RCP operates the NHFD audit website in collaboration with Crown Informatics. RCP are the data controllers for the audit and have worked closely with Crown Informatics, as their appointed data processors, to ensure that all appropriate national and NHS information governance approvals are in place.
All users can be assured that NHFD data will be managed securely and in accordance with all legal regulations, NHS guidelines and protocols.
Specifically, both RCP & Crown Informatics are duly authorised and contractually bound to uphold strict IG governance in respect of:
• Data Protection Act 2018 (RCP Registration: Z7085833, Crown Informatics Registration: Z3566445)
System Level Security Policy (SLSP)
• EU General Data Protection Regulation (EU) 2016/679 (GDPR)
• Section 251 of the NHS Act 2006 (CAG reference: CAG 8-03(PR11)/2013: formerly ECC 3-04(s)/2011)
• NHS IG-Toolkit Statements of Compliance (RCP/8J008, Crown Informatics/8J157)
• Data Sharing and Transfer Agreements duly authorised by the audit commissioners Healthcare Quality Improvement Partnership
The Crown Informatics System Level Security Policy for the "Crown Audit" Platform is available on request. Please contact technical support.