update package dependencies to latest versions

nhsx · Mar 20, 2020 · 17a78f1 · 17a78f1
1 parent ccb2ab8
commit 17a78f1
Show file tree

Hide file tree

Showing 4 changed files with 834 additions and 538 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,7 +2,8 @@
 
 ## 2.8.0 - 20/03/2020
 
-- Add further guidance for the Information Governance 
+- Add further guidance for the Information Governance
+- Update package dependencies to latest versions
 
 ## 2.7.0 - 16/03/2020
 

diff --git a/app/views/pages/key-information-and-tools/information-governance-guidance.njk b/app/views/pages/key-information-and-tools/information-governance-guidance.njk
@@ -63,18 +63,18 @@
 
     <h2 class="nhsuk-heading-m">Guidance for IG Professionals</h2>
 
-    <h3 class="nhsuk-heading-m">Legal considerations</h3>
+    <h3 class="nhsuk-heading-s">Legal considerations</h3>
     <p>The legal framework has flexibility when it comes to the processing of information. Information relating to the Covid-19 outbreak should be shared as needed to support individual care and to help tackle the disease through research and planning during the Covid-19 situation. The focus should be to ensure the risk of damage, harm or distress being caused to individual patients and service users is kept to a minimum and that data is only processed where it is necessary to do so and in an appropriate manner.</p>
 
-    <h3 class="nhsuk-heading-m">Confidential Patient Information/Common law duty of confidentiality</h3>
+    <h3 class="nhsuk-heading-s">Confidential Patient Information/Common law duty of confidentiality</h3>
     <p>Confidential patient information should be used as normal to treat individual patients. The Secretary of State has issued notice/s under The Health Service (Control of Patient Information) Regulations 2002 (COPI) requiring confidential patient information to be processed for certain public health secondary purposes set out in Regulation 3(1) of COPI to support tackling the NHS response to Covid-19. COPI itself can also be relied on for other processing of confidential patient information relating to the Covid-19 response where the COPI notices don’t apply. These notices do not apply to any other processing operations and/or for purposes other than for tackling the Covid-19 outbreak.</p>
 
-    <h3 class="nhsuk-heading-m">General Data Protection Regulation (GDPR)</p>
+    <h3 class="nhsuk-heading-s">General Data Protection Regulation (GDPR)</h3>
     <p>The GDPR allows information to be shared for individual care, planning and research. Where health and care information (which would be classed as special category data) is shared for either individual care or to help tackle the disease through research and planning then the relevant Article 6 conditions (official authority, compliance with a legal obligation, public interest and on occasions vital interests) and Article 9 conditions (substantial public interest, the delivery of health and care, vital interests or for public health purposes and scientific research) should be relied on as applicable to the situation.</p>
     <p>The <a href="https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/">principles</a> (Article 5 of GDPR) should continue to be followed. They form a framework of good information management with the key criteria enabling justification of actions taken. If you are not certain of an issue, such as a relevant retention time, then the law is flexible enough to allow you to revisit the issue once the answer becomes clearer.</p>
     <p>If your organisation is going to process personal/confidential patient information in ways not covered by an existing Data Protection Impact Assessment (DPIA), e.g. using videoconferencing for consultations, then a short high level DPIA should be carried out The DPIA should set out the activity being proposed; the data protection risks; whether the proposed activity is necessary and proportionate; the mitigating actions that can be put in place and a plan or confirmation that mitigation has been put in place. DPIAs are scalable, and in some instances this might not take more than a couple of pages. The ICO has produced <a href="https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-impact-assessments/">guidance on carrying out DPIAs</a> and a template that you can refer to. You should also update your privacy notice where data is being processed in new ways.</p>
 
-    <h3 class="nhsuk-heading-m">Further information</h3>
+    <h3 class="nhsuk-heading-s">Further information</h3>
     <p>If your Data Protection Officer or Caldicott Guardian is unsure of appropriate action to take, you can direct Information Governance questions to <a href="mailto:england.igpolicyteam@nhs.net">the NHSX IG Policy team</a>.</p>
 
   </div>