Information Governance & Data Protection - Data Security and Protection Toolkit (DSPT)
The data security and protection toolkit is an online self-assessment tool which provides an organisation with the ability to measure performance against the National Data Guardian’s 10 data security standards. The 2022/23 DSPT for NNPC produced a ‘ standar ds met’ response. See at Organisation Details (dsptoolkit.nhs.uk). This gives assurances that we are meeting the regulatory requirements for data protection. The nominated NNPC Caldicott Guardian is a member of the Board, and alongside the SIRO and the DPO, is committed to the privacy of its patients, staff, and the public. In the year 2022/23 there has been 1 data security or data protection incidents reported. The annual data security audit did not highlight any significant issues, and appropriate actions were taken to mitigate the reported incidents. These were supported by and validated by the DPO. There were no incidents reported to the Information Commissioner Office.
NNPC received no Subject Access Requests (SARs) during the year 2022/23.
NNPC is not subject to Freedom of Information legislation and did not receive any requests relating to this.
There was one data breach reported in 2022/23. Subsequent investigation demonstrated that one of the 19 North Norfolk practices was the data controller and we worked closely with the practice, the DPO and an external agency to provide the necessary information for the breach to be investigated. It was not ultimately reported to the ICO.
Infection Prevention & Control
The lead for IP&C at NNPC is Emma Smith, Director of Clinical Services and Quality.
The IP&C Deputy is by Simon Pitchers, Health & Safety Lead.
Both the IP&C Lead and deputy have undertaken an enhanced qualification (NCFE CACHE Level 2 certificate in the principles of the prevention and control of infection in Healthcare Settings) to validate their positions in the organisation. In the past year there has not been any significant events raised that related to infection control. There was 1 complaint related to cleanliness or infection control. Negative events are managed with the staff member who either identified or was advised of any potential shortcoming. All significant events and complaints are reviewed and discussed at the Quality Committee meetings each month. Any learning points are cascaded to all relevant staff where an action plan, including audits or policy review, may follow. In addition to staff being involved in risk assessments and significant events, at NNPC all staff and any contractors receive IP&C induction training on commencing their post. A record of this training is kept in the mandatory training schedule and is available for inspection. Thereafter, all staff receive refresher training annually.
NNPC Quality Account 2022/23
26 | Pa g e
Made with FlippingBook Digital Proposal Creator