Digital Information Sharing - Safeguards and Confidentiality

Paul Welch made this Freedom of Information request to Cardiff and Vale University Health Board Automatic anti-spam measures are in place for this older request. Please let us know if a further response is expected or if you are having trouble responding.

The request was successful.

Dear Cardiff and Vale University Health Board,

The Welsh Parliament Equality and Social Justice Committee, Use of Personal Data in the Welsh NHS recording refers to the sharing of patient data and the controls required to ensure privacy and confidentiality of the record.

As an individual concerned about the amount of information being shared digitally with inadequate safeguards, under the Freedoms of Information Act please can you provide information on the following :

• Who is your appointed Caldicott Guardian and Senior Information Risk Owner?
• Made reference in the above Committee - Do you have access to the National Integrated Audit System? If so, how many times do you utilise on a weekly basis over the past 12 months.
• In the past 2 years how many employees have been disciplined for inappropriate access to patient data (broken down by digital and paper records).
• What percentage of your total employed or contracted staff are compliant with any nationally available mandated Data Protection training?
• How many employees do you have that are directly responsible for providing advice on matters of Data Protection and Confidentiality.
• How many Subject Access Requests have you received from patients over the past 12months.

Yours faithfully,

Paul Welch

FOI Requests (Cardiff and Vale UHB - Information Governance), Cardiff and Vale University Health Board

Dear Paul Welch,

I am writing in response to your email below requesting information from Cardiff and Vale University Health Board (the UHB) under the Freedom of Information Act 2000.

The Freedom of Information Act 2000 gives individuals the right to access official information. The Act allows the right to request any recorded information held by a public authority, such as Cardiff and Vale UHB. A request can be made for any information it is thought a public authority may hold. The right only covers recorded information which includes information held on computers, in emails and in printed or handwritten documents as well as images, video and audio recordings.

A request can take the form of a question, rather than a request for specific documents, but an authority does not have to answer your question if this would mean creating new information or giving an opinion or judgment that is not already recorded.

As you are making a request under the Freedom of Information Act the UHB will consider your request in accordance with the Act and in line with the appropriate guidance issued by the Information Commissioner as detailed below.

The UHB will:

• identify which questions amount to requests for information held on record;

• be ready to offer advice and assistance that is reasonable in the circumstances; and

• provide a response in line with the requirements of the legislation.

I would now like to confirm that your request has been forwarded to the relevant department to action. A further response will be issued in due course.

As your request is being dealt with under Freedom of Information, there is a deadline of 20 working days for a response to be issued.

Yours sincerely,

Guillaume Bigsby
Information Governance
Cardiff and Vale University Health Board
02920 744870

show quoted sections

FOI Requests (Cardiff and Vale UHB - Information Governance), Cardiff and Vale University Health Board

1 Attachment

Dear Paul Welch,

I am writing further to your email below requesting information from Cardiff and Vale University Health Board (the UHB) under the Freedom of Information Act 2000.

I can now confirm that the UHB has completed a search of its records and has established it does hold information falling within the confines of your request and is in a position to respond to your request. Please see attached above the information that can be disclosed which I trust is sufficient for your purposes.

If you are unhappy with the service you have received in relation to your request and wish to make a complaint or request an Internal Review of our decision, please let us know and we will refer your request to the UHB’s Head of Risk and Regulation.

If you are not content with the outcome of any complaint, you may apply directly to the Information Commissioner for a decision. Generally, the Information Commissioner’s Office (ICO) cannot make a decision unless you have exhausted the complaints procedure provided by the UHB. Contact details for the ICO can be found here: https://ico.org.uk/about-the-ico/who-we-...

Should you have any queries or need clarification on any aspect of this response, please do not hesitate to contact me directly by responding to this email.

Yours sincerely,

Guillaume Bigsby
Information Governance
Cardiff and Vale University Health Board
02920 744870

show quoted sections