Rationale:

Understanding and documenting your care system's structure and governance arrangements will enable you to ensure you have the appropriate representation from each organisation in your care system. It will also enable you to understand the organisation types within the care system, which will in turn help you to determine the legal basis on which data can be processed and the role of each organisation as a data controller or data processor.

 ACTIONS
You should now determine and record:

• the organisations which make up your care system
• appropriate senior leads responsible for data management and information governance within each organisation wishing to process personal data that has undergone pseudonymisation for integrated care purposes e.g. Data Protection Officers (DPOs) or Senior Information Risk Owners (SIROs)
• an organisational structure diagram

This information can be recorded in the SUDGT input tool.

• Organisations must be established, legal entities (e.g. providers, commissioners, local authorities, third party organisations), with whom binding contracts can be signed

• Most new care system constructs e.g. Sustainability and Transformation Partnerships (STPs) and Integrated Care Systems (ICSs) are not formal entities and cannot assume legal responsibilities in their own right

• Care systems must include organisations with statutory duties for secondary use activities as these will be the organisations with the overarching responsibility for commissioning the services in scope