IG Support and Data Protection Officer Service to the Norfolk and Waveney GP Practices

A Tender Notice
by NHS ARDEN AND GREATER EAST MIDLANDS COMMISSIONING SUPPORT UNIT

Source
Contracts Finder
Type
Contract (Services)
Duration
2 year
Value
£360K
Sector
TECHNOLOGY
Published
22 Mar 2023
Delivery
03 Jul 2023 to 30 Jun 2025
Deadline
14 Apr 2023 09:00

Concepts

Location

Geochart for 1 buyers and 0 suppliers

Description

NHS NORFOLK & WAVENEY ICB invite bids from suitably qualified suppliers to provide information governance advice and guidance support service, together with a named Data Protection Officer. The requirement will include: Data breaches • The provision of advice and/or support to practices on the investigation of possible information security breaches and incidents. • Advice on incident/breach assessment and reporting via the incident reporting tool within the DSPT to NHS England and reporting to the ICO (dependent upon severity of incident). • Advice on assessment and reporting via the incident reporting tool within the DSPT to NHS England and ICO (dependent upon nature and severity of the breach). • Advice on post-incident reviews and recommended actions for practice implementation. To lead or direct data breach reviews and investigations where highly specialist knowledge is required or complex multi-party issues are involved. Service Provider as data processor will: • To take action immediately following a data breach or a near miss, alerting promptly the practice as data controller and with a report made to the senior management within the ICB and the practice within 12 (working) hours of detection. • Report data breaches in line with NHS guidance (using the incident reporting tool within the DSPT) and legal requirements immediately following detection. • Provide a Lessons Learned Report (with relevant action plan as appropriate) to the ICB within 2 weeks of the recorded resolution of the incident. IG Policy Support • Support for the production and maintenance of local information governance policies and procedures for practices. Provision of advice and support to practices on approval, ratification and adoption of the policies for their organisation. Support for the Data Security and Protection Toolkit compliance • Provide advice and guidance to practices on how to complete the DSPT, including the collection and collation of evidence in support of DSPT submissions. Provide practices with evidence required for DSPT where this is held by the ICB or its commissioned IT providers. • Monitor DSPT compliance of practices and provide the ICB with details of any non-compliance with practice action plans. IG consultancy and support • Provision of advice, guidance and support on IG related issues, including existing operational processes and procedures or new business initiatives. Advice and guidance on personal data access (but not extending to legal advice). Data Protection Officer (DPO) Support Provision of advice, guidance and support on IG related issues including existing operational processes and procedures or new business initiatives to support practice designated Data Protection Officers including existing operational processes and procedures or new business initiatives. To include • Access for Practices during normal service hours to specialist qualified advice on GDPR matter.

CPV Codes

  • 72300000 - Data services

Indicators

  • Contract is suitable for SMEs.
  • Contract is suitable for VCOs.

Other Information

To register your interest and access the Documents, supporting information and express your interest the Contracting Authority will be using an eTendering system for this procurement exercise. Further information and the ITT documentation can be found via the 'Live Opportunities' list on the e-procurement system at the following link: https://health-family-contract-search.secure.force.com/?searchtype=Projects. You can also register your interest via this page. You can search for the opportunity by entering the following contract reference: ID number C151681 - Expression of Interest IG and Data Protection Officer Service. Please answer all the questions and submit your response by 10:00 on the 14th of April 2023.

Reference

Domains