Data Protection Impact Assessments are an integral part of taking a “privacy by design” approach. Data Protection Impact Assessments are a tool that The Christie NHS Foundation Trust use to identify and reduce the privacy risks of projects.
Projects could include:
- Introduction of a new paper or electronic information system for storing and accessing personal data
- Update or revision of a key system that might alter the way in which the organisation uses, monitors and reports personal data
- Changes to an existing system where additional personal data will be collected
- Proposal to collect personal data from a new source or for a new activity
- Using existing data for a new and unexpected purpose
- Plans to outsource business processes involving storing and processing personal data
- Plans to transfer services from one provider to another that include the transfer of information or information systems
- Changes to or introduction of new information sharing agreements
- A new surveillance system
A Data Protection Impact Assessment can reduce the risks of harm to individuals through the misuse of their personal information. It can also help us to design more efficient and effective processes for handling personal data.
Below is a list of Data Protection Impact Assessments from the last 12 months that the Trust has undertaken to ensure continued consideration is given to the privacy of its patients and staff:
- DPIA123 – "PSM (Privilege Session Management) project cyber Arc"
- DPIA128 – CWP Workflow engine
- DPIA129 – Scholar TJ - Charity funds payment scanning solution
- DPIA136 – Auto time system - Bio Scanning Clock
- DPIA142 – NWAS One Response App
- DPIA148 – Booking System for media equipment
- DPIA149 – new service is for 16- and 17-year-old patients to have access to psychology support at The Christie
- DPIA155 – Better CPW Engine Forms (eProms)
- DPIA159 – UK CAT HRA
- DPIA160 – NIHR HIC Colorectal Cancer database
- DPIA166 – Radiology Rota -Database
- DPIA169 – SunCHECK EPID portal dosimetry system
- DPIA171 – National Data Opt Out
- DPIA172 – NIHR Manchester BRC and CRF Workforce Diversity Questionnaire/Survey
- DPIA173 – PayPal: Christie Digital Academy
- DPIA174 – Stripe: Christie Digital Academy
- DPIA175 – NHS People Pulse for the NQPS
- DPIA181 – Air Table
- DPIA182 – Rhapsody
- DPIA184 – SLIDO
- DPIA185 – Nonin Model 3150 WristOx
- DPIA189 – Rad2Share
- DPIA191 – Cyclera: Internet of Things
- DPIA196 – Urology Vanguard: NCIP
- DPIA197 – Visible Patient/Johnson and Johnson
- DPIA198 – Pando
- DPIA200 – Sciensus Patient App
- DPIA209 – learnDash
If you would like any further information in relation to the Data Protection Impact Assessments undertaken by the Trust, please contact the-christie.information.governance@nhs.net