Page Content:
- Agree Next Steps
- Description
- Components
- Scope
- Related JIRA ticket links
- For Discussion & Assumptions
Next steps:
- Discuss with Ray Hill on the below questions and agree the next steps.
- User Journeys to get to the relevant privacy notice pages and cookie policy
- Decide on the content of the cookie policy and the relevant page and create draft.
- Review of ESR - how data will be processed?
- Discuss questions on call with Ray Hill/Andrew Todd/Chris Brady on 12/10.
Description
The question was raised whether TIS should have a cookie policy against apps.tis.nhs.uk with a corresponding disclaimer/consent.
The HEE one is on a parallel domain: https://www.hee.nhs.uk/about-us/contact-us/privacy-cookies and includes specific individual cookie details which may set a precedent or at least expectation against TIS.
Components:
Scope:
Need to consider different user groups - HEE staff, Trainees, Trusts, Trainers etc who will have different legal relationships to HEE and TIS.
*As an* Information Governance lead
*I Want* to ensure that all TIS users have signed/agreed the relevant information governance T&Cs
*So That* they are compliant with HEE policy and law on data governance
Jira Links:
Jira Legacy | ||||||
---|---|---|---|---|---|---|
|
Jira Legacy | ||||||
---|---|---|---|---|---|---|
|
Jira Legacy | ||||||
---|---|---|---|---|---|---|
|
Jira Legacy | ||||||
---|---|---|---|---|---|---|
|
For Discussion and Assumptions:
...
Review of PIA document for LIN:
Although the PIA was initially made for LIN and Revalidation, TIS will be available over the internet to trainees. They will need to accept Privacy notices, terms and conditions of use on first time login.
...
Page Content:
- Agree Next Steps
- Description
- Components
- Scope
- Related JIRA ticket links
- For Discussion & Assumptions
Next steps:
- Discuss with Ray Hill on the below questions and agree the next steps.
- User Journeys to get to the relevant privacy notice pages and cookie policy
- Decide on the content of the cookie policy and the relevant page and create draft.
- Review of ESR - how data will be processed?
- Discuss questions on call with Ray Hill/Andrew Todd/Chris Brady on 12/10.
Description
The question was raised whether TIS should have a cookie policy against apps.tis.nhs.uk with a corresponding disclaimer/consent.
The HEE one is on a parallel domain: https://www.hee.nhs.uk/about-us/contact-us/privacy-cookies and includes specific individual cookie details which may set a precedent or at least expectation against TIS.
Components:
Scope:
Need to consider different user groups - HEE staff, Trainees, Trusts, Trainers etc who will have different legal relationships to HEE and TIS.
*As an* Information Governance lead
*I Want* to ensure that all TIS users have signed/agreed the relevant information governance T&Cs
*So That* they are compliant with HEE policy and law on data governance
Jira Links:
Jira Legacy | ||||||
---|---|---|---|---|---|---|
|
Jira Legacy | ||||||
---|---|---|---|---|---|---|
|
Jira Legacy | ||||||
---|---|---|---|---|---|---|
|
Jira Legacy | ||||||
---|---|---|---|---|---|---|
|
For Discussion and Assumptions:
Item | Question | Comment | Owner | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Would it be good practice to include cookie policy and privacy notice for TIS users' confidence in the system? Or is it superseded by HEE IG terms? | Review of PIA document for LIN: Although the PIA was initially made for LIN and Revalidation, TIS will be available over the internet to trainees. They will need to accept Privacy notices, terms and conditions of use on first time login. The expectation for TIS (formerly to be called LIN) is to have trainees to accept cookie and privacy policy which should be similar to the one on HEE domain. https://www.hee.nhs.uk/about-us/contact-us/privacy-cookies A (12/10/2017): With reference Gold guide, Chris Brady is working on an updated version. Explicit Splash screen is the preference for all users consistently. Link on the footer to be available all the time for Privacy Notice. Clarity on Privacy Notice so that they can voice their concern where they have an opportunity to object. The implications of objecting the privacy notice is yet to be analysed for trainees going forward. A contact to be available on the page. (Support) | Ray Hill (Unlicensed) | ||||||||||||||
2 | Will internal users (NHS users other than Trainees) need to access TIS over N3 network? | Review of PIA document for LIN: No. LIN (TIS) will not utilise N3. Patient identifiable data is not to be entered onto the system. NHS Digital has validated this approach and LIN (TIS) will follow https:// commercial practice and the GSDM. A (12/10/2017): 2FA is not in scope for TIS according to PIA document, it was only in the legacy system. This needs TIS needs to be clarified as concern was raised by Chris Brady and Andrew Todd on our IG call on 12/10. Follow up with Ray/Reuben. | Reuben Noot (Deactivated)Ray Hill (Unlicensed) | ||||||||||||||
