As a statutory organisation, the CCG has a number of legal obligations to our patients, members, public and regulators. Please click the relevant section below to find out more about each of these:
Information Governance (IG) is a framework that ensures personal and corporate information is dealt with legally, securely, efficiently and effectively to appropriate ethical and quality standards.
Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources. Black Country and West Birmingham Clinical Commissioning Group (BCWB CCG) aims to safeguard patient confidentiality and maintain data security whilst empowering staff within BCWB CCG to perform their role within the parameters of the good information governance.
IG is the way in which the NHS handles all of its information, in particular the personal and sensitive information relating to patients and employees.
Our IG team ensures all of these requirements are met by raising awareness about data protection, confidentiality and information security, and by performing audits to ensure standards are maintained.
It provides a framework to ensure that personal information is dealt with legally, securely, efficiently and effectively, in order to deliver the best possible care.
It also offers BCWB CCG employees a clear structure to deal consistently with the many different rules about how information is handled, including those set out in the following policies and procedures:
- Information Governance and Security Handbook
- Acceptable Use Policy
- Corporate Records Policy
- Data Breach Policy and Procedure
- Data Protection and Confidentiality Policy
- FOI Policy
- Subject Access Request Policy
- Information Governance Policy
- Information Security Policy
All these policies are in the process of being harmonised and will be available in our publications scheme shortly.
It is imperative that the CCG ensures complete transparency in our decision-making processes through robust record keeping. Any declaration of interest, and arrangements agreed, in any meeting of the CCG, its committees or sub-committees and Governing Body should be recorded in the Register of Interests and in the relevant minutes.
In complying with the NHS England revised statutory guidance on Managing Conflicts of Interest (updated June 2017), and pursuant to our values, it is a requirement that BCWB CCG maintains and publishes a Register of Gifts and Hospitality. This can be found in our Conflicts of Interest Policy.
BCWB CCG will undertake an annual ‘check and balance’ review of our compliance against the NHS standards for emergency preparedness, resilience and response (EPRR). As part of this process, we present our assessment against these standards to the CCG Governing Body and develop an action plan for any areas that need to be strengthened. Supporting in a multi-agency setting as a Category 2 responder, the CCG has an EPRR Policy in place which outlines the responsibilities of the organisation in an emergency.
Click here to see the CCGs latest EPRR Policy.
The policy also outlines the governance process for reporting on EPRR within the organisation. The process includes an EPRR Working Group which reports directly to the Audit & Governance Committee which, in turn, reports to the Board. Additionally, our EPRR Core Standards assurance rating is submitted to Governing Body on an annual basis. The CCG's Board papers will be found here.
Supporting EPRR is the local requirement for Business Continuity. This is to ensure we maintain our ability to deliver essential services during a major incident or emergency situation e.g. a major security incident or an influenza pandemic. Effective Business Continuity Management is therefore about the identification, management and mitigation of particular risks to our ability to deliver these essential services. The Business Continuity Policy is supplemented by internal business continuity plans. There will be an overarching CCG-wide Corporate Plan for the organisation and separate “local” plans for each Directorate.
Click here to see the CCGs latest Business Continuity Policy.
For further information on the CCGs EPRR agenda, our Emergency Planning team can be contacted on 0121 612 1510.
As the BCWB CCG continues to integrate systems and services, these Fair Processing Notice’s will be amended as those changes occur.
This Fair Processing/Privacy Notice reminds you of your rights under data protection legislation (this includes the European General Data Protection Legislation 2016 and the UK Data Protection Act 2018) and demonstrates that the CCG is committed to protecting your privacy when you use our services in order to meet our obligations as a CCG.
If you're an employee of the Black Country and West Birmingham CCG, you can see the Staff Fair Processing/Privacy Notice here.
It also explains the choices you can make about the way in which your information is used and how you can opt-out of any sharing agreements that may be in place.
