The ICO wants to know how we all use privacy impact assessments (PIAs) . If you are keen you can take a look and complete his online questionnaire. Be quick though it's due to be taken down on 20th July!
NHS organisations in transition and CCGs coming on line really should be 'bang up to date' with the application of PIAs - make sure that you have completed them as appropriate. If you have not yet read the ICO's handbook on PIA's you can get it here: http://www.ico.gov.uk/upload/documents/pia_handbook_html_v2/index.html
A PIA really should be completed before you engage in any project which might have implications for people's privacy. That will include a major reorganisation and transfer of patient and staff information.
These things are not mandatory yet but you can expect a hard time from the ICO if an organisation 'messes up' in respect of some major issue of privacy and has not completed a PIA
Watch out though the European Commission's proposed Data Protection Regulation is set to make 'data protection impact assessments' (the same thing really) mandatory in some circumstances.