Information Governance Sample Clauses

Information Governance. 49.1 The Service Provider warrants and undertakes as follows: 49.1.1 the Service Provider shall in relation to this Agreement comply with the Data Protection Act 1998 (hereafter the "DPA"), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (hereafter the "PECED") and all relevant, subordinate or successor legislation relating to each of them including, without limitation, the Eight Data Protection Principles set out in the DPA; 49.1.2 the Service Provider acknowledges that TfL will rely upon the Service Provider to enable TfL to comply with its obligations under the Freedom of Information Xxx 0000 (hereafter the "FOIA"), the Environmental Information Regulations 2004 (hereafter the "EIRs") and the Reuse of Public Sector Information Regulations 2005 (hereafter the "RPSI") in relation to the Services and this Agreement and that the processes and procedures set out in this Agreement with which the Service Provider is required to comply are important for the purposes of ensuring such compliance; 49.1.3 if there is dispute over what is required for compliance with the DPA and the other named Acts and Regulations, the Service Provider will comply with written instructions from TfL’s legal advisers, except where it is illegal for the Service Provider to do so; and 49.1.4 the Service Provider agrees to provide promptly all reasonable additional information and co-operate fully with any investigations by TfL in relation to complaints under the DPA, FOIA, EIRs, RPSI, PECED and Computer Xxxxxx Xxx 0000, including investigations relating to complaints by the Information Commissioner’s Office, the Information Tribunal and the Courts. 49.2 The Service Provider shall: 49.2.1 take and implement appropriate technical and organisational security measures, that are necessary or appropriate to ensure a level of security to preserve the security and confidentiality of any Personal Data collected and/or processed by it and are satisfactory to TfL from time to time, against unauthorised or unlawful Processing of TfL Personal Data and against accidental loss, destruction of, or damage to such Personal Data including but not limited to the Security Policy and the Security Plan and shall procure its Sub-Contractors to do the same; 49.2.2 without prejudice to Clause 49.2.1, wherever the Service Provider uses any mobile or portable device for the transmission or storage of TfL Personal Data, ensure that each such device encrypts TfL Personal Data; 49.2.3 provi...

Information Governance. 2.1 The Parties must comply with Data Protection Legislation, Data Guidance, the FOIA and the EIR, and must assist each other as necessary to enable each other to comply with these obligations. 2.2 The Provider must: 2.2.1 nominate an Information Governance Lead; 2.2.2 nominate a Caldicott Guardian and Senior Information Risk Owner, each of whom must be a member of the Provider’s Governing Body; 2.2.3 where required by Data Protection Legislation, nominate a Data Protection Officer; 2.2.4 ensure that the Authority is kept informed at all times of the identities and contact details of the Information Governance Lead, Data Protection Officer, Caldicott Guardian and the Senior Information Risk Owner; and 2.2.5 ensure that the Authority and NHS Digital are kept informed at all times of the identities and contact details of the Information Governance Lead, Data Protection Officer, Caldicott Guardian and the Senior Information Risk Owner. 2.3 The Provider must adopt and implement the National Data Guardian's Data Security Standards and must comply with further Guidance issued by the Department of Health and Social Care, the Authority, any National Data Guardian for Health and Care and/or NHS Digital pursuant to or in connection with those standards. The Provider must be able to demonstrate its compliance with those standards in accordance with the requirements and timescales set out in such guidance, including its adherence to data security standards and requirements for enabling patient choice. 2.4 The Provider must, at least once annually, audit its practices against quality statements regarding data sharing set out in NICE Clinical Guideline 138. 2.5 The Provider must report and publish any Data Breach and any Information Governance Breach in accordance with IG Guidance for Serious Incidents. If the Provider is required under Data Protection Legislation to notify the Information Commissioner or a Data Subject of a Personal Data Breach then as soon as reasonably practical and in any event on or before the first such notification is made the Provider must inform the Authority of the Personal Data Breach. This paragraph does not require the Provider to provide the Authority with information which identifies any individual affected by the Personal Data Breach where doing so would breach Data Protection Legislation. 2.6 The Provider must have in place a communications strategy and implementation plan to ensure that Service Users are provided with, or have made rea...

Information Governance. 12.1 The Service Provider shall in connection with the provision of the Services and the performance of its obligations under the Contract comply with the DPA.

Information Governance. 7.1. Each party shall monitor the Personal Data to ensure that it is accurate and up to date and shall destroy any Personal Data that is inaccurate or out of date. 7.2. The parties shall promptly agree the following details to the extent that these are not covered in this agreement: 7.2.1. the prescribed format for datasets (to ensure that compatible datasets are used); 7.2.2. common rules for the retention and deletion of Personal Data; and 7.2.3. common technical and organisational security arrangements including for the transmission of the Personal Data. 7.3. The parties shall hold a six monthly review meeting (or such other frequency as may be agreed by the parties in writing) to review the ongoing effectiveness of the data sharing activities under this agreement and agree any appropriate changes to such activities or the agreement. 7.4. Where the Disclosing Party reasonably suspects that the Recipient is not in full compliance with its obligations under this agreement, the Disclosing Party may: 7.4.1 terminate this agreement with immediate effect; and/or

Information Governance. CONFIDENTIALLITY

Information Governance. 1.5.1 Information sharing can best achieve improvements in service delivery if the information conforms to certain standards to ensure that it is accurate, up-to-date, and correctly applied to the right person. The Parties have their own systems to monitor and check the quality of the information they hold, including information exchanged with the other Parties. Sharing only takes place where there is no doubt that the information relates to the right person. The Parties have mechanisms for informing the others in the event that information is found to be incorrect, out of date etc. 1.5.2 By law, neither the Board nor the Local Authorities are entitled to hold personal information for longer than is necessary. It is, however, not always easy to define how long it will be necessary to hold particular information, as circumstances may change and events may only come to light many years after they originally happened. The Parties will have their own policies on how long to keep different types of records (policies such as this are known as “retention schedules” as they describe how long to retain the different types of document or record). Shared information is covered by the retention schedule of the Party holding it subject to arrangements to ensure consistency of approach between the Parties on this. Before introducing new methods of processing or sharing personal data it is good practice to consider the benefits as well as the risks and potential negative effects for the individuals to whom the data relates. A Privacy Impact Assessment (PIA) is one method of doing this. This protocol commits each party to conducting such assessments in certain circumstances. More detail on this, as well as information standards and retention referred to above, can be found in section 5 below.

Information Governance. Records Management‌ This section analyses IG maturity models from the Records Management perspective. As described previously, IG is a multi-disciplinary field therefore the models analysed also represent disciplines that are considered relevant to IG.

Information Governance. An Information Sharing agreement has been shared with CCGs which has been discussed at the Lancashire and South Cumbria Primary Care Quality Forum and CCGs have been requested to sign up to this in 2016. Schedule 4 to the Delegation Agreement outlines further information sharing provisions and sets out the scope for the secure and confidential sharing of information between the parties on a need to know basis between individual personnel in order to enable the parties to exercise their primary medical care commissioning functions in accordance with the law.

Information Governance. Process & Procedure; Asset Management; Access Control & Security; Audit; Compliance; Continuity Management.

Information Governance. The Contractor shall ensure that the Services support the requirements specified in Part 26 of the Order Form.