3 | Who will have access to the information within TIS? | Review of PIA document for LIN: Mainly trainees, Training Programme Directors (TPD), HEE Staff, Education Supervisors, Devolved Administrators. (Page 14 of the PIA) Non-NHS organisations that will have access to TIS (LIN) data include: Education Institutions - Higher Education Institutions and Further Education Institutions; Regulatory and curriculum setting bodies; Independent Health Sector Organisations that work with HEE for NHS training. These organisations include, for example, primary care service providers, UKAS accredited independent medical laboratories and independent sector treatment centres; NHS Business Services authority (covering NHS Protect); NHS Litigation Authority; Law enforcement organisations such as UK Police and UK security organisations. A (12/10/2017): Do we have sharing agreements with non-NHS organisations? – To re-visit on weekly IG call with Christopher Brady and Andrew Todd. Chris will follow this up. IGSGM – sign-off of the final HEE Privacy Notice when it’s completed. | To re-visit on weekly IG call with Christopher Brady and Andrew Todd. Chris will follow this up on the non-NHS sharing agreement. | ||||||||||||||
4 | Handling of sensitive data within TIS: The PIA pre-dates TIS. There is now availability of more sensitive data on TIS whilst new components are being developed on TIS, e.g. Ethnicity, Equality and Diversity Monitoring information. Should this be part of an overall process that involves project board as stated in LIN PIA to ensure all parties are in agreement of the personal/sensitive data available on TIS? | Review of PIA document for LIN: The LIN Project Board will attend to the handling of sensitive data in keeping with its Information Governance Policy Framework throughout the business requirements gathering process and all subsequent stages of the project, including procurement, development and implementation. This includes all aspects of sharing, reuse and A (12/10/2017): New PIA is required for TIS. –Follow up with Ray/Reuben | Reuben Noot (Deactivated) Ray Hill (Unlicensed) | ||||||||||||||
5 | Is there a need to consider different user groups - HEE staff, Trainees, Trusts, Trainers etc. who will have different legal relationships to HEE and TIS? | Trainees will need to see and agree a Privacy and Cookie Policy on first time logging in in order to participate in the HEE's training programmes. (Splash screen). Privacy policy to have information regarding consent for the processing of personal identifiable or sensitive data. A (12/10/2017): All users of TIS will need to see and agree a Privacy and Cookie Policy on first time logging in in order to participate in the HEE's training programmes. (Splash screen). Privacy policy to have information regarding consent for the processing of personal identifiable or sensitive data visible to Trainees. | |||||||||||||||
6 | Is HEE's Privacy Notice and Cookie Policy sufficient for TIS? | /about-us/contact-us/privacy-cookiesRay Hill (Unlicensed) | 2 | Will internal users (NHS users other than Trainees) need to access TIS over N3 network? | Review of PIA document for LIN: No. LIN (TIS) will not utilise N3. Patient identifiable data is not to be entered onto the system. NHS Digital has validated this approach and LIN (TIS) will follow https:// commercial practice and the GSDM. | 3 | Who will have access to the information within TIS? | Review of PIA document for LIN: Mainly trainees, Training Programme Directors (TPD), HEE Staff, Education Supervisors, Devolved Administrators. (Page 14 of the PIA) Non-NHS organisations that will have access to TIS (LIN) data include: Education Institutions - Higher Education Institutions and Further Education Institutions;Regulatory and curriculum setting bodies;Independent Health Sector Organisations that work with HEE for NHS training. These organisations include, for example, primary care service providers, UKAS accredited independent medical laboratories and independent sector treatment centres; NHS Business Services authority (covering NHS Protect); NHS Litigation Authority; Law enforcement organisations such as UK Police and UK security organisations. | 4 | Handling of sentitive data within TIS: The PIA pre-dates TIS. There is now availability of more sensitive data on TIS whilst new components are being developed on TIS, e.g. Ethicity, Equality and Diversity Monitoring information. Should this be part of an overall process that involves project board as stated in LIN PIA to ensure all parties are in agreement of the persoanl/sensitive data available on TIS? | Review of PIA document for LIN: The LIN Project Board will attend to the handling of sensitive data in keeping with its Information Governance Policy Framework throughout the business requirements gathering process and all subsequent stages of the project, including procurement, development and implementation. This includes all aspects of sharing, reuse and | 5 | Is there a need to consider different user groups - HEE staff, Trainees, Trusts, Trainers etc. who will have different legal relationships to HEE and TIS? | Ray Hill (Unlicensed) | 6 | Is HEE's Privacy Notice and Cookie Policy sufficient for TIS? | Ray Hill (Unlicensed) |
7 | How will consent and non-consent to the Privacy Notice be recorded? And is it sufficient? | On the system, on acceptance of the Privacy Notice at first time log-on by trainees only. | Ray Hill (Unlicensed) | ||||||||||||||
8 | On TIS, how will the individuals be informed of and have given their consent to all the processing and disclosures? | Implicitly - Privacy Notice on HEE's website including use of any Apps associated with LIN (TIS). Explicitly? - Re-written for TIS with slight amendments to be available within TIS? | 9 | There may not be registration on TIS by trainnes but they will be invited by email to join. Implicitly - Privacy Notice on HEE's website including use of any Apps associated with LIN (TIS). Explicitly? - A re-written Privacy Notice for TIS with slight amendments which the trainnes have to accept on first login an visible all the times thereafter via a hyperlink.
