[Skip to content]

East Midlands Strategic Health Authority
Search our Site
.

Information Governance and Security

Request

  • Contact details of the IM&T management structure
  • The Information Governance Manager
  • The IT Security Manager
  • Third Party that provides IM&T services
  • Where SUIs or near misses are published (last two financial years) on the website
  • Criteria for reporting to the ICO any breaches of the data protection act?  Full details of thers for the last two years

*******************************************

Our Response

Thank you for your two information requests which were received at NHS East Midlands.  

In accordance with S.1(1)(a) of the Freedom of Information Act 2000 (FOIA), I can confirm that we do hold some of the information relevant to your request. 

I will address each of your queries in turn:-

1.       Contact details of the IM&T management structure

          These are available via our website at the following link.  Please note that

           these are likely to be updated within the next 2 weeks 

           http://www.eastmidlands.nhs.uk/about-us/our-structure/strategic-imt

            The contact details for the senior team members are as follows:-

            Dave.Marsden@eastmidlands.nhs.uk (Director of Strategic IM&T)

            John.Clarke@eastmidlands.nhs.uk      (Deputy Director of Strategic IM&T)

2.       The information Governance Manager

          The NHS East Midlands Information Governance Manager is

           Fabian Henderson (Fabian.Henderson@eastmidlands.nhs.uk).

3.       The IT Security Manager

          NHS East Midlands does not have a position entitled IT Security Manager.

          The the role is performed by a combination of the Director of Strategic IM&T  

          (CIO)   and the HQ IT Manager.

4.       Third party that provides IM&T services

           See response to question 1.  This page also provides a link to our third party

           IT support provider. 

5.        Where SUIs  or near misses are published (last two financial years)

           on the website

           Some of the data that you require can be found on our website at the following

           link. 

            http://www.eastmidlands.nhs.uk/about-us/information-governance/information

          We are currently collating and reviewing more historical data and this will be   

          published in due course.  We are therefore of the view that Section 22 (1) (a)

          of the Freedom of Information Act 2000 is engaged as it is information

          intended for future publication.  We have considered whether the relying upon

          the exemption offered by Section 22 in relation to this request could in any way

          act to the detriment of our patients.  In the absence of any evidence that this is

          the case we are of the view that we can engage the exemption.  The public

          interest test supports waiting for the future publication of the information.  

6.      Criteria for reporting to the ICO any breaches of the data protection act?

          Full details of these for the last two years

          All data controllers have a responsibility under the Data Protection Act 1998

          to ensure appropriate and proportionate security of the personal data they

          hold.  (DPA 1998 7th Principle).  There is no legal obligation on data

          controllers to report breaches of security which result in loss, release or

          corruption of personal data.  However, the Information Commissioner believes 

          serious breaches should be brought to the attention of his Office.

          The nature of the breach or loss can then be considered together with

          whether the data controller is properly meeting his responsibilities

          under the DPA.  A copy of the Information Commissioner’s policy on this

          is attached.

         NHS East Midlands might, in the course of discussing an incident with a

         constituent organisation have asked or recommended that they contact the

         Information Commissioner but we do not routinely collect this information. 

         NHS East Midlands has not reported any DPA breaches to the Information

         Commissioner within the last two years.

         Our information governance policies can be found on our website via the

         following link:

http://www.eastmidlands.nhs.uk/about-us/policies-and-procedures/information-governance

I hope that this information is of use to you.  If dissatisfied with the way in which we   

have dealt with your enquiry you can write to:-

Mr Kevin Orford

Deputy Chief Executive and Director of Finance

NHS East Midlands

Octavia House

Interchange Business Park

Bostock's Lane

Sandiacre

Nottingham

NG10 5QG

If at the conclusion of any review you remain dissatisfied you may complain to the Information Commissioner who can be contacted at:-

The Office of the Information Commissioner

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF