Governance & Security
At HBSUK, we believe anyone undertaking insourcing or virtual outpatient work, should commit to meeting a MINIMUM governance standard.
We have been working in this field for over 11 years and without these minimum standards, patients and clients may be exposed to unnecessary clinical, financial and business risks.
Whilst HBSUK focuses on going beyond compliance and has a strong focus on Excellence (the ‘E’ in our EPIC values), HBSUK meets the MINIMUM standards, which we consider to be the following:
Confidentiality and Cyber Security
Essential for anyone working with patient records and information or having any form of system that holds or processes patient or employee data:
- ISO 27001:2017 certified by 3rd party UKAS body
- Cyber Essentials Plus 3rd party certified
- Digital Security Protection Toolkit (DSPT) registered Organisation Details (dsptoolkit.nhs.uk)
- DTAC (digital technology assessment criteria) completed
- ICO registered Information Commissioner’s Office – Register of data protection fee payers – Entry details (ico.org.uk)
- DPIA (data process impact assessment) in place for all projects
- IT Governance policy in place
- Penetration Testing by specialist 3rd party, minimum twice per annum
- DFOCVC (digital first online consultation and video consultation) registration for all digital services Description details (digital.nhs.uk)
Quality and Finance
- Care Quality Commission registered
- Quality Account, completed and published on an annual basis
- ISO9001: 2015 certified by 3rd party UKAS body
- Medical Board in place with Consultant lead for every speciality undertaken (with formal meetings regularly undertaken)
- Clinical Governance Policy in place
- IR35 report of compliance provided by recognised 3rd party authority e.g. One of ‘Big 4’ accountancy and consultancy businesses
- Published public safeguarding policy
Indemnity and Insurance
Minimum levels of cover:
- Employee Liability – £5m
- Public Liability – £10m
- Medical Malpractice insurance – £10m
- Professional indemnity – £10m
- Cyber Security insurance – £2m
Frameworks and Catalogues
On an NHS framework for the provision of delivered services (guarantees minimum commercial and legal standards are met)
NHS England – Insourcing Requirements
HBSUK fully supports compliance with the NHSE guidelines on Insourcing guidance-for-trusts-on-the-use-of-insourcing.pdf (england.nhs.uk) and agrees that all insourcing contracts should be placed via NHS frameworks and with companies who are not providing temporary staffing to the Trust (agency or locum staff).