| 10 | The expectation for TIS (formerly to be called LIN) is to have trainees to accept cookie policy which should be similar to the one on HEE domain. https://www.hee.nhs.uk/about-us/contact-us/privacy-cookies Assumption is trainees will need to accept cookie policy on first visit to the TIS landing page. | 11 | What are the cookies used by Google Analytics on TIS? Information about the cookie name, Duration and Purpose required. | Alex Dobre (Unlicensed) or Panos Paralakis (Unlicensed) | 12 | Ray Hill (Unlicensed) | 14 | Retention of data within TIS. - DPA Principle 5 “Retention of data (Principle 5) is a current gap given the lack of an agreed retention/disposal policy/” Source: NES ePortfolio Document November 2015. Recommentation (approved on 31 March by TIS Project Board): HEE should come to a corporate view on the above risk, consulting within DEQ, DPD and with corporate colleagues responsible for information governance. Following this and before taking any action to remove and delete data it would be best to consult more widely as appropriate across all of the UK national NHS training and education authorities and learner stakeholders with a view to alignment andagreement on a consistent policy to underpin equal treatment of data subjects. HEE Records management policy - 5.6 Retention and disposal – there are consistent and documented retention and disposal procedures to include provision for permanent preservation of archival records Is this still outstanding? Should we consider Intrepid and Oriel as a precedence? Oriel - Data Archiving Policy.docx | A (12/10/2017): More or less the same. – However needs strengthening with regards to the changes coming along in GDPR. Good enough for now to include for TIS. | |||
7 | How will consent and non-consent to the Privacy Notice be recorded? And is it sufficient? | On the system, on acceptance of the Privacy Notice at first time log-on by trainees only. A (12/10/2017): On the system, on acceptance of the Privacy Notice at first time log-on by all users only. This will need to be recorded and audited. | |||||||||||||||
8 | On TIS, how will the individuals be informed of and have given their consent to all the processing and disclosures? | A (12/10/2017): Explicitly - Re-written for TIS with slight amendments to the one that exist on the HEE Domain. On first time login users will have to consent to the Privacy Notice and Cookie Policy. A link should also be made available somewhere on TIS (e.g. footer) to access the Privacy Notice. | |||||||||||||||
9 | Should it have a Terms and Conditions of Use either implicitly by logging in or first time consent on user registration or first login? Terms & Conditions of use to cover the following which are not explicit on HEE website:
| There may not be registration on TIS by trainees but they will be invited by email to join. A (12/10/2017): Explicitly - Re-written for TIS with slight amendments to the one that exist on the HEE Domain. On first time login users will have to consent to the Privacy Notice and Cookie Policy. A link should also be made available somewhere on TIS (e.g. footer) to access the Privacy Notice. | Ashley Ransoo to make a draft of the Privacy Notice | ||||||||||||||
10 | Is a separate cookie policy required to be available as a link on TIS and accessible all times?
