Our Data Protection Wellness Check will provide a comprehensive review of your existing organisational data protection infrastructure and identify areas of good practice and, importantly, any gaps in provision, in accordance with UK legislation.

Following the review, during which time we work closely with your information governance people and staff, we will produce an evaluation report which highlights good practice and provides our recommendations to address any areas for improvement.

Crucially, these Wellness Checks can support your organisation’s Care Quality Commission (CQC) inspection and Data Security and Protection Toolkit (DSPT) submission by ensuring that a thorough baseline of data protection compliance is in place.

Our Wellness Check is conducted using our internally developed assessment methodology. The key elements of this are:  

• a desk-based review of documentation such as policies and procedures  
• interviews with key staff which ensure we capture the diversity in staff experiences in relation to data protection.

Where areas for improvement are identified, we will make recommendations and suggest action plans in line with the your goals to achieve your desired level of compliance.

To further assist you in implementing our recommendations, we will assign each area a priority rating based upon the risks found. 

We will evaluate the following ten areas: 

1. Framework – What policies and procedures are in place?

2. Roles – Have information governance (IG) leads been appropriately designated?

3. Training – What is available to staff?

4. Credentials – Are applicable registrations and certifications held?

5. Registers – Are records of assets and processing activities held?

6. Risks – What is in place to identify and consider information risks?

7. Security – What is in place to protect data?

8. Retention – How is data stored and managed?

9. Sharing – How is data shared?

10. Consent – Is consent gained appropriately?

 Our Wellness Check provides:

• A clear understanding of what is going well and what aspects of your data protection infrastructure may need to be improved
• Recommendations to improve or enhance your working processes, which we can then assist with the implementation of where this would be helpful
• Independent assurance that your processes and systems are working as they should and providing the best value to your organisation
• Assurance to your customers that their personal data is processed in a secure and compliant manner whilst promoting transparency 

• Prevention of data breaches and reputational damage by taking control of your data protection framework as a pre-emptive measure 
• Facilitates staff engagement and learning

• Improved organisational effectiveness
• Improved compliance with data protection law. 

The NHS Midlands and Lancashire IG team has a wealth of experience in working closely with NHS and non-NHS health and care organisations, ensuring patients and individuals in their care are assured that their data is accessible to those who need it, yet safe and secure, complying with data protection legislation and guidance.

Contact us for more information at mlcsu.ig@nhs.net or 01782 916 875.