By providing us with your details, you are giving your consent that your personal information may be processed for the purposes necessary to conduct and improve our services. When collecting your personal information we will explain what we intend to do with it.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Most web browsers allow some control of cookies through the browser settings. To find out more about cookies, including how to see what have been set and how to manage and delete them, visit www.allaboutcookies.org.
If you do not wish to receive any information from us please let us know at the point you first contact us or by emailing firstname.lastname@example.org
If you already receive correspondence from the Information Sharing Gateway and no longer want to, please email email@example.com. We will remove your details from any tools or products and will stop any communications updates.
All personal information is handled with the utmost care and attention - whether on paper, electronically, or other means - and safeguards are in place to ensure the Data Protection Act 1998 is adhered to.
You are entitled to obtain a copy of the personal information held about you by the Information Sharing Gateway. Any request to access or obtain a copy of this information will be considered under Section 7 of the Data Protection Act.
To make a request for personal information, email firstname.lastname@example.org
There are robust security measures in place for all personal information held by the Information Sharing Gateway to protect against the loss or alteration of information under the organisation's control. If you have any questions about our privacy notice or the information we hold please contact us at email@example.com. See the systems Security Statement for more details.
Our privacy notice only relates to information that we obtain from you. If you visit a website operated by a third party through a link included on this website your information may be used differently by the operator of the linked website. When you are moving to another site you are advised to read the privacy notice relating to that website.
The Information Sharing Gateway is a web-based system provided over an encrypted connection and hosted by AIMES on behalf of University Hospitals of Morecambe Bay NHS Foundation Trust (‘Support Service’). The provision of secure application hosting covers; hosting business applications, high performance computer processing and data storage and manipulation, servers and secure storage.
AIMES has exceptional security standards and regimes which they adhere to. These can be summarised as;
AIMES meets the NHS criteria for information security and governance. AIMES (Organisation Code 8J121) completes the Department of Health’s Information Governance Toolkit on an annual basis and their version 14 submission for 2016/17 has been reviewed and classed as meeting the NHS criteria for information security and governance (Level 3). Status can be viewed on the IG Toolkit website via the IGT Reports section: http://tinyurl.com/pocrc32
AIMES is located at Liverpool Innovation Park, a designated technology park which is surrounded by secure metal fencing. There is a single point of entry, with a security lodge that is manned on a 24-hour basis. Within the security lodge guards control the external CCTV and perimeter protection cameras and carry out hourly foot patrols of the park.
Access controls include;
Prior to Employment: AIMES has introduced a number policies and procedures that ensure that employees, contractors and third party users understand their responsibilities, and are suitable for the roles they are considered for, and to reduce the risk of theft, fraud or misuse of facilities.
During employment: AIMES has introduced a number policies and procedures that ensure that all employees, contractors and third party users are aware of information security threats and concerns, their responsibilities and liabilities, and are equipped to support the organizational security policy.
After Employment: AIMES has introduced a number policies and procedures that ensure that employees, contractors and third party users exit our organization or change employment in an orderly manner.
Full AIMES security arrangements are detailed in the AIMES Security Overview document available from the Resources tab.
Support Operations Security
It is your responsibility to ensure that you understand and comply with these terms and conditions. It ensures that:
If you have any questions about these terms and conditions, you should contact the Information Sharing Gateway Administration Team at firstname.lastname@example.org
The Information Sharing Gateway team reserves the right to update this document as necessary.
To register an organisation you need to have
To provide an assurance level of either None, Limited or Significant, each organisation, whether lead or sponsored, must provide details on:
The system will then rate the organisation dependant on the answers to the screening questions.
Where organisations do not meet 'Significant Assurance', organisations must provide details of improvement plans in the organisations assurance submission.
Assurance will be reviewed by each organisational annually, if assurance levels change each partner organisation will be informed.
These should be approved by each of the Partner Organisations involved electronically by each organisation's Accountable Officer or their delegate (individual authorised by the Accountable Officer to approve on their behalf).
The data contained in the data flow, privacy assessments and data sharing agreements remain the property of the organisations they relate to. Any downloads taken from the system also remain the property of the organisation and remain their responsibility.
