The SIRO has accountability for ensuring that effective systems and processes are in place to address the Information Governance agenda, including records and document management.
The SIRO is the overall owner of information risk within the organisation and acts as the focal point for information risk management in the organisation including resolution of any pan-organisation or other escalated risk issues raised by Information Asset Owners or other Officers within the Health Board. The SIRO will provide written advice to the Chief Executive on the content of the Governance Statement regarding information risk.
Within Cwm Taf Morgannwg University Health Board, the Director of Digital holds the SIRO role. Should you wish to contact the SIRO please email: Stuart.Morris@wales.nhs.uk
The DPO, appointed under statutory General Data Protection Regulations (GDPR) obligations, is responsible for monitoring NHS Digital’s compliance with Data Protection legislation and its compliance with its own policies in relation to the protection of personal data. This includes records management, retention and disposal, in relation to personal data of living individuals.
Under Article 39 of the UK GDPR the DPO’s tasks are defined as:
It’s important to remember that the DPO’s tasks cover all personal data processing activities, not just those that require their appointment under Article 37(1) of the GDPR.
The DPO should prioritise and focus on the more risky activities, for example where special category data is being processed, or where the potential impact on individuals could be damaging. Therefore, DPOs will provide risk-based advice to the Health Board.
In the event of the identification of high risks, the DPO will escalate to the appropriate Executive Director and/or Board.
Within Cwm Taf Morgannwg University Health Board, the Chief Information Officer (CIO) holds the DPO role. Should you wish to contact the DPO please email: CTM.IGteam@wales.nhs.uk
The role of the Caldicott Guardian is advisory. The Caldicott Guardian acts as the conscience of the organisation for patient information, patient confidentiality and information sharing issues and the proper management of patient information.
Within Cwm Taf Morgannwg University Health Board, the Executive Medical Director holds the Caldicott Guardian role. Should you wish to contact the Caldicott Guardian please email: Dom.Hurford@wales.nhs.uk
If you have any concerns about the way your information is used you should discuss these with the healthcare professional responsible for your care. If you are still not happy with the way we have collected, used or shared your information then you have a right to complain.
Concerns and Complaints - Cwm Taf Morgannwg University Health Board (nhs.wales)
Alternatively, if you have any general enquiries about how your information is used then please contact:
Information Governance Department
Email: CTM.IGteam@wales.nhs.uk
NHS Direct Wales website at www.nhsdirect.wales.nhs.uk
Information Commissioner’s Office at https://ico.org.uk/
(The Information Commissioner's Office is the UK's independent authority set up to promote access to official information and to protect personal information)
Details on how to submit a Freedom of Information Request is available here: Freedom of information - Cwm Taf Morgannwg University Health Board (nhs.wales)
Details on how to submit a request for Health Records is available here: Requests for Access to Health Records - Cwm Taf Morgannwg University Health Board (nhs.wales)