All members of UCL School of Life and Medical Sciences (SLMS) who manage highly confidential information, including principal and chief investigators, staff, students, senior managers, and even those who just supervise people who directly handle confidential information, and support staff who do not have direct access to data, are expected to undertake annual training on handling highly confidential information.
As of October 2018, anyone with an email address which ends '.ac.uk' can register themselves for the approved training. Trainees will need to register for and complete NHS Digital’s Data Security Awareness (NHSD) course provided by e-Learning for Health. When asked, you can register your role as a “Further Education and Higher Education Researcher (Education)” which should provide you access to the course. The course covers data security awareness, the law, threats to data security, breaches and incidents, and the General Data Protection Regulation. Completion of the course will be sufficient evidence of basic information governance training to handle highly confidential information under the SLMS Information Governance Training Policy.
Familiar courses that do not cover the depth and breadth of topics required for the Information Governance requirement are:
- Good Clinical Practice training
- UCL's GDPR training (until further notice)
- Information Security training
- ONS researcher accreditation
The Training & Awareness service will independently retrieve some results of training from e-Learning for Health, though only for those who list their organisation code as 'EE133902 - University College London' (not a department name or partner organisation). This will occur once per week, after which trainees' up-to-date training will be recorded in the SLMS IG training register (a UCL login is required to access the training register and users may see their own records and records of their employees only). If your organisation is registered as anything other than 'EE133902 - University College London' then you will not appear in our administrator reports, and there may be other reasons why you do not appear in our reports (see below guidance on uploading a certificate in those circumstances).
Uploading evidence of your training manually
If you have completed the NHS Digital Data Security Awareness course through e-Learning for Health then a certificate should be available once you log in to the e-LfH portal (http://nhsdigital.e-lfh.org.uk/) and find it under ‘My Activity’, near the top right of the screen.
You can upload a certificate or screenshot with your name and the date your training was undertaken (UCL member's login required).
As stated above you can register for NHS Digital's Data Security Awareness (NHSD) course by clicking here.
If training has been completed by a user who is external to UCL and you need to notify us of this please upload a certificate or a screenshot with the name and date the training was completed visible (UCL member's login required).
Exceptions to these requirements:
If you have had NHS-provided information governance training in the last twelve months and can show a certificate of this, please send this directly to email@example.com
Any queries in relation to undertaking information governance training should be forwarded to firstname.lastname@example.org.