Common use of Information Sharing and Data Handling Clause in Contracts

Information Sharing and Data Handling. 10.1 The Parties agree to be bound by the Data Sharing Protocol and to continuance of the existing agreement to use the Scottish Accord on the Sharing of Personal Information (SASPI), in respect of information sharing. 10.2 The Parties have developed an Information Sharing Protocol which covers guidance and procedures for staff for sharing of information. 10.3 All staff managed within the delegated functions will be contractually required to comply and adhere to respective local information security policies and procedures including data confidentiality policies of their employing organisations and the requirements of Argyll and Bute Integration Joint Board’s agreed Information Sharing Protocol. 10.4 The Parties have established a group to agree the Information Sharing Protocol and procedures before 1st April 2016. Agreements and procedures will be reviewed annually by the group, or more frequently if required. The NHS Highland Information Assurance Group and Argyll and Bute Council Information Security Forum, acting on behalf of the Parties will meet annually to review the Protocol and will provide a report detailing recommendations for amendments, for the consideration of Argyll and Bute Integration Joint Board. In the event of amendment being required outside of that timescale the NHS Highland Information Assurance Group and Argyll and Bute Council Information Security Forum acting on behalf of the Parties will meet, agree the recommended amendment(s) and provide this information to the Chief Officer, who will then appropriately inform ▇▇▇▇▇▇ and Bute Integration Joint Board. 10.5 With regard to individually identifiable material, data will be held in both electronic and paper formats and only be accessed by authorised staff, in order to provide the patient or service user with the appropriate service. In order to provide fully integrated services it may be necessary to share information within the delegated functions and with external agencies. Where this is the case Argyll and Bute Integration Joint Board will seek the consent of the service user for the sharing of data, unless a statutory requirement exists. In order to comply with the Data Protection Act 1998, Argyll and Bute Integration Joint Board will always ensure that personal data it processes will be handled fairly, lawfully and within justification. 10.6 In order to comply with the Data Protection Act 1998 Argyll and Bute Integration Joint Board will ensure that any personal data that it holds will be processed in line with the Data Protection Principles contained within Schedule 1 of the Act.