The GOsC and information
As a public body, and a statutory regulator, the GOsC holds various kinds of information, including:
- information about the individuals who are included in the Register that the GOsC is required to maintain under section 2(3) of the Osteopaths Act 1993;
- information about osteopathic educational providers and the qualifications issued by them, which the GOsC is required to recognise under section 14 of the Osteopaths Act 1993;
- information relating to concerns raised by and queries from members of the public;
- patient records held as part of investigations by the GOsC into concerns about its registrants; and
- general regulatory and policy material, including information relating to GOsC stakeholders.
The GOsC considers the information it holds to be a vital asset and an integral part of corporate governance, in terms of enabling the organisation to fulfil its statutory functions and manage services and resources efficiently.
Information Governance Framework
The purpose of our Information Governance Framework is to set out a comprehensive information governance assurance framework for:
- preserving the confidentiality, integrity, security and accessibility of data processing systems and information held by the GOsC; and
- maximising the value to the GOsC of the information that it holds.
The framework seeks to ensure that information is:
- obtained fairly and lawfully
- recorded accurately and reliably
- held securely and confidentially, for a proportionate period of time
- used effectively
- shared and disclosed appropriately and lawfully
- disposed of securely.
Complying with requirements
In addition, the framework aims to make sure that the GOsC complies with relevant legislative and regulatory requirements relating to the handling of information, and with emerging best practice in this area.
The framework also seeks to ensure that staff and non-executives are appropriately trained and aware of their individual and collective responsibilities in respect of all the information held by the GOsC, and that there are appropriate procedures in place for the investigation and reporting of data breaches.