What does my practice need to sign?

The Share2Care Programme is using a tiered information governance framework. The framework has been designed so each organisation agrees how data will be shared in line with GDPR legislation. This is to try and simplify the number of documents that are needed to be signed by each organisation. Some of you may remember the “iLinks” agreement that you may have signed up to a few years ago which is a similar approach. The framework has been reviewed and signed off by the Information Governance managers across the region, including representatives from CCGs and LMCs.  An explanation of how the tiered framework works is at the bottom of this page.

Actions needed by GP Practices

1. Sign the GP Cover letter which is Tier 0 and 1 and CIPHA tier 2

https://www.share2care.nhs.uk/media/1225/gp-to-sign-tiers-0-1.pdf

As a GP Practice you will have been sent the following document to sign that covers the tier 0, tier 1 and tier 2 for CIPHA.   The Share2Care and CIPHA information governance was issued last year and made simpler for GPs by combining the signing of the tier 0, tier 1 and CIPHA tier 2 into 1 document. This has been created so you only have a single document to sign for ease. If you haven’t signed this document please download from the link above and return to Share2Care@alderhey.nhs.uk.  Please save the document and include your practice code in the document name.  For example “N01111 Tier 0 Tier 1 tier 2 COVID”.

2. Sign The Share2Care Tier 2 

We are now asking GP Practices to sign up to the Share2Care tier 2 agreement also. Please download the tier 2 agreement from the link above and return to Share2Care@alderhey.nhs.uk.  Please save the document and include your practice code in the document name.  For example “N01111 Tier 2 Unified Direct Care Agreement S2C”.

https://www.share2care.nhs.uk/media/1234/tier-two-s2c-data-sharing-agreement-workstream_unified-direct-care-agreement-v1-final.pdf

Below is a link to the Share2Care Unified Direct Care Agreement DPIA for your reference.  Please note this does not need to be signed, it is for information only.

https://www.share2care.nhs.uk/media/1233/s2c-dpia-unified-direct-care-agreement-v1-final.pdf

A link to all of the separate tier 0, 1 and CIPHA tier 2 documents are below for your reference along with the tiered briefing.

Data Sharing Agreement Tiered Framework

There are three tiers to the Data Sharing Agreement Tiered Framework:

1. Tier Zero Memorandum of Understanding

Overarching Memorandum of Understanding which sets out an organisations agreement in principle to share information with the partner organisations in a responsible way. The tiered approach provides a governance framework to standardise procedures and processes when sharing confidential personal information between partners where there is a lawful basis to do so. The Tier Zero is signed by a Chief Executive (or equivalent) and commits to their organisation operating within the agreed framework of data sharing. Only one Tier Zero needs to be signed regardless of the number of Tier One and Tier Two documents beneath it. It is anticipated that CCGs will work with member practices to achieve sign up to this MOU.

2. Tier One Data Sharing Agreement - Standards

These are the overarching standards which outline the agreed procedures for sharing confidential information. The document recognises that not all organisations which are party to the agreement will have the same assurance requirements (such as the Data Security and Protection Toolkit) and therefore sets the minimum standard of each of the participating organisations. The document sets the standards for obtaining, recording, holding, using and sharing of information and outlines the supporting legislation, guidelines and documents which govern information sharing between partners. The Tier One is signed by the designated responsible officer for each partner organisation, for the whole C&M Health and Care Partnership. It is anticipated that CCGs will work with member practices to achieve sign up to this Data Sharing Agreement – Standards.

3. Tier Two Data Sharing Agreement

The Tier Two provides a template for the safe sharing of personal data. The template will show what information should be shared and how, under what circumstances and by whom, and should be tailored to individual partnerships/projects. Each Tier Two Data Sharing Agreement will need to be signed off by each participating organisation. Tier Two Data Sharing Agreements could be for all partners at Tier Zero, or a selected cohort of partners who are participating in a specific project. Each Tier Two is signed by the Senior Information Risk Owner (SIRO) and/or Caldicott Guardian (CG), alternatively the Chief Executive or equivalent if there is no SIRO/CG, for each of the partner organisations.

There will be a tier 2 for each project under the Share2Care umbrella.  So far you have been asked to sign the CIPHA tier 2 and now the Share2Care Tier 2.  There will be more to follow as the programme progresses. It is anticipated that CCGs will work with member practices to achieve sign up to this Data Sharing Agreement.

 

Below are the links to the full tier 0 and tier 1 documents for your reference. The full COVID tier 2 can be found at the www.cipha.nhs.uk Please note these documents are for your reference only and do not need to be signed and returned.

https://www.share2care.nhs.uk/media/1228/tier-zero-cm-partnership.pdf

https://www.share2care.nhs.uk/media/1227/tier-one-standards-cm-partnership.pdf