PERFORMANCE: NHS Dudley could be in breach of its statutory obligations on information governance.

The PCT’s board papers say there have been serious incidents involving human resources and the loss or disclosure of employee data. As a result, the PCT’s information governance team believe HRBC, the company it employs to process human resources data, is an “unsure data processor for NHS Dudley”.

The papers also say Dudley and Walsall Mental Health Partnership Trust has experienced a “substantial decrease” in its compliance with national information governance toolkit standards, from 80 per cent when the trust was created to 31 per cent in April 2011.

Following a recent Information Commissioner decision notice against NHS Birmingham East and North, the mental health trust has also confirmed a similar non-compliance in systems access, which would “as a result place NHS Dudley in breach of its statutory obligations”, according to the papers.

Current controls such as Data Processor Agreements and updated SLAs have been debated since August 2010 “without satisfactory conclusion”.