About our Services
KWJCL specialises in finding answers to the often-put information sharing questions “How can we do this?” and “How should this be done?”. That includes ensuring that legal basis is always established to comply with GDPR.
We work with national guidance from a variety of organisations to find the right answer for you and we are very operationally focussed.
KWJCL’s range of expertise also covers associated services, such as enabling the provision of remote services through to frequent attenders or the legal issues linked to waiting times initiatives.
Our Service approach allows for support to be provided by our current and growing number of consultants, extending what we are able to provide. In more recent times our services have been utilised to develop and support new initiatives and services.
Our consultants have developed over time many key skills and understandings which enable us in partnership to provide:
Ability to understand the individual service and the environment it is working in:
The current challenges for organisations as well as the wider Health and Social Care activities.
Specific areas knowledge of the ICB plans, including having been involved at ICB level
Identification and cascade of wider / complex issues into relevant communications and activity that is needed (MUST, SHOULD and COULD) context for the individual client
Ability to work at all levels and support leadership (vital part of the SIRO/Caldicott functions)
Based on new NHS pay rates have you done any work linked to how we can show we may be cheaper than perm staff?
Fulltime NHS staff are worth every penny but the market is starting to mean that we may be cheaper.
By using our service on a contract you can achieve the DSPT V7 A1.b Statement "Key roles are missing, left vacant, or fulfilled on an ad-hoc or informal basis"
There are several options available to organisations:
Option One
Bring in a single individual for a defined period to “do the job”
There will be dependencies on availability plus having a single point of failure
Option Two
Bring in a service option for the same day rates where the service undertakes what is commissioned
That means access to at least two (+) staff who have the suitable experience to support what has been commissioned and will deliver as a project
Given that this is a service, there is no single point of failure
There is also a consensus approach based on skills mix linked to whether documentation is consistent across multiple standards – basically it is an enhanced quality check process
Costings
We work on the basis that there is no difference in costings between Option One and Option Two
The day rate is the same if one person were to work on a document or if three worked on the same document
Services we Provide
Information Governance Service
Complete management of their Mandatory NHS DS&P Toolkit submission - evidence (collation and creation) and improvement plans.
Data Protection - Review of Data Protection Impact Assessments (DPIA) and providing assurance to senior management, Review of data sharing agreements in line with NHS Standard Contract requirements, organisations or individuals with data protection concerns. Acting as the first point of contact with the Information Commissioner linked to incidents or incident investigation, Support for Contract reviews and procurement activity in relation to Data Protection as needed, First point of contact with Data Subjects for Data Protection concerns, Provide regulatory Advice on Data Protection
Information Governance service. Incident management, General IG queries and support (including remote help desk support), Data Security & Protection Toolkit, GDPR compliance – Brexit activity, Attendance at core Trust / Local / national meetings, Policy review and updating, DPIA review.
Freedom of Information Service. Acknowledge all new request, indicating response time, Progress internally, Progress with DPO Service if issues encountered, Develop final response, Sign off commissioner (if required), Release.
Information Governance development improvement service. Implementation and development of Data Flow mapping software and / or information asset software or process (includes system level security policy process).
Specialist IG Training: Caldicott and SIRO, Subject Access request, Information asset owner / administrator training, Freedom of Information, Record management
Fast Track decision support making activity, Attendance at local / national COPI meetings, Creation of asset register of processing activity, Review of activity and development of exit strategies, Provision of best practice guidance
Data Protection
Review of Data Protection Impact Assessments (DPIA) and providing assurance to senior management,
Review of data sharing agreements in line with NHS Standard Contract requirements, organisations or individuals with data protection concerns.
Acting as the first point of contact with the Information Commissioner linked to incidents or incident investigation, Support for Contract reviews and procurement activity in relation to Data Protection as needed
First point of contact with Data Subjects for Data Protection concerns, Provide regulatory Advice on Data Protection
Data Protection Officer
Certain organisations from May 2018 are now required to appoint a Data Protection Officer (DPO) or have access to a service that provides this function.
As a role/service this is a new profession which will continue to develop over the coming months and years.
Where we provide this service (and because this is a developing profession), we incorporate a practical approach to ensure that staff are correctly supported BUT there is always a high degree of objectivity.
The DPO is legally required to make decisions that comply with data protection legislation and that may at times mean they provide a decision or answer that an organisation may not “like”.
Freedom of Information Service
This is in relation to a FOI review and improvement activities:
Daily
Progress with FOI admin if issues encountered
Develop final responses
Sign off with Organisation / Department Lead for FOI
Release
Monthly
Provide monthly performance reports
Highlight any issues linked to final response times
Review Publication Scheme
Further consideration:
Consider how to develop new ways of gaining responses
Develop a triage system linked to how to support Departments and how to help them consider responses and possible exemptions
Training provision
Other Services
Policy Review
Specialist IG training
Subject Access Request guidance / service
Information Governance Improvement