IG Support and Data Protection Officer Service to the Norfolk and Waveney GP Practices

A Tender Notice
by NHS ARDEN AND GREATER EAST MIDLANDS COMMISSIONING SUPPORT UNIT

Source: Contracts Finder
Type: Contract (Services)
Duration: 2 year
Value: £360K

Sector: TECHNOLOGY
Published: 15 Mar 2023
Delivery: 03 Jul 2023 to 30 Jun 2025
Deadline: 14 Apr 2023 09:00

Concepts

Location

Geochart for 1 buyers and 0 suppliers

1 buyer

NHS Arden & Greater East Midlands CSU Norwich

Description

NHS NORFOLK & WAVENEY ICB invite bids from suitably qualified suppliers to provide information governance advice and guidance support service, together with a named Data Protection Officer. The requirement will include: Data breaches • The provision of advice and/or support to practices on the investigation of possible information security breaches and incidents. • Advice on incident/breach assessment and reporting via the incident reporting tool within the DSPT to NHS England and reporting to the ICO (dependent upon severity of incident). • Advice on assessment and reporting via the incident reporting tool within the DSPT to NHS England and ICO (dependent upon nature and severity of the breach). • Advice on post-incident reviews and recommended actions for practice implementation. To lead or direct data breach reviews and investigations where highly specialist knowledge is required or complex multi-party issues are involved. Service Provider as data processor will: • To take action immediately following a data breach or a near miss, alerting promptly the practice as data controller and with a report made to the senior management within the ICB and the practice within 12 (working) hours of detection. • Report data breaches in line with NHS guidance (using the incident reporting tool within the DSPT) and legal requirements immediately following detection. • Provide a Lessons Learned Report (with relevant action plan as appropriate) to the ICB within 2 weeks of the recorded resolution of the incident. IG Policy Support • Support for the production and maintenance of local information governance policies and procedures for practices. Provision of advice and support to practices on approval, ratification and adoption of the policies for their organisation. Support for the Data Security and Protection Toolkit compliance • Provide advice and guidance to practices on how to complete the DSPT, including the collection and collation of evidence in support of DSPT submissions. Provide practices with evidence required for DSPT where this is held by the ICB or its commissioned IT providers. • Monitor DSPT compliance of practices and provide the ICB with details of any non-compliance with practice action plans. IG consultancy and support • Provision of advice, guidance and support on IG related issues, including existing operational processes and procedures or new business initiatives. Advice and guidance on personal data access (but not extending to legal advice). Data Protection Officer (DPO) Support Provision of advice, guidance and support on IG related issues including existing operational processes and procedures or new business initiatives to support practice designated Data Protection Officers including existing operational processes and procedures or new business initiatives. To include • Access for Practices during normal service hours to specialist qualified advice on GDPR matter.

CPV Codes

72300000 - Data services

Indicators

Contract is suitable for SMEs.
Contract is suitable for VCOs.

Reference

CF-1414200D0O000000rwimUAA
CF 2d7eaafb-8f72-4735-986c-21b8ade70446