CPMS - Information Governance

Home -> Products -> CPMS->Information Governance

  QMS Information Governance Overview

  • All QMS staff and associates are fully trained to IGSoC standards
  • Our policies and processes are IGSoC Level 2 compliant
  • QMS compy with all relevant legislation, including the Data Protection Act (1998) and with Confidentiality: NHS Code of Conduct (2003).
  • An appropriate information sharing agreement is always in place with all participating practices and with any other relevant organisation.
  • A nominated person at each participating GP practice remains the Data Controller
  • All transfer of patient data from practices complies with industry best practice and Connecting for Health guidelines, including the “Policy guidelines on use of encryption to protect person identifiable and sensitive information” (Digital Information Policy team, January 2008). 
  • Data transferred from practices is encrypted using a Public/Private asymmetric key pair and a randon encryption key generated for each export, ensuring that only the intended recipient can decrypt any data collected.
  • QMS maintains an Information Governance Statement of Compliance (IGSoC) at Level 2 or higher
  • For the CPMS Service QMS staff do not have access to GP patient data

    Click here to see our NHS Information Governance Toolkit Assessment report