Who oversees information governance?

Accountable officer: Lance McCarthy, the chief executive, is accountable and responsible for ensuring that information and data security risks are assessed and mitigated to an acceptable level. These risks should be handled in a similar manner to other major risks such as financial, legal and reputational risks.


Senior information risk owner (SIRO): Trevor Smith, the chief financial officer is SIRO on behalf of the chief executive and board, and owns the information risk and incident management framework, overall information risk policy and risk assessment processes, ensuring they are implemented consistently by information asset owners.


Caldicott Guardian: Dr Andy Morris, the chief medical officer is responsible for protecting the confidentiality of patient and service user information and enabling appropriate information sharing.


Data protection officer: Tracy Goodacre is responsible for overseeing the information governance strategy and the implementation of data protection and security measures to ensure compliance with the General Data Protection Regulation requirements, these measures should ultimately minimise the risk of breaches and uphold the protection of personal identifiable and special categories of data.


Information governance steering group: Is responsible for ensuring high quality in information governance, confidentiality and data protection, information and cyber security, clinical information, secondary use as well as corporate information management. The committee feeds into the executive management board and is coordinated by the information governance manager.


Information asset owners: Our departmental heads and senior managers involved in running the relevant day-to-day business act as information governance ambassadors, they understand what information is held, who has access and why

Inpatient comment:

Everyone offered words of such reassurance and kindness. I felt so cared for and the communication with me at all times was fantastic.