Information Governance Welsh Guidance | Numark

Information Governance Welsh Guidance

New Welsh Information Governance (IG) Toolkit introduced Jan 24 for 2024 submission.

Deadline extended to 30th June to allow for transition to the new tool and response requirements – one off extension, returning to 31st March from 2025.

All minimum expectations questions must be answered indicating compliance to enable submission, where evidence is requested evidence must be uploaded to complete that section.

Exceeded expectations can only be answered where minimum expectations are met for that section.

The questions are Yes/No, select tick box(es) responses or enter a date. Some then further expand to ask for evidence items to support the response given.

Section	Subsections	Questions Required	Evidence Items
1. Accountability	Do you have appropriate policies, procedures and training in place to support compliant, safe Information Governance? (8 Sub-sections)	57 Required Questions	31 Evidence Items
2. Freedom of Information (FOI) & Environmental Information Regulations (EIR)	Do you have clear signposting where further/ additional information can be found?	3 Required Questions	3 Evidence Items
3. Information Security	Do you maintain records of access to personal information securely?	16 Required Questions	13 Evidence Items
4. Business Continuity	Do you have a recognised business continuity plan?	6 Required Questions	5 Evidence Items

Utilise our navigation tool to complete your evidence portfolio

Download navigation tool (download to add)

We have provided a breakdown of the evidence required and supporting documentation to help you remain compliant.

Accountability

1.1 Leadership and Oversight

Has the pharmacy appointed one or more team members to oversee the Information Governance policies and procedures?

1.1.1 Evidence item: Data Protection & IG Responsibility

1.2 Policies and Procedures

Does the pharmacy have published Information Governance policies and procedures?

1.2.1a Information Governance & Confidentiality Policy

1.2.1b Information Governance Data Handling Procedure

1.2.1c Patient Awareness Procedure Template

1.2.1d NHS Smartcard Use - Terms and Conditions Template

1.2.1e Portable Device Usage Procedure Template

1.2.1f Incident Management Procedure Template

1.2.1g Access Control & Data Quality Template

1.2.1i Records Management Procedure Template

1.2.1j NHS Wales Acceptable Use Policy For Intranet Use Template

1.2.3 Policy and Procedure availability

1.2.4 Personal Data Breach process compliance

1.2.6a DP06 Personal Data Incident Management SOP

1.2.6b DP06a High Risk Personal Data Incident Management SOP

1.2.7 Access Management

1.2.8 DP05 - Personal Data Rights SOP

1.2.9 Confidential Waste Disposal

1.3 Training & Awareness

Does the pharmacy have a training plan in place to deliver Information Governance requirements?

1.4 Individual Rights

Does the pharmacy have a privacy policy in place?

1.5 Records of Processing and Lawful Basis

Does the pharmacy have a formal record of lawful data processing activities?

1.7 Risk and Data Protection Impact Assessments (DPIA)

Does the pharmacy have a proactive DPIA process?

1.8 Breach and Response Monitoring

Does the pharmacy have an incident reporting management system in place to register, report and follow up on data breaches?