| The expectation for TIS (formerly to be called LIN) is to have trainees to accept cookie policy which should be similar to the one on HEE domain. https://www.hee.nhs.uk/about-us/contact-us/privacy-cookies Assumption is trainees will need to accept cookie policy on first visit to the TIS landing page. A (12/10/2017): GDPR – User have to be able to consent/object each of them individually Right to object, right to be taken off, erase at any point in time. Which will need to be recorded? TBD on weekly IG call | Chris/Andrew to follow up on this. | ||||||||||||||
11 | What are the cookies used by Google Analytics on TIS? Information about the cookie name, Duration and Purpose required. | https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage | Alex Dobre (Unlicensed) or Panos Paralakis (Unlicensed) Ashley Ransoo - to compare the links sent by Panos with the cookies used on HEE domain. | ||||||||||||||
12 | Consideration for GDPR (May 2018) and therefore seek guidance on Information Governance. TIS Phase 1 goes live beginning of April 2018. https://connect.hee.nhs.uk/Interact/Pages/Content/Document.aspx?id=3456 https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/ | A (12/10/2017): ICO - HEE already registered, does not require re-registration unless we are doing things different to what they are asking in GDPR. To re-visit on weekly call. | Ray Hill (Unlicensed) | ||||||||||||||
14 | Retention of data within TIS. - DPA Principle 5 “Retention of data (Principle 5) is a current gap given the lack of an agreed retention/disposal policy/” Source: NES ePortfolio Document November 2015. | Recommendation (approved on 31 March by TIS Project Board): HEE should come to a corporate view on the above risk, consulting within DEQ, DPD and with corporate colleagues responsible for information governance. Following this and before taking any action to remove and delete data it would be best to consult more widely as appropriate across all of the UK national NHS training and education authorities and learner stakeholders with a view to alignment and agreement on a consistent policy to underpin equal treatment of data subjects. HEE Records management policy - 5.6 Retention and disposal – there are consistent and documented retention and disposal procedures to include provision for permanent preservation of archival records Is this still outstanding? Should we consider Intrepid and Oriel as a precedence? A (12/10/2017): We have the responsibility to be clear on the retention policy. This needs to be reflected explicitly on the Privacy Notice wording. It's just been reviewed, need to be ratified. Archiving to be reviewed to be reviewed when requirements ready. Data warehousing / Archiving purposes – requirements, what data is required? – GDPR | |||||||||||||||
15 | Have the data flows to the following been risk assessed and mitigated?
| The GMC, a major Non-NHS recipient of LIN data, has its own compliant data retention regime. All organisations using the system will be required to provide an annual return for the IAO to this effect. The governance around ESR integration is well documented and rigorous. It is possible that integration with other systems such as e-Portfolios will be considered in due course and, if so, this will be subject to a fresh PIA. | |||||||||||||||
16 | Is there going to be any integration with ePortfolio? If so, a new PIA will be required.to be any integration with ePortfolio? If so, a new PIA will be required. | A (12/10/2017): If so, a new PIA will be required. PIA will need to assess dependencies on those system, what the impact will be. Integration with any third party will mandate new PIA. (Former user (Deleted) - just FYI as we have started exploring course booking alternatives) | |||||||||||||||
17 | PIA , BCP and SlSP documents are quite dated and makes mention to LIN mostly. Should there be a review of and re-baselining of those documents for TIS?Ray Hill (Unlicensed | A (12/10/2017): Yes. | |||||||||||||||
18 | Does Keycloak allows configuration of cookies? If so, can they be aligned with HEE's cookies policy? | ||||||||||||||||
19 | Is there a useable audit trail in place for TIS? For example, to identify who has accessed a record and when etc.? (to comply with GDSM) | Alex Dobre (Unlicensed) | |||||||||||||||
20 | What are the retention periods (what is the minimum timescale) for TIS data? Note: This is distinct from Legacy data that will be availble available in the mirror up to a point. We are here referring to data that will be held on TIS. Do we need to explicitly make mention on this on TIS Private notice? | REview Review of PIA document for LIN: The LIN project board has yet to consider the extent to which the system might remain available to learners after the end of their training programme. The data retention periods for TIS will be stated in due course. Learners may want access to their data over the duration of their training programmes and perhaps for longer. Authorised users may require historical access to their data. HEE will propose the archive rationale and this may involve selected data being extracted and stored on a secure server. It is also planned to share the data, under clear agreements, with organisations involved in training, education and development. HEE will be clear about data retention arrangements for day-to-day operations and longer-term research and evaluation purposes. Where it is planned to use data for research and evaluation purposes outside the basic data retention period the HEE Board will be requested to approve it on a case-by-case basis to ensure compliance with the Data Protection Act. | Ray Hill (Unlicensed) | ||||||||||||||
21 | (12/10/2017): DR Repository will be kept for long? – Follow up with Ray/Reuben | This was raised on IG call. | Reuben Noot (Deactivated) Ray Hill (Unlicensed) |
Examples we could consider:
...