Policies

The request was partially successful.

Dear London North West University Healthcare NHS Trust,

1) please can you send me a copy of the current subject access request acknowledgment AND response letter that you use
2) a copy of the last 5 dpias completed
3) a copy of any internal mandatory information governance training that you give to staff which was written in the last 2 years including presentation slides and videos and any other media
4) a copy of any instructions given to staff members to reduce data security breaches, for example double checking work which was written in the last 5 years
5) a list of any policies implemented in the last 2 years within the organisation to help reduce the environmental impact that the organisation has?

Yours faithfully,

tim wells

FOI (LONDON NORTH WEST UNIVERSITY HEALTHCARE NHS TRUST), London North West University Healthcare NHS Trust

Dear Mr Wells,

 

Thank you for your recent email to London North West University Healthcare
NHS Trust, which I can confirm is being treated as a FOI (Freedom of
Information) request.

 

Please note that our reference number for this request is 2533-19 (*please
quote this on all correspondence)

 

Should you have any further queries or information related to this
request, please do not hesitate in replying to this email.

 

Kind regards

 

FOI Team

London North West University Healthcare NHS Trust

[1][email address]

 

 

show quoted sections

FOI (LONDON NORTH WEST UNIVERSITY HEALTHCARE NHS TRUST), London North West University Healthcare NHS Trust

4 Attachments

Dear Mr Wells,

 

FOI Ref: 2533-19 (*Please quote this reference number on all
correspondence)

 

Please find below the response to your Freedom of Information request to
London North West University Healthcare NHS Trust.

 

You may re-use this information (except for logos) under the terms of the
Open Government Licence^1.  If you would prefer to receive the information
in an alternative electronic format, please let us know.

 

Please let us know if you require more details or further clarification. 
You can find out more about the Trust and our publication scheme at our
website^2.

 

I am now in a position to respond to your noted questions/query as
follows;

 

1)      please can you send me a copy of the current subject access
request acknowledgment AND response letter that you use

 

Please find attached PDFs (1.1) ‘Application for subject access to health
records’ (1.2) ‘Subject Access Request for Health Records.  Requestor
information sheet.’

 

2)      a copy of the last 5 dpias completed

 

The Trust has engaged section 40(2) of the Act, as disclosure of such
documentation may constitute disclosure of personal identifiable data,
owing to the type of data recorded within DPIAs.

 

3)      a copy of any internal mandatory information governance training
that you give to staff which was written in the last 2 years including
presentation slides and videos and any other media

 

Owing to the manner in which this information is recorded, it is not
possible to supply such data.  In this instance, the Trust has also
engaged section 31(1) (a) of the Act, which exempts information if its
disclosure is likely to prejudice the prevention or detection of crime.

 

In this instance, disclosure of any Information Governance presentations
may harm the methods adopted by the Trust in advising staff of the best
practices in reducing any potential data security breaches, which may
jeopardise the Trust’s security systems and harm the detection of both
data and cyber-crime, which a malicious party may choose to exploit.

 

4)      a copy of any instructions given to staff members to reduce data
security breaches, for example double checking work which was written in
the last 5 years

 

The Trust has engaged section 31(1) (a) of the Act, which exempts
information if its disclosure is likely to prejudice the prevention or
detection of crime. 

 

The Trust disclosing the method by which it attempts to reduce any
potential data security breaches (Inc. the type of security training staff
receive) may jeopardise the Trust’s security systems and harm the
detection of both data and cyber-crime, which a malicious party may choose
to exploit.

 

The Trust has a duty (*and is currently in the process of) publishing (via
Trust Website) any FOI requests the Trust may receive.  Therefore, the
Trust would be obliged to publish any data we may disclose under FOI,
which as aforementioned, which may pose a potential risk to our internal
security systems, which includes staff data security training.

 

5)      a list of any policies implemented in the last 2 years within the
organisation to help reduce the environmental impact that the organisation
has?

 

Please find attached PDF (1.4) a copy of the Trust’s ‘Environmental
Policy’.

I hope this information helps, however, should you be dissatisfied with
our response, please use our FOI review process by contacting
[1][email address] or writing to:

Information Governance Manager (FOI Review)

Information Governance

Northwick Park Hospital

P Block

Watford Road

Harrow

HA1 3UJ

 

Please be aware that reviews will not be conducted via public forum, and
we will require your name and contact address in order to respond.

 

If you remain dissatisfied after a review, you have the right under s50 of
the Act to apply to the Information Commissioner’s Office for a decision.

 

Further details about this and the Act can be found on their website^3.

 

^1 Either version 3 or, at your discretion, any later version –
[2]http://www.nationalarchives.gov.uk/doc/o...

^2 [3]https://www.lnwh.nhs.uk/about-us/freedom...

^3 [4]http://www.ico.org.uk

 

FOI Team

London North West University Healthcare NHS Trust

[5][email address]

 

 

show quoted sections