Compliance and Information Governance

The everyLIFE value proposition is based heavily upon the obvious benefits of The PASSsystem. However, this is significantly strengthened by this company’s commitment to the very highest levels of corporate governance and risk management.

Led by Chief Information & Compliance Officer, Taffy Gatawa, who has a background in NHS governance, the business employs documented and measured processes to govern all business functions and implications, both upon a day-to-day basis, and in the event of crisis. Risk and governance topics are actively measured and reported weekly to the board as leading indicators.

This approach begins with a formal policy of transparency and an equitable contractual stance that breeds trust and encourages a frank and open dialogue. Without question, this is the most productive manner for client and supplier to engage and, in the context of governance, clearly reduces risks for both parties going forwards.

What Makes Us Different

All everyLIFE governance processes are open for client review, however, in summary, the business enforces training and best-practice relating to each of the following:

Risk Management
Team by team, function by function

Health & Safety
Staff, client and service user

Information Governance
GDPR-ready product & GDPR-ready business
All staff externally accredited via NHS assessment process

Clinical Risk
Product best-practice cross checks
Incident reporting and management

Cyber Security
Staff training
Systems management
National Cyber Security Centre
Portcullis / Cisco (penetration testing)

Regulatory Compliance
Care Quality Commission
Care Inspectorate
Care Inspectorate Wales
NICE

Corporate Governance
Project control
Third party contract management
ISO: 27001 & 9001
NHS: IG Toolkit V14.1
Equitable contracts
Disaster recovery & business continuity
Equality, diversity, sustainability and social responsibility

GDPR ““ What you need to know

The General Data Protection Regulations (GDPR) will come into force on 25 May 2018 and will replace the current Data Protection Act (1998). The regulations will apply to all European Union member states, and the UK government has confirmed that, notwithstanding Brexit, the regulations will be adopted within the UK.

Subject-Matter and Objectives

The regulations lay down the rules in relation to processing personal data and rules relating to the free movement of data. The regulations aim to protect the fundamental rights and freedoms of individuals, particularly the right to the protection of personal data. The rights of the individual are:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights related to automated decision making, including profiling

Meeting our Obligations

We take our responsibilities under the GDPR regulations seriously and will ensure that any data processing we undertake is lawful. In circumstances where we process personal data on behalf of a data controller, we will collaborate as necessary with the data controller to fulfil their obligations under the regulations.

Over the last few months, we have been reviewing our processes to ensure that they comply with the regulations, including all privacy notices. We have engaged with regulators to understand how the new law will be interpreted and have proactively invited the ICO to complete an advisory visit.

We continue to work with the relevant industry experts in our GDPR readiness activities and our existing information governance and security framework will provide a robust foundation for implementing our compliance measures.

Working with Third Parties

Where we work with or commission third party suppliers to process personal information, we ensure that we have appropriate confidentiality and data protections clauses within our contacts setting out responsibilities and our expectations for handling information, including gaining confirmation from the third party regarding the technical and organisational measures they employ to ensure data protection.

The PASSsystem customers can be assured that we continue to take steps to ensure the ongoing protection of the personal data, including strengthening our information governance processes through submission of the IG Toolkit.

Other Useful Links

To contact the Information Commissioner’s Office ““ ICO

To access information on the European General Data Protection Regulations ““ EU GDPR website

You may contact our Data Protection Officer by emailing dataprotection@everylifetechnologies.com. Please use this address if you have a data processing query or complete the contact form below, remembering to tick the Data Protection box.

NICE guideline [NG67]

Managing medicines for adults receiving social care in the community.

Discussing and planning medicines support

A quick guide for home care managers providing medicines support.