeners only have access to details of their own patch, i.e. one team cannot see children from another team.
5. The information that we produce for you (reports, etc.) is anonymised.