Staff awareness leaflets

All the IG awareness leaflets below have been donated by Surrey Healthcare Community.

• Records Management Explained (PDF 0.97 Mb)

The following materials can be edited allowing you to tailor them to your organisation and add your logo.

• Guidance for sharing personal information by fax (Word 243 Kb)
• Guidance for sharing personal information by phone (Word 272 Kb)
• Guidance for sharing personal information by post (Word 182 Kb)
• Guidance for transporting personal information (Word 0.99Mb)
• Quick Reference to Caldicott and the Data Protection Act 1998 Principles (Word 272 Kb)

Exemplars, templates and model documents

The exemplars, template and model documents listed below have been designed to allow organisations to add content, logos and organisation-specific information.

Primary Care Trust resource pack

The documents listed below have been designed as a guide.  You are not required to use them, but you may find them useful if you do not already have processes in place. 

• IG business case template (Word 72 Kb) – This is a template business case to assist PCT IG leads bid for support or resources with the implementation and creation of an IG culture. 
• IG Training Tool report (Zip 201 Kb) – this provides an example of how an IGTT Administrator can manipulate the data from IGTT reporting tool to produce charts and tables for Steering group meetings or Trust Boards.
• Information security incident reporting procedures (Word 285 Kb) – this is an exemplar from Bradford and Airedale PCT.
• IG steering group briefing paper (Word 28.5 Kb) – this is a model briefing paper covering areas of discussion within IG steering group meetings which should be reported to the Trust Board.
• CRG mapping (PDF 39.1 Kb) - this document maps the NHS Care Record Guarantee to the IG toolkit requirements and BS ISO/IEC 27002:2005. It was developed with the assistance of South Staffordshire Healthcare NHS Foundation Trust.
• PCT Registration Authority procedures (Word 224 Kb) - this is a template relating to Registration Authority set-up and operation by PCTs to administer Smartcards allocation for General Practice staff.

General Practice resource pack

• GP CRG mapping (PDF 18.4 Kb) - this document maps the NHS Care Record Guarantee to the general practice IG toolkit requirements.

The documents listed below have been linked to the relevant IG toolkit requirement to assist Practices in identifying any gaps in their toolkit evidence. You are not required to use these, but you may find them useful if you do not already have evidence in place. 

Requirement 114: Responsibility for Information Governance has been assigned to an appropriate member, or members, of staff  

• GP template IG work plan (Excel 35.5 Kb)
• GP template IG lead responsibilities (Word 63 Kb)
• GP template assignment of IG responsibility (Word 28 Kb)

Requirement 115: There is an information governance policy that addresses the overall requirements of information governance  

• GP template information security policy (Word 54.5 Kb)
• GP template IG policy (Word 43.5 Kb)

Requirement 116: All contracts (staff, contractor and third party) contain clauses that clearly identify information governance responsibilities  

• GP template confidentiality agreement for staff (Word 21.5 Kb)
• GP template confidentiality agreement for third party suppliers (Word 60.5 Kb)

Requirement 117: All staff members are provided with appropriate training on information governance requirements  

• GP template staff training plan (Word 33.5 Kb)

Requirement 211: All transfers of personal and sensitive information are conducted in a secure and confidential manner

• GP template data handling (Word 36.5 Kb)
• GP template email policy (Word 39 Kb)
• GP model staff leaflet data handling - best practice (Word 647 Kb)

Requirement 212: Consent is appropriately sought before personal information is used in ways that do not directly contribute to the delivery of care services and objections to the disclosure of confidential personal information are appropriately respected ?

• GP model sharing information leaflet for staff (PDF, 258Kb)

Requirement 213: There is a publicly available and easy to understand patient information leaflet that informs patients how their information is used, who may have access to that information, and their own rights to see and obtain copies of their records

• GP model FOI patient information leaflet (Word 113 Kb)
• GP model patient leaflet on use of health records (Word 127 Kb)

Requirement 316:  There is an information asset register that includes all key information, software, hardware and services

• GP template information asset register (Excel 70.5 Kb)

Requirement 317: Unauthorised access to the premises, equipment, records and other assets is prevented

• GP template risk assessment (Excel 105 Kb)
• GP template physical security checklist (Word 48 Kb)
• GP template risk assessment impact (word 41.5 Kb)
• GP model safe haven policy (Word 44 Kb) 

Requirement 318: The use of mobile computing systems is controlled, monitored and audited to ensure their correct operation and to prevent unauthorised access

• GP template portable equipment policy (Word 51.5 Kb)
• GP template home working policy (Word 42.5 Kb)

Requirement 319: There are documented plans and procedures to support business continuity in the event of power failures, system failures, natural disasters and other disruptions

• GP template risk assessment (Excel 105 Kb)
• GP template business impact analysis sheet (Excel 22 Kb)
• GP model business continuity management policy (Word 68.5 Kb)
• GP template business continuity plan (Word 80 Kb)

Requirement 320: There are documented incident management and reporting procedures

• GP model information security incident reporting (Word 53 Kb)