Information governance
Our online privacy notice gives you detailed information on when and why we collect personal information and how we use it.
Carer and staff surveys are anonymous and case note audit submissions are pseudonymised (we do not ask for any identifying information such as name or NHS number), and allocated a number for the purposes of audit.
For further details please refer to our data flow chart. We have completed a Data Protection Impact Assessment (DPIA) to review our management of this data.
Data collection via an online audit tool
- Using SNAP Webhost Survey software. SNAP Surveys is certified to ISO 27001. Please see the statement regarding GDPR requirements and security on their website.
- Using an online data collection platform developed and implemented for the audit by Netsolving on CaseCapture. Contractual arrangements with Netsolving cover their accountability, record of data processing, maintenance of lawful basis for processing, compliance with consent requirements, GDPR transparency, individual rights, breach process and policy. The sub contract also specifies forbidding of data matching, agreed purpose processing, security arrangements, storage and retention, breach notification, subject access data rights, data transfer, rights to inspection and withdrawal, and valid data protection registration.
- Data storage via SNAP, Netsolving or Microsoft Azure is ISO/IEC 27001 compliant.
Data collection using paper questionnaires
HQIP's UPCARE tool collates information about the project governance and methodology. The tool is a protocol for audits and registries. It has been designed to provide a "one-stop" summary of the key information about how clinical audits and registries have been designed and carried out. Information is divided into Programme Level and Workstream Level.
Also see our organogram.