Example: air traffic controller

De-identification and Pseudonymisation Policy

This is a controlled document. Whilst this document may be printed, the electronic version posted on the intranet is the controlled copy. Any printed copies of the document are not controlled. Policy title: De-identification & Pseudonymisation Policy Reference/ version number: KCCG/DP/01 Policy owner/author: Director of Quality & Governance Date approved: 21/02/2017 Date for review: 21/02/2018 Page 1 of 24 De-identification and Pseudonymisation Policy Lead: Director of Quality Author: Performance and Information Lead/ Information Governance Lead This is a controlled document. Whilst this document may be printed, the electronic version posted on the intranet is the controlled copy.

This is a controlled document. Whilst this document may be printed, the electronic version posted on the intranet is the controlled copy. Any printed copies of the document are not controlled.

Tags:

  Identification

Information

Domain:

Source:

Link to this page:

Please notify us if you found a problem with this document:

Other abuse

Advertisement

Transcription of De-identification and Pseudonymisation Policy

1 This is a controlled document. Whilst this document may be printed, the electronic version posted on the intranet is the controlled copy. Any printed copies of the document are not controlled. Policy title: De-identification & Pseudonymisation Policy Reference/ version number: KCCG/DP/01 Policy owner/author: Director of Quality & Governance Date approved: 21/02/2017 Date for review: 21/02/2018 Page 1 of 24 De-identification and Pseudonymisation Policy Lead: Director of Quality Author: Performance and Information Lead/ Information Governance Lead This is a controlled document. Whilst this document may be printed, the electronic version posted on the intranet is the controlled copy.

2 Any printed copies of the document are not controlled. Policy title: De-identification & Pseudonymisation Policy Reference/ version number: KCCG/DP/01 Policy owner/author: Director of Quality & Governance Date approved: 21/02/2017 Date for review: 21/02/2018 Page 2 of 24 CCG Policy Reference: KCCG/DP/V1 THIS Policy HAS BEEN APPROVED BY Kingston CCG, AND WILL HAVE EFFECT AS OF 7 MARCH 2017 Target Audience Governing Body members, committee members and all staff working for, or on behalf of, the CCG Brief Description The Policy is for all Kingston CCG personnel who use patient data for uses other than direct patient healthcare with guidance to safeguard the confidentiality of the patient.

3 The Policy has been developed in line with central guidance and covers all aspects of compliance with confidentiality, data protection and when holding, obtaining, recording, using, sharing and disclosing of data/information or records, held in a manual/paper or electronic format, by or on behalf of the CCG. This includes, but is not limited to; staff employed by the organisation; those engaged in duties for the organisation under a letter of authority, honorary contract or work experience programme; volunteers and any other third party such as contractors, students or visitors. Action Required Following approval at the CCG Governing Body, The Chief Officer will ensure that the requirements of this Policy will be raised at all team meetings, and confirm the requirements with the chairs of each committee, and with CCG executives.

4 The Governance Lead will establish and maintain a corporate register of all policies and their status, and will ensure that these are appropriately reflected on the website. Staff must only have access to the data that is necessary for the completion of the business activity which they are involved in. This applies to the use of personal confidential data (PCD) for secondary or non-direct care purposes. By De-identification or anonymisation users are able to make use of patient data for a range of secondary purposes without having to access the identifiable data items. The PCD must be stored within a Safe Haven environment (including any Safe Haven under the Health and Social Care Information Centre) with strictly controlled access.

5 The Kingston CCG Information Governance Steering Group was consulted in regards to this Policy . This Policy will be reviewed annually by the IGSG, to take account of changes in guidance and organisational change. This is a controlled document. Whilst this document may be printed, the electronic version posted on the intranet is the controlled copy. Any printed copies of the document are not controlled. Policy title: De-identification & Pseudonymisation Policy Reference/ version number: KCCG/DP/01 Policy owner/author: Director of Quality & Governance Date approved: 21/02/2017 Date for review: 21/02/2018 Page 3 of 24 Document Control Policy Title: De-identification and Pseudonymisation Policy Original Policy Author(s): KCCG Membership of Policy Development Group List names and job titles of those involved in the working group Policy Owner: Brian Roberts, Performance and Information Lead/ Information Governance Lead Reviewed by.

