Information governance framework

At an early stage in the project, a set of Information Governance Principles were developed. This provides assurances that any data extracted will be safely and securely handled, and that the confidentiality of information in patient records is safeguarded. It describes principles and arrangements that will underpin SPIRE and to which the service will adhere to ensure patient confidentiality is always maintained.

Since then a detailed Privacy Impact Assessment and Project Overview (PIA) has taken place to provide more detailed information for an expert or technical audience. The PIA is intended to ensure that the community benefits of gathering and using information are realised with minimum personal privacy and security risks.

SPIRE benefits in summary include:

  • No persistent database, policy is to re-extract rather than warehouse data (Section 2.3)
  • GP person-identifiable data is pseudonymised at source, with good IT and Information Governance practice to mitigate threats (Section 2.2.3, Appendix 5B)
  • Only coded data is extracted, minimised for each query (Section 1.3B)
  • GPs can opt-out on each data extract (Section 1.3)
  • Patient opt-out is clear and simple (Appendix 4)
  • Online Notices of Fair Processing in advance of each data extraction (Section 2.5)
  • Onward read-only access of PID to Research is only if managed by Farr Institute following SHIP principles of separation of roles, and nil to others (Section 2.1)

Some frequently asked questions around Information Governance are answered in the FAQ section of the website.