❗

Incident Reporting

Overview of procedure

All information incidents (whether involving PCD or not) must be reported to the Senior Information Risk Owner, the DPO, Caldicott Guardian or IG Lead. This should happen as soon as the issue is detected.

‣

These incidents include:

‣

The report should detail:

In order to report any incidents, please use the IG Incident Reporting form

Management of Incidents

Incidents will be managed in accordance with the organisation’s Data Incidents Policy and Processes. All information incidents will be investigated by the relevant manager or if not appropriate by a manager nominated by the SIRO.

Categorisation of the Incident will be undertaken in accordance with the policy and procedure.

Investigation of Incidents

In addition to the requirements of the standard investigation procedure, it is vital to identify whether PCD was affected or may be affected in any incident or suspected incident. It is important to quickly identify what data may have been lost or breached, in order to ensure that the investigation and response is comprehensive and can address the organisation’s obligations under Data Protection Legislation.

Key Questions that need to be addressed as part of any investigation, whether this involves PCD or not, are:

What happened? Did something go wrong? What things went well?
How did it affect the patient, you, and the business or healthcare process?
Could it have been avoided?
Can it be stopped from happening again? What action needs to be taken by whom and when?
What learning or development need has this highlighted for you (to put into your personal development plan)?
What learning or personal development need has it highlighted for others?

Incidents will be reviewed:

When they occur
During monthly steering groups
At the annual IG review

Incident Conclusion

Any report on the incident will be provided to the SIRO, Caldicott Guardian or DPO as appropriate. These reports will provide a timeline of the incident, the background and highlight key points.

Any follow up actions will be taken in accordance with policy, at the direction of the relevant senior manager and in discussion, where relevant, with HR.

Annual reviews

As part of our annual IG review, we ensure that any incidents and subsequent reports are reviewed so that any learnings can be incorporated into future IG strategy.