top of page

PCU Consulting LTD

pngtree-digital-technology-low-poly-design-image_499020.jpg

PCU Consulting Ltd is a leading provider of Data Security and Protection (DSP) Toolkit support  and Information Governance Services.

 

Our team of experts has years of experience in practical publication of hundreds of IG and DSP Toolkits, and we are committed to helping Health and Social Care Organisations protect their data. Our advanced support services are based on the DSP Toolkit Assertions and are designed to help ensure compliance with NHSE and ICO regulations. Our team is always available to provide the support you need to keep your data secure.

​

Our main area of Interest is to support Health and Social Care Organisations to publish the NHS England Data Security and Protection Toolkit

Whilst we take the strain off organisations to complete the toolkit we are also very keen to ensure that the IG methodology and Ethos is embedded within the organisation. This means that following publication we don't stop engaging with clients we will provide ongoing assistance and reminders  to enhance information governance within the organisation 

​

Compliance with this standard will provide the following benefits: -

 

  • Safer and more secure data with improved data quality

  • Improved collaboration, data sharing and decision-making

  • Reduced risk of data breaches and ICO financial sanctions

  • Better able to deal with business interruption

  • Reduced costs and more effective risk management

  • Demonstrates effective strategic management and increases reputational status

  • Often required by commissioning organisations and the CQC

​

Get in Touch

Clients

  • NHS General Practices

  • NHS Primary Care Networks 

  • GP Federations

  • Private Clinics

  • Secure Mental Heath Hospitals

  • Cardiology

  • Ophthalmology

  • Dermatology

  • Pharma

  • Ultrasound

  • Insourcing

  • Private Ambulance / Transportation

  • Physiotherapy

  • Healthcare software development

  • Medical Device manufacturers

  • Healthcare consultancy

  • Care homes

  • Domiciliary Care

  • Speech and Language Therapy

​

   97 Clients in health and social care 

     600+ IG and DSP Toolkits Published 

​

​

​

​

​

​

DSP Toolkits
 

DSP Toolkit Categories

​​

There are now only 3 categories which are:

•             Category 1 – NHS trusts, Arm’s length bodies, ICBs and CSUs

•             Category 2 – not used

•             Category 3 – All other sectors

•             Category 4 – General Practitioners

​​

These are based on the 10 national data standards of which are:-

•             Personal confidential data

•             Staff responsibility

•             Training

•             Managing data access

•             Process review

•             Responding to incidents

•             Continuity planning

•             Unsupported systems

•             IT protection

•             Accountable suppliers

​​

Generally, normal compliance will enable organisations to achieve a ‘Standards Met’ DSP Toolkit outcome but if Cyber Essentials PLUS or ISO 27001 have been obtained the compliance will be raised to ‘Standards Exceeded’.

​​

​​

What do we provide?

​​

 when we are appointed to support you in publishing the DSP Toolkit you will receive:-

​​

  • A project Gantt Chart clearly showing the path to publication.

  • Advice on appointing the SIRO and Caldicott Gaudian

  • Free IG DSP documentation bespoke to your organisation.

  • Commenting on the adequacy of Information Technology Providers

  • An initial meeting to acquire your company’s detailed information necessary for the DSP Toolkit updating.

  • Attending an approvals meeting and gaining authority to publish

 

Informal Added Value

​

  • Advice on dealing with Data Breaches

  • Checking DPIAs and DSAs

  • Contributing to tender returns for procurement bids

 

We also offer formal Data Protection Officer services

​

​

​

​

​

​

Our Services

1

Information Governance

  • Information Governance

  • Data Security and Protection Toolkit Publication

  • Data Protection Impact assessments

  • Data Sharing Documentation

  • Data Breach Reporting

​

2

IT Assurance Support

  • Cyber Essentials

  • Cyber Essentials Plus

  • ISO27001

3

Auditing

  • DSP Toolkit 

  • GDPR Auditing

  • Cyber Essentials Plus

  • ISO27001

Get in Touch

Ripon Road

Wallasey

|Wirral Peninsular

Merseyside

CH456TP

 07467 689601

dpo@pcu.co.uk

  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Thanks for submitting!

Privacy Notice

PCU Consulting fully appreciates the importance of protecting and managing your data and maintaining your privacy. To ensure that we comply with these requirements all our data management and clinical processes fully recognise the data protection law in force in the UK (e.g., the Data Protection Act 2018, the Data Protection Act 2018 includes relevant Articles from the EU General Data Protection Regulation (UK GDPR)

 

Please read the following information carefully to understand how we process your personal data.

 

For the purpose of the Data Protection Laws, the Data Controller is PCU Consulting

 

When we refer to ‘we’, ‘us’ and ‘our’, we mean PCU Consulting

  

Use of Your Personal Information

This privacy notice explains why we collect information about you and how that information may be used.

 

Our health care professionals who provide you with our services maintain records about your health and any treatment or care you have received previously. These records help to provide our clients with the best possible healthcare.