The data sharing agreement with associated data flows and privacy assessments should be reviewed by a suitably qualified individual or committee/group within each organisation. The minimum review period should be annually, or as specified by the Partner Organisations involved ensuring the Agreement remains fit for purpose and that the information sharing is continuing to effectively achieve its objectives. This Agreement will remain in force irrespective of whether the Agreement has been officially reviewed until a notice of termination is served.
At the point where the data sharing agreement is no longer required, the agreement, associated data flows and privacy assessment will be archived. These records will not be deleted from the system until they have reached their end of their retention period and not without the prior approval of each partner organisation.
Should a record be required to be stored longer than retention period, then the Information Sharing Gateway governance group must be consulted with a documented business reason for the retention period extension.
The records remain the property of the partner organisations at all times, it is the responsibility of each organisation to manage the record management cycle of the agreement.
In the event of a dispute arising, authorised representatives of the each Partner Organisation involved will discuss and meet as appropriate to try to resolve the dispute within seven calendar (7) days of notification. If the dispute remains unresolved, it will then be referred to the Accountable Officer from each of the Partner Organisation who will use all reasonable endeavours to resolve the dispute within a further fourteen calendar (14) days.
In the event of failure to resolve the dispute through the steps set out above the organisations agree to attempt to settle it by mediation from another organisation that is not privy to the dispute or the Information Sharing Gateway governance group.
Any Organisation may leave this Agreement by giving their Partner Organisation’s notice using the Information Sharing Gateway. The Partner Organisation can approve or reject as necessary.
Any proposed changes, for example changes to organisations involved in the Agreement, the purposes of the information sharing, the nature or type of information shared, the manner in which the information is to be processed must be notified to the each Partner Organisation’s Accountable Officer or their delegates so the impact of the proposed changes can be assessed.
No variation of the Agreement shall be effective unless the agreement is amended accordingly and is electronically signed by all involved organisations.
Each Partner Organisation is responsible for putting into place effective procedures to address complaints about data sharing and subject access requests relating directly to their information. Information about these procedures should be made available to patients via each organisation's Fair Processing / Privacy Notice.
It is recommended that organisations where information is recorded in each organisations record should agree and record how subject access requests and complaints are managed after the agreement is signed off.
Each Partner Organisation must have contact details recorded on the Information Sharing Gateway which show where subject access request and complaints should be directed.
The Partner Organisations recognise that public bodies are subject to the requirements of the Freedom of Information Act 2000 ("FOIA") and the Environmental Information Regulations ("EIR"). Any such requests relating to information governed by the recorded agreements should be directed promptly to the relevant recorded individual Partner Organisation.
The Partner Organisations shall notify the Governing Group of any such request and assist and co-operate with the Governing Group to enable compliance with any obligations under the FOIA and the EIR.
The Partner Organisations are subject to a variety of legal obligations, and statutory and other guidance in relation to the sharing and disclosure of information, including (without limitation):
This is not an exhaustive list and other legislation applies in specific circumstances.
System support / Super Administration is provided by University Hospitals of Morecambe Bay NHS Foundation Trust Innovation, Information and Informatics Service. The service is provided 5 working days a week 9am to 5pm.
The support can be contacted via email only using the contact form on the system or using email@example.com
UHMB undertake to respond to your request within ONE working day, with an estimate of time to fix based on the following:
The Super Administrator will have full, unrestricted access to the ISG to enable support to be carried out in a speedy and efficient manner. The Super Administrator will remind you that they are accessing the ISG in this manner. The Super Administrator will sign up to the UHMB Code of Conduct for IT administrators, a copy of which can be made available on request.
Neither this sub-group nor UHMB (as hosts) give any warranty as to the accuracy of the information entered into the system by organisations. It is the express responsibility of organisations to verify, by their own means, the accuracy of the information supplied by the organisation with whom they are to share information.
No parties within this group will commercially exploit this system, without the expression permission of all the other member organisations.
If the system is decommissioned the data held will be returned to the originating organisation. If a specific format is required this must be discussed with the System Support to ensure that if it feasible. The data will be transferred securely and with sent and received receipts.