Greater Manchester Information Sharing Protocols
The Greater Manchester Information Governance Group has developed and agreed an Information Sharing Protocol to enable those organisations signed up to it to govern information sharing.
Download the protocol here
|Information Sharing Protocol||74 KB|
Bridgewater Community Health Care NHS Trust
Bolton Hospitals NHS Trust
Central Manchester and Manchester Children's University Hospitals NHS Trust
Pennine Acute Hospitals NHS Trust
University Hospital of South Manchester NHS Foundation Trust
Wrightington, Wigan and Leigh NHS Foundation Trust
Greater Manchester West Mental Health NHS Foundation Trust
Manchester Mental Health and Social Care NHS Trust
The Christie NHS Foundation Trust
Tameside Hospital NHS Foundation Trust
Pennine Care NHS Foundation Trust
Trafford Healthcare NHS Trust
Salford Royal NHS Foundation Trust
Clinical Commissioning Groups
Central Manchester CCG
Heywood, Middleton & Rochdale CCG
North Manchester CCG
South Manchester CCG
Tameside & Glossop CCG
Wigan Borough CCG
Oldham Metropolitan Borough Council
Tameside Metropolitan Borough Council
Manchester City Council
Rochdale Metropolitan Borough Council
Stockport & District MIND
High Level Northern Trust
New Charter Housing Group
Greater Manchester Police
Greater Manchester Resilience Forum
Information Governance Protocol
This overarching protocol sets out the general principles of Information Governance that the above organisations have signed up to.
It provides a framework for safeguarding the processing of all personal confidential information.
The protocol will be supplemented in some circumstances by individual locally agreed protocols for specific populations/initiatives. These will set out detailed purposes and operational procedures for the
sharing of information.
1. The Information Governance Toolkit defines the minimum standards for Information
Governance for health and social care. Where applicable, each organisation is committed to
undertaking, following and complying with the Information Governance Toolkit.
2. Each organisation signing this protocol shall have appointed a responsible officer who will
ensure the protection of personal information e.g. Caldicott Guardian or senior manager
2responsible for data protection.
3. Each organisation signing this protocol will be taking appropriate organisational and technical
measures towards compliance with Data Protection Act 1998, Caldicott, ISO 27001 Series of Information Security Standards, Freedom of Information Act 2000 and national guidance and
rules around processing personal confidential information and other relevant legislation.
4. Each organisation, where appropriate, is committed to identifying, documenting and risk
mitigation of data flows (as required) by the IG Toolkit. A template for documenting information
flows is attached.
5. Each organisation is committed to ensuring staff are appropriately trained and comply with
organisational policies in relation to Information Governance, including data protection,
confidentiality, Caldicott, Information Security, Records Management and Freedom of
6. Organisations signed up to this protocol will promptly notify any other relevant co-signees of
this protocol of any Information Governance breach.
7. This protocol will be reviewed in October 2015 (unless any changes to legislation or national
policy warrant an earlier review).
1. The Information Governance Toolkit is an online performance tool produced by the Department of
Health (DH) and hosted by the Health and Social Care Information Centre. It allows NHS organisations and partners to assess themselves against DH information governance policies and standards. https://nww.igt.hscic.gov.uk
2. In Health and local authorities, this may be the Senior Information Risk Owner (SIRO). Other agencies may not have these identified roles and, therefore, it will be a senior manager responsible for ensuring compliance with Data Protection.
How we protect your information
The sensitivity of patient information is well understood within the NHS. (All staff are given training on their duty of confidentiality to you). We keep paper and electronic records securely to prevent unauthorised access in line with current legislation. Wherever practicable, we also remove references to personal details such as your name and address, and often restrict it further e.g. for statistics, to reduce the chances of anyone identifying a record as relating to you.
Managing the data
We need to be more able to move electronic information from system to system, extracting the data, processing it and modifying it for the next system. Occasionally, tests will need to be made on the data to check that it has been transferred correctly. This will only be done under carefully controlled conditions and employees and contractors will be under strict contractual obligations to protect your confidentiality.