 

Your records may exist is several formats including electronic, paper or a mixture of both, and we deploy many working organisations and approaches to ensure that such information is maintained within a confidential and secure environment. The records which we could hold about you may include the following information: -

  • Personal details relating to you, including your address and contact details, carer, legal representative and parents’ emergency contact details

  • Any contact we have had or intend to have with you such as appointments, clinic or surgery visits, home visits, etc.

  • Notes and reports about your health which is deemed to be of a sensitive nature

  • Details about your referral, diagnostics procedures, treatment and care

  • Results of any additional relevant investigations

  • Relevant information from other health professionals, relatives or those who care for you

  • visitors to our websites

  • visitors who submit a general enquiry via our contact page or who correspond with us phone, email or otherwise

  •  those who use our services, e.g., who subscribe to our newsletter or request a publication from us

  •  job applicants and our current and former employees

  • those who send a written complaint or enquiry to our Information Governance Manager or Data Protection Officer

  • those who participate in a survey posted on our website

  • those who participate in a competition posted on a Bespoke website

To ensure you receive the highest levels of care, your records will be used to facilitate the care that we provide. Anonymised information held about could, on occasions, be used to help protect the health and wellbeing of the general public and to help us manage our contracts with commissioners. Information could also be used within our organisation for the purposes of clinical audits which in turn will provide monitoring of the quality of the services we provide.

 

Some of this information will be used for statistical purposes and we will ensure that individuals cannot be identified. For situations where we may contribute to research projects, we will always gain your explicit consent before releasing any relevant information.

 

We collect non identifiable data on visitors to our website including usage and behaviour patterns. This is purely to review the number of visits to each part of the website and how the user accessed the website. Information collected includes:

  • date and time of visit

  • pages accessed

  • browser or mobile platform used to access the website

  • source used to find and access the website (i.e., Google Search Engine)

  • location of the visitor (town level only)

  • search queries from external and internal search engines

  • page interaction information

  • technical information, including the Internet protocol (IP) address used to connect your computer to the internet, browser type and version, operating system and platform

 

 

Legal basis for Processing

Our ability to process your personal and healthcare data is covered by UK GDPR article 6 and for the processing of personal sensitive data by Article 9(2)h which indicates that processing of data is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems.

 

Maintaining the Confidentiality of Your Records

We will take all possible care to protect your privacy and will only use information collected with the law including: -

  • Data Protection Act 2018 including UK GDPR

  • Human Rights Act 1998

  • Common Law Duty of Confidentiality 

  • Health and Social Care Act 2012 (if appropriate)

  • Codes of Confidentiality, Information Security and Records Management

 Our staff are all trained and briefed in data protection principles and understand they have a legal obligation to keep information about you confidential. They also understand that information about you will only be shared with other parties if there is an agreed need to do so or a legal reason. We will only share your data without your permission if there are very exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on and / or in accordance with the Caldicot Principle 7 e.g. to share or not to share. This means that health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by the Caldicott Principles. Whilst the Caldicott Principles were originally developed for NHS purposes, we have adopted the underlying principles in order to align with best practice.

 

All personal information that we manage is stored within the UK within a secure environment and we always use suitably protected methods and systems to transfer your personal information.

 

Partner Organisations

It may be possible that we will share your information with other organisations, if this is required, we will apply very strong controls. The current organisations who we may share data with health and social care organisations.

It is noted that the above list is not exhaustive, and we may contract with other external organisations to undertake processing of your personal information. These 3rd party organisations will abide with our stringent contractual conditions regarding the protection of personal data.

In some cases, you will be requested to provide positive consent if we intend to share your personal details with other organisations.

 

Access to Personal Information and Your Rights

You have a right under the Data Protection Act 2018, to request access to view or to obtain a copy of what information the organisation holds about you and to have it modified should it be inaccurate. The process to access your records is known as a Subject Assess Request (SAR) and the way it works is outlined below: -

  • Your SARs request must be made in writing to the organisation’s Caldicott Guardian at the address shown above

  • The latest regulations state that there is no charge to have a printed copy of your information provided

  • The request will be reviewed and if possible, completed within one month (subject to our possible requests for further clarification for you)

  • You will need to provide adequate proof of your identity before we will release the requested details (e.g., full name, address, date of birth, NHS number and details of your request), you must also provide two forms of identification 

In addition to the right of access, under the Data Protection Act 2018, you will also have the following rights: -

  • Erasure, which is the right to request that your personal data is removed from our systems be they paper or electronic – please note that under certain circumstances we are legal obliged to maintain a copy of your data for contractual and or statutory reasons

  • Restriction of processing, this is the right for you to request that we only process certain parts of your data

  • Objection – you have the right to object to the way that we are processing your data

  • Data portability – this concerns the right to request that we provide a copy of your data in an easily transportable format. 

  • Automatic processing – you have the right to object to the way we automatically process data – in the case of our organisation we do not, at present, carry out automatic processing of your data

  • If you have provided us with your consent to process your data for the purpose of providing our services (other than for direct healthcare), you have the right to withdraw this at any time.  In order to do this should contact us by emailing or writing to the organisation.

bottom of page