Data protection policy and digital toolkit

The request was successful.

Dear NHS Digital,

Please can you provide me with your data protection policy and a full list of organisations which must comply with your new NHS digital toolkit.

Yours faithfully,

A Miller

NHS Digital Enquiries (NHS DIGITAL),

1 Attachment

Ref: NIC-251976-Q7H6J 

Dear A Miller,

Many thanks for your recent request to NHS Digital.

We have now received a reply to this from our colleagues in the
Information Governance team.

Please see the attached file(s).

Kind Regards,

Contact Centre Team
NHS Digital
[1]www.digital.nhs.uk

0300 303 5678

[2][NHS Digital request email]

1 Trevelyan Square | Boar Lane | Leeds | LS1 6AE

HSCIC now operate under the new trading name of NHS Digital – clarifying
our role as the national information and technology partner for the health
and care system.

[3]Privacy and cookies

NHS Digital Customer Service Contact Centre in Leeds, has been awarded
Customer Service Excellence Standard Certification, In accordance with the
requirements of the Cabinet Offices Customer Service Excellence Standard

show quoted sections

Dear NHS Digital Enquiries (NHS DIGITAL),

I am requesting:
1. Data Protection policy for NHS Digital
2. I am referring to the Data Security and Protection Toolkit - so a full list of all organisations which must comply with the Data Security and Protection Toolkit. By this, i do not want to see eligibility criteria, just a list of named organisations which must comply with the toolkit.

Yours sincerely,

A Miller

NHS Digital Enquiries (NHS DIGITAL),

 

Ref: NIC-252674-J9W5M 

Dear A Miller,

I am writing to acknowledge that your request for information was received
by NHS Digital on 29th November 2018 and is currently being considered.

If NHS Digital is able to provide you with the information you have
requested, then under the Freedom of Information (FOI) Act you are
entitled to receive it promptly and in any event no later than the 20th
working day following the date of receipt. However, we may need to contact
you to clarify your request. If this is required we aim to do this
promptly but no later than 7 days after receiving your initial request for
information.

May I take this opportunity to explain the FOI Act in more detail? The Act
provides a 'General right of access to information held by public
authorities'. However, it also defines a number of exemptions which may
prevent the release of some or all of the information you have requested.
Therefore, NHS Digital will assess your information request in light of
any relevant exemptions.

If exemptions do apply, then NHS Digital may decide not to release all, or
part, of the information you have requested. I shall inform you if this is
the case, and advise you of your rights of appeal.

If the information you request contains reference to a third party then
they may be consulted prior to a decision being taken as to whether to
release the information to you.

The response to your request will be sent to you by email, however if you
require your response in any other format, please contact us to discuss a
suitable format.

NHS Digital will not normally charge a fee to provide you with the
information you have requested, unless the cost of dealing with your
request is more than £450 as outlined in Section 12 of the FOI Act and
Section 3 of the The FOI and Data Protection (Appropriate Limit and Fees)
Regulations 2004. If it appears likely that your request will cost more,
then NHS Digital is able to refuse to supply the information.  As per our
obligations under Section 16 of the FOI Act, every effort will be made to
provide you with details of how you may be able to reframe your request in
order for us to complete the required work within the (£450 / 18 person
hours) cost limit.

If you have any queries or should you wish to make a complaint about the
manner in which your request is being processed then please do not
hesitate to contact us at [1][NHS Digital request email] in the first
instance. Any complaints will be investigated in accordance with NHS
Digital's complaints procedure.

Further information about your rights under the Freedom of Information
Act, is available from the Information Commissioner's Office, Wilmslow,
Cheshire and on the NHS Digital website.

Kind Regards,

Contact Centre Team
NHS Digital
[2]www.digital.nhs.uk

0300 303 5678
[3][NHS Digital request email]

1 Trevelyan Square | Boar Lane | Leeds | LS1 6AE

You can find out more about our service, including our response times and
customer charter on the NHS Digital website:
[4]https://digital.nhs.uk/about-nhs-digital...

[5]Privacy and cookies

NHS Digital Customer Service Contact Centre in Leeds, has been awarded
Customer Service Excellence Standard Certification, In accordance with the
requirements of the Cabinet Offices Customer Service Excellence Standard

show quoted sections

NHS Digital Enquiries (NHS DIGITAL),

3 Attachments

Ref: NIC-252674-J9W5M 

Dear A Miller,

Many thanks for your recent request to NHS Digital.

We have now received a reply to this from our colleagues in the
Information Governance team.

Please see the attached file(s).

Kind Regards,

Contact Centre Team
NHS Digital
[1]www.digital.nhs.uk

0300 303 5678

[2][NHS Digital request email]

1 Trevelyan Square | Boar Lane | Leeds | LS1 6AE

HSCIC now operate under the new trading name of NHS Digital – clarifying
our role as the national information and technology partner for the health
and care system.

[3]Privacy and cookies

NHS Digital Customer Service Contact Centre in Leeds, has been awarded
Customer Service Excellence Standard Certification, In accordance with the
requirements of the Cabinet Offices Customer Service Excellence Standard

References

Visible links
1. http://www.digital.nhs.uk/
2. mailto:[NHS Digital request email]
3. https://digital.nhs.uk/about-nhs-digital...

Andrew Roberts left an annotation ()

2. I am referring to the Data Security and Protection Toolkit - so a full list of all organisations which
must comply with the Data Security and Protection Toolkit. By this, i do not want to see eligibility
criteria, just a list of named organisations which must comply with the toolkit.
NHS Digital does not hold a list of named organisations which must comply with DSP Toolkit.
We do hold:
1) The list of sites who have registered so far for the DSP Toolkit is available here:
https://www.dsptoolkit.nhs.uk/News/34. The deadline for completing a DSP Toolkit is 31st
March 2019.
2) And a list of all organisations who completed the previous framework, the IG Toolkit in the last
financial year, is available here: https://www.igt.hscic.gov.uk/Publication...
1%20Performance%20Report%20All%20Organisations.xlsx
Unless something has changed with the organisations (i.e. they are no longer processing
health and care data) these organisations would be expected to complete a Data Security and
Protection Toolkit in 18-19 but there may be others who now meet the eligibility criteria
(https://www.dsptoolkit.nhs.uk/Help/Attac...).