All NHS providers, including community pharmacies need to provide information governance assurances to the NHS on an annual basis. These assurances are provided through completion of an online assessment tool, the NHS Information Governance Toolkit (IGT). Requirements for IG change annually, and Version 14.1 of the IG toolkit was released on 5th July 2017 (N3 connection required).
Please note: these requirements apply to England only; different arrangements apply in Scotland, Wales and Northern Ireland.
Pharmacies are expected to attain Level 2 against each of the pharmacy IG requirements. The deadline for submitting this year’s return is 31st March 2018.
Guidance on the requirements
The IG requirements generally change annually. A contractor workbook was published by PSNC in 2009/10. This should be read in conjunction with an update published in 2010/11. There have been no significant changes to the requirements since then. Click on the links below to access these resources (hard copies are no longer available):
Guidance on using the Online Toolkit
Technical support in using the Toolkit including obtaining access rights and password re-sets can be obtained from the Exeter Helpdesk (Exeter.email@example.com or 0845 3713671).
Aside from the requirement to submit the IG toolkit each year, there are a number of addtional IG training options available including two interim training products:
- IG and DS Essentials – Workbook – 20-12-2016.docx (NHS Digital)
- IG and DS Essentials – PowerPoint presentation – 30-12-2016 (NHS Digital)
Using these training options is not mandatory. If you have any suggestions as to this content while you are using these materials, then the suggestions will be considered by NHS Digital for improving an e-learning module which is in development (and if necessary amending the interim products). If you would like to provide feedback about the content please use the NHS Digital contact form, or email firstname.lastname@example.org and mark your query for the attention of the IGTT refresh project.
Read more at: IG training.
As part of the 2009/10 community pharmacy contractual framework funding settlement, the DH and PSNC agreed an allocation of £23 million funding to support the implementation of the Information Governance requirements. This equates to over £2000 for the average pharmacy contractor. This was paid out through the general funding arrangements rather than via a specific fee.
PSNC is currently in discussion with the Department of Health and NHS England to finalise the funding allocation for business continuity planning. To date £12m has been allowed. As with the Information Governance funding, this was paid out through the general funding arrangements rather than via a specific fee.
There are also ongoing costs, in maintaining compliance with the requirements, making annual Information Governance returns via the Toolkit and implementing changes made to the requirements by the NHS. As part of the funding arrangements for the national contractual framework, annual adjustments are made to pharmacy funding to reflect costs necessitated by significant additional regulatory burdens on contractors. Regulatory burdens are assessed on a retrospective basis and included in funding negotiations.
Queries and support
Pharmacies can obtain support with queries linked to the NHS Information Governance Toolkit from the Exeter Helpdesk (email@example.com or 0300 3034034). The Exeter Helpdesk will be able to support pharmacies with the day-to-day administration of their account on the Information Governance Toolkit, for example re-setting forgotten passwords and can provide technical support in using the Toolkit.
For support regarding the IG requirements, please see our IG Frequently Asked Questions page.
NHS Digital also have Frequently asked questions: IG Toolkit answers page.
The pharmacy may have persons working for it (otherwise than under a contract of employment) e.g. locum pharmacists, or have persons visiting the pharmacy who are likely to have access to areas of the pharmacy not generally accessible by members of the public. One way to help safeguard the confidentiality of patients’ personal and sensitive personal data is by requiring the third party to agree to a confidentiality agreement. A template is available here
We recommend that the pharmacy retain the original signed confidentiality agreements for at least 6 years before considering disposal.
In September 2013 the Health and Social Care Information Centre (now NHS Digital) published a Guide to Confidentiality in Health and Social Care which explains the various rules about the use and sharing of confidential information. It has been designed to be easily accessible and to aid good decision making. It also explains the responsibility organisations have to keep confidential information secure.
The guide is supported by a references document which provides more detailed information for organisations and examples of good practice.
PSNC Briefing 109/13: Information: To Share or not to Share – Government Response to the Caldicott Review (December 2013)
This PSNC Briefing summarises Information: To Share or not to Share – Government Response to the Caldicott Review which was published by the Department of Health (DH) in September 2013.
PSNC Briefing 044/13: A summary of the Caldicott Review on information governance (May 2013)
Dame Fiona Caldicott undertook an independent review of information governance within the NHS in England and her report Information: To Share or Not to Share? was published in April 2013. This PSNC Briefing summarises the key points in the report.
Pharmacy contractors can continue to obtain general support on the IG requirements, by contacting us.
Q. Are pharmacies still exempt from the requirement to have a business continuity plan?
No, pharmacies are no longer exempt from that requirement and they therefore need to have a business continuity plan in place. Guidance on developing a plan can be found in the clinical governance section of the website.
Q. Is the PSNC covered by the Freedom of Information Act 2000?
No. PSNC is not a “public authority” so FOI does not apply.
However, some of the organisations we deal with are public authorities and caught by FOI. For example, the NHS including health authorities, NHS Trusts and other national health bodies responsible for public health in England. Additionally, local government (including local bodies and local authorities) in England are also covered. The Freedom of Information Act 2000 grants a general right of access to information held by public authorities. This means that any person under FOI making a valid request for information is entitled to be informed in writing by the public authority whether it holds the information requested, and if that is the case, to have that information communicated to them.
Please note that there are exemptions which allow a public authority not to disclose information in response to an FOI request e.g. where PSNC and NHS England during pharmacy funding negotiations share confidential information.
Q. I have missed the IG toolkit submission deadline. What can I do?
This is very regrettable – technically, this is a breach of the terms of service which could ultimately, result in action being taken by NHS England. All NHS providers, including community pharmacies need to provide information governance assurances to the NHS on an annual basis. These assurances are provided through completion of an online assessment tool, the NHS Information Governance Toolkit (IGT). Therefore, compliance with the IG toolkit submission deadline should be well planned in advance.
Nevertheless, PSNC would encourage all pharmacy contractors in this situation to submit, if possible, as soon as practicable. If not, then to contact their local NHS team for further guidance.