This website has been developed to provide IG professionals with a single resource covering the key aspects of PKB's Information Governance approach. 

If you are unable to find what you are looking for or feel that certain documentation should be included, please email ig@patientsknowbest.com - we will be happy to assist with your query and welcome suggestions on how we could improve this website.

Compliance Pack

For convenience, all key documents can be downloaded as a single archive for local reference and attachment to other documentation.  

Direct link:https://drive.google.com/file/d/15xPAeFpeZi6wzEuxRbWu-ass-clAycDi/view?usp=sharing

Site Map

• Agreements and Legal 

  • https://pkbdev.atlassian.net/wiki/spaces/IG/pages/3404660737 --  An overview of the dataflows, a detailed and deployment-specific dataflow will need to be produced by Providers

  • https://pkbdev.atlassian.net/wiki/spaces/IG/pages/3414753282 --  PKB's Data Protection Impact Assessment (Published in 2020)

  • Joint Data Controller Agreement --  The Joint Controller Agreement, replaces previous agreements like the Information Processing Agreement

  •  --  Legal opinion from Tim Pitt-Payne QC of 11KBW,  lay summary by DAC Beachcroft LLP

  •   --   An overview of the lawful basis and PKB Joint Controller Model

• Registrations & Certification

  • --  PKB's CE+ certification 

  • --  Details of PKB's Data Security and Protection Toolkit

  • --  Details of PKB's DTAC submission

  •  --  ICO27001 certificate for Google Cloud Platform and PKB's own ICO27001 compliance documents

  • ODS, ICO, etc.  --  Registrations; ICO Data Protection Register, NHS Data Organisation Service, etc. 

• Policies

  • --  Overview of PKB's Business Continuity approach 

  •  --  PKB's Incident Response and Management Policy, mapped against NHS Digital guidelines

  • --  Privacy information provided to Patients

  • --  PKB's approach to retention and deletion 

  • --  PKB's Information Security Policy