It covers information we collect directly from your or collect indirectly from other individuals or organisations for the CCG’s registered population.
This FPN is part of our programme to make transparent the data processing activities we are carrying out in order to deliver on our commissioning activities.
This Fair Processing/Privacy Notice will tell you:
- Why we collect information about you
- What types of information we collect, use, hold and process about you, including information we obtain directly from you and information we use from other sourc
- Who we share information with
- Your rights
- How we keep your information secure
- Who you can contact for more information.
We are happy to provide any additional information or explanation needed. Any request should be sent by email to BCWBCCG.firstname.lastname@example.org or by post to: Governance Team Civic Centre, St. Peter's Square, Wolverhampton WV1 1SH.
The CCG is committed to ensuring that our services, activities and communications are accessible to all local people, whatever their level of need. We are currently in the process of harmonising our accessibility policy, which will be available in our publications scheme.
The Freedom of Information Act came into force in 2005. The Act applies to all public authorities with the aim to make information available to any person (individual, company or any other body) on request. A request must be made in writing (including email). There are a number of exemptions that maybe applied to withhold information that should not be disclosed. The FOIA is retrospective and therefore includes information that is held by a public authority prior to 2005.
The Environmental Information Regulations (EIR) were also implemented during 2005. Unlike the FOIA, an EIR request can be made verbally or in writing. There are exemptions that can be invoked to withhold the releasing of sensitive data.
Under the Freedom of Information Act any person may make a request for information and must be treated applicant and motive blind. The organisation has up to 20 working days to respond to the request.
The BCWB CCG FOI policy will be available in our publications scheme.
Our disclosure log is also contained in our publications scheme. Here, you can view responses to previous FOIA requests. Before you submit a new request, you may wish to view the disclosure log to see if the information is already available.
Main Features of the Act
- A general right of access from the 1st January 2005 (subject to certain conditions and exemptions) to all information held in recorded form
- To inform the applicant if the information is held
- To adopt a publication scheme – click here to visit our publications scheme.
Submitting a request
To submit a Freedom of Information request you can either send it in writing to Black Country and West Birmingham Clinical Commissioning Group, Governance Team Civic Centre, St. Peter's Square, Wolverhampton WV1 1SH or email: BCWBCCG.email@example.com
Privacy by Design
Privacy by design is an approach to projects that promotes privacy and data protection compliance from the start. The UK General Data Protection Regulation (GDPR) confirms that privacy must be designed into the processing of personal data by default. This ‘privacy by design’ concept is not new and for many years has been recommended by the Information Commissioner’s Office (ICO).
It is important for us to ensure that privacy and data protection is a key consideration in the early stages of a new project, and then throughout is life cycle. For example when:
- Commissioning services where data access or sharing is required
- Developing databases for storing or accessing data
- Developing policies or strategies that have privacy implications
- Embarking on a data-sharing initiative; or
- Using data for new purposes
Using the privacy by design approach is an essential tool in minimising privacy risks and building trust. Designing projects, processes, products or systems with privacy in mind at the outset can lead to benefits which include:
- Identifying potential problems at an early stage, when addressing them will often be simpler and less costly
- Increasing awareness of privacy and data protection across the CCG
- We are more likely to meet the legal obligations and reduce breaches of the Data Protection Act 2018
- Actions are less likely to be privacy intrusive and have a negative impact on individuals
Data Protection Impact Assessments
Data Protection Impact Assessments (DPIAs) are an essential part of taking a privacy by design approach. DPIAs are a tool that you can use to identify and reduce the privacy risks of your projects. A DPIA can reduce the risks of harm to individuals through the misuse of their personal information. It can also help you to design more efficient and effective processes for handling personal data.
Please find the DPIA templates here.
You can find more information on the Information Commissioners website.
Please remember a DPIA must be reviewed and signed off by the Data Protection Officer before a project or processing begins. If you require any support please contact the IG team on firstname.lastname@example.org.