Who is your appointed Caldicott Guardian and Senior Information Risk Owner?
• Made reference in the above Committee - Do you have access to the National Integrated Audit System? If so, how many times do you utilise on a weekly basis over the past 12 months.
• In the past 2 years how many employees have been disciplined for inappropriate access to patient data (broken down by digital and paper records).
• What percentage of your total employed or contracted staff are compliant with any nationally available mandated Data Protection training?
• How many employees do you have that are directly responsible for providing advice on matters of Data Protection and Confidentiality.
• How many Subject Access Requests have you received from patients over the past 12months.
Thank you for your request dated 14 November 2023.
Who is your appointed Caldicott Guardian and Senior Information Risk Owner?
Caldicott Guardian – Dr Fu Meng Khaw, National Director Health Protection and Screening Services, Executive Medical Director
Senior Information Risk Owner – Iain Bell, National Director for Public Health Knowledge and Research
Made reference in the above Committee - Do you have access to the National Integrated Audit System?
Public Health Wales has access to the National Intelligent Integrated Audit System (NIIAS).
If so, how many times do you utilise on a weekly basis over the past 12 months.
This information is not held by Public Health Wales. The NIIAS system is managed by Digital Health and Care Wales who carry out auditing of the system. They can be contacted here:
Digital Health and Care Wales
Freedom of information - Digital Health and Care Wales (nhs.wales)
In the past 2 years how many employees have been disciplined for inappropriate access to patient data (broken down by digital and paper records).
In the past two years there were seven investigations held for inappropriate access to digital records. Following investigation, formal disciplinary action was taken on four occasions. There were none for paper records in this time.
What percentage of your total employed or contracted staff are compliant with any nationally available mandated Data Protection training?
89% (up to 31st October)
How many employees do you have that are directly responsible for providing advice on matters of Data Protection and Confidentiality.
Three Employees
How many Subject Access Requests have you received from patients over the past 12 months.
36
If you are unhappy with the service you have received in relation to your request and wish to make a complaint or request a review of the decision, you should write to the Corporate Complaints Manager, Public Health Wales NHS Trust, 3, Number 2, Capital Quarter, Tyndall Street, Cardiff, CF10 4BZ.
If you are not content with the outcome of your complaint or review, you may apply directly to the Information Commissioner for a decision. Generally, the ICO cannot make a decision unless you have exhausted the complaints procedure provided by the Trust. The Information Commissioner can be contacted at:
Information Commissioner for Wales
2nd Floor
Churchill House
Churchill Way
Cardiff
CF10 2HH
Telephone: 029 2067 8400
Email: wales@ico.org.uk