The IG Framework for Integrated Health and Care has received a further update please see below to view/download the document.

You will notice a number of changes since v0.10 was released at the end of July, this is to provide a more succinct and easier to read document. The main changes are:-

  • Longitudinal Care record – replaced with ‘an individual’s health and care record’
  • Revised Exec Summary – revised to ensure more relevant and succinct
  • Revised Introduction – revised to ensure more relevant and succinct
  • Revised Appendix J – revised to make clearer
  • General principles section has been removed – this section was repeated in other later sections and the principles have been made explicit in the requirements so are still there.
  • Individual rights section has been removed. The information relating to GDPR is in the DPA section and the information regarding SARs is in the process section with the other information on SARs.
  • A number of sections have been re-ordered to help with flow
  • Assurance checkpoints have been reviewed and streamlined

Initially the Local Health and Care Record localities will focus on individual care; this is covered in journeys one and two in the framework.  Local Health and Care Records now have to provide evidence to an independent assurance panel of how they are meeting the check points for these two journeys.

Journeys three and four are also referenced within v0.11; this is to demonstrate the direction of travel and the future intention that data from Local Health and Care Records will be used to benefit planning, evaluation and research. Journeys three and four will be updated in a future version of the framework before they can be used for assurance purposes.   There is an aim to publish the next version (v0.12) of the framework in December 2019.


Cyber Security

The Cyber Security Framework or CAF, is almost ready for sign off. This provides a structure and reference to how Cyber Security will be applied and measured against appropriate security standards, e.g.

  • UK Gov – Cyber Essentials scheme
  • UK Gov – NIS Regulation (the technical side of GDPR)
  • NHS Digitals – Data Security and Protection Toolkit (DSPToolkit)

These standards ensure that appropriate and auditable security is applied and reportable.

The initial vulnerability assessment results and treatment plan for the Pppulation Health Managment (PHM) system will shortly be submitted to NHSX. The next phase of the project will include and external vulnerability assessment and Risk Assessment across the entire LHCRE scope including System of Systems, PHM, and Helm.


The draft – Threat Assessment and Business Impact Assessment is being presented by Deloitte an Tuesday 8th October for sign off, this will then enable the series of structure Risk Assessments to take place against the PHM system.


The Information Governance, Clinical and Social Care Practitioners Workshop on Tuesday 29 October 2019, Co>Space North, Platform, Leeds,  is now sold out.  We are looking to set up another meeting and will send an update shortly.

Population Health Management on Wednesday 20 November 2019 in Leeds.  Further details and how to book will be issued shortly.