Keeping your information secure - Southport & Ormskirk Hospital

Confidentiality affects everyone.

The Trust collects, stores and uses large amounts of personal and special category personal data every day, such as medical records, personal records and computerised information. This data is used by many people in the course of their work.

We take our duty to protect personal information and confidentiality very seriously and we are committed to comply with all relevant legislation and to take all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.

Data Protection Officer (DPO)

The Trust must have procedures in place to make sure that the DPO is consulted on all data protection matters at an early stage (as part of privacy by design and default).

The Trust must ensure that the DPO role is independent, free from conflict of interest and reports directly to the highest management level of the organisation – there are specific roles that the DPO cannot perform in conjunction with this new role.

The DPO must have expert knowledge of data protection law and practices and the ability to acquire detailed understanding of the organisation’s business, the purposes for which it processes, or intends to process personal data. The DPO’s responsibilities include:

Informing and advising organisations about complying with GDPR and other data protection laws
Monitoring compliance with GDPR and data protection laws – including staff training and internal audits
Advising on and monitoring data protection impact assessments.
Cooperating with the ICO
Being the first contact point for the ICO and citizens in terms of data processing

The Trust’s Data Protection Officer is Sharon Katema, Associate Director of Corporate Governance and Data Protection Officer, email soh-tr.dpo@nhs.net.

Senior Information Risk Owner (SIRO)

The Senior Information Risk Owner should be an executive director or other senior member of the board (or equivalent senior management group/committee).

The SIRO may also be the Chief Information Officer (CIO) if the latter is on the board but should not be the Caldicott Guardian, as the SIRO should be part of the organisation’s management hierarchy rather than being in an advisory role. The key responsibilities of the SIRO are to:

Oversee the development of an Information Risk Policy, and a strategy for implementing the policy within the existing Information Governance framework
Take ownership of the risk assessment process for information and cyber security risk, including review of an annual information risk
Review and agree action in respect of identified information risks
Ensure that the organisation’s approach to information risk is effective in terms of resource, commitment and execution and that this is communicated to all staff
Provide a focal point for the resolution and / or discussion of information risk issues
Ensure the board is adequately briefed on information risk issues
Ensure that all care systems information assets have an assigned Information Asset Owner

The Trust’s Senior Information Risk Owner Steve Shanahan, Director of Finance.

Caldicott Guardian

The Caldicott Guardian is a senior person within a health or social care organisation who makes sure that the personal information about those who use its services is used legally, ethically and appropriately, and that confidentiality is maintained.

Caldicott Guardians provide leadership and informed guidance on complex matters involving confidentiality and information sharing.

The Trust’s Caldicott Guardian is the Medical Director Dr Kate Clark.

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others

Translate