CRN East Midlands Information Governance Incidents Process

Process for reporting information governance incidents arising from CRN East Midlands funded activities

Introduction

The NIHR Clinical Research Network Coordinating Centre (CRN CC) expects all Local Clinical Research Networks (LCRNs) to have a process in place to report Information Governance (IG) incidents of a severe/significant nature arising from LCRN funded activities to the CRNCC IG Manager, using the dedicated mailbox: crncc.ig@nihr.ac.uk. Incidents of a severe/significant nature may typically include:

• Breach one of the principles of the Data Protection Act (2018), General Data Protection Regulation (GDPR) and/or the Common Law Duty of Confidentiality. 
• Unlawful disclosure or misuse of confidential data, recording or sharing of inaccurate data, information security breaches and inappropriate invasion of people’s privacy.
• Personal data breaches which could lead to identity fraud or have other significant impact on individuals. 
• Unauthorised disclosure of business information and potential confidentiality breach resulting in reputational damage.

The CRN CC expects to be notified by the LCRN within 2 - 4 working days of the said breach. CRN East Midlands has established this IG reporting process so as to ensure we can report any incidents arising within 2 - 4 working days of notification from our Partner organisations to the NIHR CRN Coordinating Centre. 

CRN East Midlands IG Leads

The CRN East Midlands is required to have in place an Information Governance Lead, whose role is to ensure prompt reporting of any IG events, as they arise. In addition to an IG Lead for the Network, there is an expectation that Partner organisations have a responsibility to manage and report any IG incidents through their existing procedures, within each organisation. The IG Leads for our Partner organisations are listed in Appendix 1 to this document.

Research Delivery

Any IG incidents arising from research delivery activities within Partner organisations will be reported to:

Penny Scardifield, Network Senior Research Nurse, penny.scardifield@nihr.ac.uk  and if not available to Daniel Kumar, Deputy Chief Operating Officer, daniel.kumar@nihr.ac.uk

Often this reporting will be via Senior Team Links as an initial point of contact.

LCRN Business

LCRN Business incorporates the Study Support Service (SSS), Finance, Business Intelligence, Workforce Development, Communications and PPIE activities. Any IG incidents arising from these business areas are to be reported to:

Elizabeth Moss (Finance), elizabeth.moss@nihr.ac.uk 

Daniel Kumar ( Finance, Communications and PPIE & Datix Lead), daniel.kumar@nihr.ac.uk

Michele Eve (Workforce Development, michele.eve@nihr.ac.uk

Goizeder Aspe Juaristi (Business Intelligence/Information), goizeder.aspejuaristi@nihr.ac.uk  

Roz Sorrie-Rae (Study Support Service), roz.sorrie-rae@nihr.ac.uk

Elizabeth Moss / Carl Sheppard (any other matters), elizabeth.moss@nihr.ac.uk / carl.sheppard@nihr.ac.uk

Process for IG incidents arising from Research Delivery in Partner organisations

Process for IG incidents arising from LCRN Business 

Appendix 1. IG contracts for CRN East Midlands Partner Organisation