6 Fergus Keegan, Director Lead Consultation This Policy was distributed to the following people during the consultation phase (list names and job titles of those consulted; include patients and/or public) Quality Assured by: Information Governance Steering Group File Location: GPTeamnet Approval Body: Integrated Governance Committee Approval Date: Feb 2017 Document Review Control Information Version Date Reviewer Name(s) Comments This is a controlled document. Whilst this document may be printed, the electronic version posted on the intranet is the controlled copy. Any printed copies of the document are not controlled. Policy title: De-identification & Pseudonymisation Policy Reference/ version number: KCCG/DP/02 Policy owner/author: Director of Quality & Governance Date approved: 21/02/2017 Date for review: 21/02/2018 Page 4 of 24 Document Information: Title /Version Number/(Date) De-identification & Pseudonymisation Policy Document Status (for information/ action etc.)

7 And timescale For implementation Accountable Executive Director of Quality & Governance Responsible Post holder/ Policy Owner Performance and Information Lead/ Information Governance Lead Date Approved Approved By Integrated Governance Committee Publication Date 7 March 2017 Review Date 21 February 2018 Equality Analysis Equality Analysis This document has been assessed for equality impact on the protected groups, as set out in the Equality Act 2010. This document demonstrates Kingston CCG commitment to create a positive culture of respect for all individuals, including staff, patients, their families and carers as well as community partners. The intention is, as required by the Equality Act 2010, to identify, remove or minimise discriminatory practice in the nine named protected characteristics of age, disability, sex, gender reassignment, pregnancy and maternity, race, sexual orientation, religion or belief, and marriage and civil partnership.

8 It is also intended to use the Human Rights Act 1998 and to promote positive practice and value the diversity of all individuals and communities. Associated Policy Documents Title Safe Haven Policy Information Governance Policy Records Management Policy and strategy Fileshare Access Request Change Form Registration Authority Policy Risk Management Strategy Related Legislation and Guidance The Data Protection Act 1998 Caldicott Principles (updated 2013) The common law duty of confidentiality The Confidentiality NHS Code of Practice The NHS Care Record Guarantee for England The Social Care Record Guarantee for England The ISO/IEC 27000 series of information security standards The Information Security NHS Code of Practice The Records Management NHS Code of Practice The Freedom of Information Act 2000 The Health and Social Care Act 2012 This is a controlled document.

9 Whilst this document may be printed, the electronic version posted on the intranet is the controlled copy. Any printed copies of the document are not controlled. Policy title: De-identification & Pseudonymisation Policy Reference/ version number: KCCG/DP/02 Policy owner/author: Director of Quality & Governance Date approved: 21/02/2017 Date for review: 21/02/2018 Page 5 of 24 Contents Introduction .. 6 Purpose .. 6 Scope .. 7 Definitions .. 7 Safe Havens .. 8 Business Process .. 9 De-identification .. 10 Pseudonymisation .. 11 Use of Identifiable Data .. 11 Transferring Information .. 12 IG Toolkit Overlap .. 12 References .. 13 Appendix A Caldicott principles .. 14 Appendix B De-identification Action Plan.

10 16 Appendix C Access to the South East Commissioning Support Unit Pseudonymised Data Warehouse.. 19 Appendix D Reporting, Managing and Investigating Information Governance Serious Incidents Requiring Investigation.. 23 This is a controlled document. Whilst this document may be printed, the electronic version posted on the intranet is the controlled copy. Any printed copies of the document are not controlled. Policy title: De-identification & Pseudonymisation Policy Reference/ version number: KCCG/DP/02 Policy owner/author: Director of Quality & Governance Date approved: 21/02/2017 Date for review: 21/02/2018 Page 6 of 24 Introduction Confidentiality clearly states that use of patient data for non-healthcare medical purposes must be effectively anonymised , that is in de-identified form unless it is with the patient s consent or otherwise covered in law, such as with approval under Section 251 of the 2006 NHS Act given by the National Information Governance Board (NIGB) Ethics and Confidentiality Committee (ECC).


Related search queries