Please view our cookie policy that explains what cookies are and how they are used on our website. This also provides you with a guide on how to disable cookies, but please be aware that parts of the site will not function correctly if you disable them.

By closing this message, you consent to our use of cookies on this device in accordance with our cookie policy unless you have disabled them.

North Cumbria University Hospitals NHS Trust - 70 years of the NHS

Home > Patients and visitors > Information Sharing Gateway

Information Sharing Gateway

Information Sharing Gateway

Governance and assurance for data sharing between organisations, developed in Lancashire and Cumbria

The Information Sharing Gateway(ISG) has been developed by a sub-group of organisations in the Lancashire and Cumbria IG Group in order to improve and modernise the administration and risk assessment of information sharing in the public sector.  It has been designed by IG specialists, for IG specialists, to support their IG reporting on data flows and information sharing (principally to the Data Security and Protection Toolkit).

The development was funded by the LPRES programme in Lancashire. It is a 'next generation' Sharing Framework that will support electronic information sharing across care boundaries in a way that current, paper-based systems cannot.  The purpose of this system is to provide assurance that the information being shared, managed and processed will be done in such a way that it is Data Protection Act 2018 (DPA) and General Data Protection Regulation (GDPR) compliant.  It centralises and shares key resources in a way that is accessible and transparent.

The following organisations helped develop the Information Sharing Gateway:

  • Blackpool Council
  • Cumbria Clinical Commissioning Group
  • Cumbria Partnership NHS Foundation Trust
  • Lancashire County Council
  • Lancashire Teaching Hospital
  • Lancashire Constabulary
  • North West Ambulance Service
  • North West Shared Infrastructure Service (NW SIS)
  • University Hospitals of Morecambe Bay NHS Foundation Trust
  • Wrightington Wigan and Leigh Foundation Trust 

Which organisations have signed up to the Information Sharing Gateway?

Over 900 organisations have signed up to the Information Sharing Gateway - and the list keeps growing

If I share information with an ISG partner, how will the receiving organisation care for it?

"Trust" is an important factor in information sharing, and this starts with ensuring that each organisation has in place appropriate training for staff, processes and security for the information we will be sharing with them.  Each organisation's compliance with these key Information Governance concepts will be guaged through common standards such as registration with the Information Commissioner's Office, Data Security and Protection toolkit compliance, ISO 20071 standards, supplemented by common terms of reference. 

By signing up to the Information Sharing Gateway Memorandum of Understanding (MoU), organisations agree to abide by the following principles:

1) the Data Security and Protection toolkit (DSPtk) defines the minimum standards for Information Governance for Health and Social Care.  Where applicable, each organisation is committed to undertaking, following and complying with the DSPtk requirements at a minimum level 2.

2) Each organisation shall have appointed a responsible / accountable officer who will ensure the protection of personal information, for example a Caldicott Guardian or senior manager responsible for data protection

3) Each organisation will take appropriate organisational and technical measures towards compliance with the Data Protection Act 2018, GDPR, Caldicott Principles, ISO 27001 Series of Information Security Standards, Freedom of Information Act 2000 and national guidance and rules around processing personal confidential information; and any other relevant legislation.

4) Each organisation is committed to identifying, documenting and risk assessing their data flows with any mitigating actions defined and agreed

5) Each organisation is committed to ensuring staff are appropriately trained and comply with organisational policies in relation to Information Governance; including data protection, confidentiality, Caldicott principles, Information Security, records management and Freedom of Information

6) Organisations will promptly notify other partner organisations with regard to any Information Governance breach, vulnerability or threat that could affect the security of the data being shared

7) Organisations will agree to allow partner or lead organisations, or their representatives, to carry out audits or visits to confirm compliance with agreed assurance requirements

8) Each organisation committs to ensuring that the data is shared in a safe and secure manner, meeting the agreed purpose of the the sharing

9) Any request for information under the Freedom of Information Act 2000 or the Data Protection Act 2018/ GDPR will be directed to the original organisation's Data Protection Officer

10) Organisations may not create or establish onward sharing of information without the explicit permission of the original organisation's Data Protection Officer