HSCIC IG Training - The Beginners’ Guide To Information Governance
-
Upload
lgtigdepartment -
Category
Law
-
view
680 -
download
3
Transcript of HSCIC IG Training - The Beginners’ Guide To Information Governance
Information Governance andIG Management
The Beginners’ Guide To Information Governance
Version 1.03 – June 2011 1Beginners’ Guide to Information Governance
The Beginners’ Guide To Information Governance
Introduction
Version 1.03 – June 2011 2Beginners’ Guide to Information Governance
Contents
Version 1.03 – June 2011 3Beginners’ Guide to Information Governance
• Why is this training necessary?Part 1. Awareness and Training
• Types of Information and information terms
Part 1. Personal / Sensitive Personal / Anonymous / Confidential
• What do these terms mean?• Who is responsible?Part 2. Confidentiality and Security
• Some example scenarios for discussionPart 3. Example Scenarios
• To confirm your understanding of this topic
Part 4. Summary and Confirmation Questions
Part 1
Version 1.03 – June 2011 4Beginners’ Guide to Information Governance
Training – Why is it necessary?and
Types of Information
Why is Training Needed?
The NHS provides a confidential service
The NHS relies upon patient trust
Version 1.03 – June 2011 5Beginners’ Guide to Information Governance
Types of Information
Version 1.03 – June 2011 6Beginners’ Guide to Information Governance
• Confidential• Personal• Sensitive
personal• Anonymised
Is all information the
same?
Types Of Information
Version 1.03 – June 2011 7Beginners’ Guide to Information Governance
Confidential information
What information is Confidential?
Version 1.03 – June 2011 8Beginners’ Guide to Information Governance
1. Swine 'flu and avian 'flu
2. Your symptoms and general health
3. Only what the doctor wrote down about your health
4. Your name and address
What makes information ‘confidential’?
Version 1.03 – June 2011 9Beginners’ Guide to Information Governance
your private information about you
you gave it to someone who has a duty of
confidence
you expect it to be used in confidence
Confidential Information
UK law says health information is confidential
Types of Information
Version 1.03 – June 2011 10Beginners’ Guide to Information Governance
Name
Address
Date of birth
Home telephone number
Postcode
Confidential
Personal
Sensitive Personal
Anonymous
Types of Information
Version 1.03 – June 2011 11Beginners’ Guide to Information Governance
Racial or ethnic origin
Political opinions
Religious beliefs
Trade union membership
Physical or mental health
Sexual life
Criminal record
Other – e.g. bank
Confidential
Personal
Sensitive Personal
Anonymous
Types of Information
Version 1.03 – June 2011 12Beginners’ Guide to Information Governance
No reference number
No identifier
Mr X from Surrey wins lottery
Cannot be matched to anyone
Confidential
Personal
Sensitive Personal
Anonymous
Confirm – choose which criteria make information ‘confidential’?
Version 1.03 – June 2011 13Beginners’ Guide to Information Governance
??
??
??
Confidential Information
UK law says health information is confidential
It is private and personal to someone?
It is disclosed to someone who has a duty of confidence?
It is expected to be used in confidence?
It has not been given to anyone else?
It is written down?
Confirm – choose which criteria make information ‘confidential’?
Version 1.03 – June 2011 14Beginners’ Guide to Information Governance
??
??
??
Confidential Information
UK law says health information is confidential
It is private and personal to someone
It is disclosed to someone who has a duty of confidence
It is expected to be used in confidence
It has not been given to anyone else?
It is written down?
Types of Information- Summary
Version 1.03 – June 2011 15Beginners’ Guide to Information Governance
• 3 criteriaConfidential
• Such as your name, address, postcodePersonal
• Such as your healthSensitive Personal
• Not personal therefore not confidentialAnonymous
UK law says health information is confidential
UK law says health information is sensitive personal information
Part 2
Version 1.03 – June 2011 16Beginners’ Guide to Information Governance
Confidentiality and Security
Confidentiality and Security
Version 1.03 – June 2011 17Beginners’ Guide to Information Governance
Protecting Information:What and Why?Who and When?How?
What and Why?
Version 1.03 – June 2011 18Beginners’ Guide to Information Governance
What Must be Protected?
Confidential
Personal
Sensitive Personal
Why Protect it?
Legal
Confidential Service
Patient Trust
No Protection
Anonymous
Public Domain
UK law says health information is sensitive personal informationUK law says health information is confidential
Who and When?
Version 1.03 – June 2011 19Beginners’ Guide to Information Governance
Who?
Organisation Board
Health Professionals
All Employees
All 3rd parties
When?
From creation to secure destruction
Locations, Formats
Duty of Confidence even after employment ends
How do we protect information?
Version 1.03 – June 2011 20Beginners’ Guide to Information Governance
Information Governance(The rules on handling information)
Security MeasuresPhysicalPeople
Electronic
Confidentiality Measures
Restrict peopleRestrict information
Train StaffEnforce
SecurityPlan and Overlap
Version 1.03 – June 2011 21Beginners’ Guide to Information Governance
SecurityWhich Measures?
Version 1.03 – June 2011 22Beginners’ Guide to Information Governance
?•CCTV•intruder alarms•passwords•encryption
?
•character references•vetting and background checks•awareness, education and training
?•Walls, fences, gates•lockable doors, windows and cabinets•security lighting
Security MeasuresPlan and Overlap
Version 1.03 – June 2011 23Beginners’ Guide to Information Governance
Electronic• CCTV• intruder
alarms• password
s• encryption
People
• character references
• vetting and background checks
• awareness, education and training
Physical
•Walls, fences, gates•lockable doors, windows and cabinets•security lighting
How Are We Doing?
