The CODE iComply solution brings together the requirements of the Data Protection Act, GDPR and the NHS Online Toolkit.

This seeming complexity is simplified by assigning the requirements into three areas. Compliance is delivered through easy to use policies, procedures, audits and risk assessments:

• Data Protection (M 216) – this provides an overview of all data processing requirements including the Data Protection Act (DPA) and the GDPR. It is supported by the CODE Data Protection and Information Security Policy (M 233-DPA) and the GDPR Action Plan, which you follow the first time to set everything up
• Information Governance – which provides the main procedures, policies and risk assessments to meet your data protection requirements in a format that can be used for the NHS IG Online Toolkit. It consists of a suite of 19 templates from (M 217A) the IG Improvement Plan to (M 217UA) Contract for a Data Processor
• Consent – covers all aspects of consent. This includes patient consent for treatment, patient consent for marketing and non-patient consent for marketing too. Patient confidentiality is covered too. Some of the most important CODE templates for this area include Valid Consent for treatment (M 292), Communication Consent Form (M 217RA), Consent for Clinical Photography (M 217RB), Data Requests Record (M 217RX) and Confidentiality Policy (M 233-CON)