This site is optimised for modern browsers. For the best experience, please use Google Chrome, Mozilla Firefox, or Microsoft Edge.

CRN East Midlands Information Governance Incidents Process

Contents

Process for reporting information governance incidents arising from CRN East Midlands funded activities

Introduction

The NIHR Clinical Research Network Coordinating Centre (CRN CC) expects all Local Clinical Research Networks (LCRNs) to have a process in place to report Information Governance (IG) incidents of a severe/significant nature arising from LCRN funded activities to the CRNCC IG Manager, using the dedicated mailbox: crncc.ig@nihr.ac.uk. Incidents of a severe/significant nature may typically include:

  • Breach one of the principles of the Data Protection Act (2018), General Data Protection Regulation (GDPR) and/or the Common Law Duty of Confidentiality. 
  • Unlawful disclosure or misuse of confidential data, recording or sharing of inaccurate data, information security breaches and inappropriate invasion of people’s privacy.
  • Personal data breaches which could lead to identity fraud or have other significant impact on individuals. 
  • Unauthorised disclosure of business information and potential confidentiality breach resulting in reputational damage.

The CRN CC expects to be notified by the LCRN within 2 - 4 working days of the said breach. CRN East Midlands has established this IG reporting process so as to ensure we can report any incidents arising within 2 - 4 working days of notification from our Partner organisations to the NIHR CRN Coordinating Centre. 

CRN East Midlands IG Leads

The CRN East Midlands is required to have in place an Information Governance Lead, whose role is to ensure prompt reporting of any IG events, as they arise. In addition to an IG Lead for the Network, there is an expectation that Partner organisations have a responsibility to manage and report any IG incidents through their existing procedures, within each organisation. The IG Leads for our Partner organisations are listed in Appendix 1 to this document.

Research Delivery

Any IG incidents arising from research delivery activities within Partner organisations will be reported to:

Penny Scardifield, Network Senior Research Nurse, penny.scardifield@nihr.ac.uk  and if not available to Daniel Kumar, Deputy Chief Operating Officer, daniel.kumar@nihr.ac.uk

Often this reporting will be via Senior Team Links as an initial point of contact.

LCRN Business

LCRN Business incorporates the Study Support Service (SSS), Finance, Business Intelligence, Workforce Development, Communications and PPIE activities. Any IG incidents arising from these business areas are to be reported to:

Elizabeth Moss (Finance), elizabeth.moss@nihr.ac.uk 

Daniel Kumar ( Finance, Communications and PPIE & Datix Lead), daniel.kumar@nihr.ac.uk

Michele Eve (Workforce Development, michele.eve@nihr.ac.uk

Goizeder Aspe Juaristi (Business Intelligence/Information), goizeder.aspejuaristi@nihr.ac.uk  

Roz Sorrie-Rae (Study Support Service), roz.sorrie-rae@nihr.ac.uk

Elizabeth Moss / Carl Sheppard (any other matters), elizabeth.moss@nihr.ac.uk / carl.sheppard@nihr.ac.uk

Process for IG incidents arising from Research Delivery in Partner organisations

Process for IG incidents arising from LCRN Business 

Appendix 1. IG contracts for CRN East Midlands Partner Organisation

Partner Organisation

IG Contact

Job Title

Email

Chesterfield Royal Hospital NHS Foundation Trust

Eddy Lewis

Data Protection Officer

crhft.dpo@nhs.net

Derbyshire Community Health Services NHS Foundation Trust

Hannah Fletcher

Information Development Manager

hannah.fletcher9@nhs.net

Derbyshire Healthcare NHS Foundation Trust

Nic Laban

Data Security and Protection Lead

n.laban@nhs.net

East Midlands Ambulance Service

Jeanette Kirk

Information Governance Manager

jeanette.kirk@emas.nhs.uk

Kettering General Hospital NHS Foundation Trust

Jonathan West

Information Governance Specialist

jonathan.west1@nhs.net

Leicestershire Partnership NHS Trust

Hannah Plowright

Sarah Ratcliffe

Data Privacy Officer

Group IG Lead

Hannah.Plowright@nhs.net

sarah.ratcliffe11@nhs.net

Lincolnshire Community Health Services NHS Trust

Kaz Scott

Information Governance and Data Protection Officer

LHNT.dpo-lchs@nhs.net

Lincolnshire Partnership NHS Foundation Trust

Andrew Scott

Information Governance Lead

Andrew.scott18@nhs.net

lpft.informationgovernance@nhs.net

Northampton General Hospitals NHS Trust

Sally Shocklidge

Head of Data Quality, Security and Protection

sally.shocklidge@ngh.nhs.uk

Northamptonshire Healthcare NHS Foundation Trust

Sarah Ratcliffe

Head of Clinical Systems and Governance/Data Protection Officer and LGSS on behalf of Northamptonshire Healthcare NHS Foundation Trust

sarah.ratcliffe@nhft.nhs.uk

Nottingham University Hospitals NHS Trust

Marc Smith

Lauren Leitch-Devlin

Tom Smith

Data Protection Officer

Information Governance Lead for Research and Innovation

Managing Director, Research and Innovation and Information Asset Owner for research and Innovation

DPO@nuh.nhs.uk

lauren.leitch-devlin@nuh.nhs.uk

Tom.Smith3@nuh.nhs.uk

Nottinghamshire Healthcare NHS Foundation Trust

Joy Fisher

Clinical Information Systems Manager

joy.fisher@nottshc.nhs.uk

Sherwood Forest Hospitals NHS Foundation Trust

Jacquie Widdowson

Information Governance Manager & Data Protection Officer

jacquie.widdowson@nhs.net

United Lincolnshire Hospitals NHS Trust

Maria Tute

Information Governance Manager

Maria.dixon@ulh.nhs.uk

University Hospitals of Derby and Burton NHS Foundation Trust

Anna Woodhouse

Head of Information Governance

anne.woodhouse1@nhs.net

University Hospitals of Leicester NHS Trust

Saiful Choudhury

Head of Privacy

saiful.choudhury@uhl-tr.nhs.uk