Version 1.03 – June 2011 24Beginners’ Guide to Information Governance
Incident ReportingProactive
An identified weakness
ReactiveA breach has
occurred
Confidentiality and Security - Summary
Version 1.03 – June 2011 25Beginners’ Guide to Information Governance
• UK law says health information is confidential
Legal Requirement
• What needs protection, why, how, who and when
Confidential and Security
•Plan and overlap physical, people and electronic measuresSecurity
• Vital to improve weaknesses and prevent incidents happening againIncident reports
Part 3
Version 1.03 – June 2011 26Beginners’ Guide to Information Governance
Example Scenarios
Confidentiality and Security Scenarios - Alex’s day at work
Version 1.03 – June 2011 27Beginners’ Guide to Information Governance
By the end of this section you will know that confidentiality and security
involves every member of
staff.
Alex knows that personal
information given to the
NHS is nearly always
confidential - and patient information certainly is.
Alex walks into the hospital where he works. It’s
going to be an eventful day as Alex will face a
number of problems ...
Confidentiality and SecurityScenario 1 - Photocopier
Version 1.03 – June 2011 28Beginners’ Guide to Information Governance
Alex is at a photocopier
and finds a pay statement left in the machine. It
is a hospital employee’s. What should Alex do with
this?
1. Leave it on the photocopier and hope the person comes back to collect
it.2. Tell his line manager and
suggest sending the statement to the Pay Dept and reporting the incident.
3. Go and look for the person and hand it to
them.4. Rip it into
shreds and put it into a bin.
Confidentiality and SecurityScenario 2 - An Unexpected Email
Version 1.03 – June 2011 29Beginners’ Guide to Information Governance
Alex is working at his computer
when he receives an unexpected
email. He sees that it contains a list of patients
that are receiving dialysis
treatment. What should he do
with the email?
1. Delete it.2. Delete it but also mention it
to his line manager when
convenient.3. Forward the
e-mail to colleague and ask what to do.4. Tell his line
manager, report the incident and
secure the information.
Confidentiality and SecurityScenario 3 - A Job Application Form
Version 1.03 – June 2011 30Beginners’ Guide to Information Governance
Alex’s manager is going through a completed job
application forms sent from HR. The ethnicity
sections of the form have not been removed
before being sent to her. She asks
Alex if this is okay. What
should Alex say?
1. Tell his manager that it’s fine - as long as she treats the information
confidentially.2. Tell her that
this is confidential ‘sensitive personal’
information which should be
securely returned to the HR and
reported.3.Tell her that it is
‘sensitive personal’
information but nothing to worry
about.4. Tell her that she should call
HR and complain.
Confidentiality and SecurityScenario 4 - HR Personal File
Version 1.03 – June 2011 31Beginners’ Guide to Information Governance
Alex’s workmate phones him; he says that he is moving some empty cabinets and has just found a full HR file stuck at the back of one of them. What should Alex’s
workmate do?
1. Put the file in an office waste bin and move the cabinet.2. Put the file in the internal mail to the HR Dept.3. Have a quick look through it and leave it in the cabinet.4. Tell his line manager, suggesting the file should be returned to HR and the incident reported.
Confidentiality and SecurityScenario 5 - Paper In a Corridor
Version 1.03 – June 2011 32Beginners’ Guide to Information Governance
Alex finds a sheet of paper on the floor of a hospital corridor. It is a leaflet showing opening times for the staff
shop. On the back is written a name, address and telephone number. It is not a name he knows and it is not
a hospital telephone number. What should he do?
1. Ring the number and tell whoever answers that a sheet has been found with these details on.2. Rip the personal details into small bits and throw them in the bin.3. Pin the leaflet to a nearby notice board where it might be found.4. Put the sheet of paper in his pocket and think about it later.
Confidentiality and SecurityScenario 6 – Visiting Times
Version 1.03 – June 2011 33Beginners’ Guide to Information Governance
Alex is sitting on the bus home. Someone who knows him is sitting nearby and asks Alex what the hospital visiting
times are because her uncle was admitted to the hospital that morning. What can he say?
1. Tell his friend the visiting times2. Tell his friend that he cannot say as this is confidential information3. Tell his friend that he cannot say as this is personal information4. Tell his friend that he cannot say as this is sensitive personal information
Confidentiality and SecurityScenarios - Summary
Version 1.03 – June 2011 34Beginners’ Guide to Information Governance
Confidential information is protected by law.Confidential information may be written or spoken.Confidential information may be about staff or patients (including you and your relatives).We all have a legal responsibility to maintain confidentiality.Reporting incidents is vital to improvement. If you are unsure, seek advice or ask your line manager.
Part 4
Version 1.03 – June 2011 35Beginners’ Guide to Information Governance
The Beginners’ Guide To Information Governance – Summary
andConfirmatory Questions
The Beginners’ Guide To Information Governance - Summary
Version 1.03 – June 2011 36Beginners’ Guide to Information Governance
• A confidential service which relies on public trustThe NHS
• What needs protection, why, how, who and when
Confidential and Security
•Vital to improve weaknesses and prevent incidents happening againIncident reports
• Seek adviceIf in doubt?
UK law says health information is confidentialUK law says health information is sensitive personal information
The Beginners’ Guide To Information Governance
Confirmatory Questions
Version 1.03 – June 2011 37Beginners’ Guide to Information Governance