HSCIC IG Training - The Beginners’ Guide To Information Governance

Information Governance andIG Management

The Beginners’ Guide To Information Governance

Version 1.03 – June 2011 1Beginners’ Guide to Information Governance


Introduction


Contents


• Why is this training necessary?Part 1. Awareness and Training

• Types of Information and information terms

Part 1. Personal / Sensitive Personal / Anonymous / Confidential

• What do these terms mean?• Who is responsible?Part 2. Confidentiality and Security

• Some example scenarios for discussionPart 3. Example Scenarios

• To confirm your understanding of this topic

Part 4. Summary and Confirmation Questions

Part 1


Training – Why is it necessary?and

Types of Information

Why is Training Needed?

The NHS provides a confidential service

The NHS relies upon patient trust




• Confidential• Personal• Sensitive

personal• Anonymised

Is all information the

same?

Types Of Information


Confidential information

What information is Confidential?


1. Swine 'flu and avian 'flu

2. Your symptoms and general health

3. Only what the doctor wrote down about your health

4. Your name and address

What makes information ‘confidential’?


your private information about you

you gave it to someone who has a duty of

confidence

you expect it to be used in confidence

Confidential Information

UK law says health information is confidential



Name

Address

Date of birth

Home telephone number

Postcode

Confidential

Personal

Sensitive Personal

Anonymous



Racial or ethnic origin

Political opinions

Religious beliefs

Trade union membership

Physical or mental health

Sexual life

Criminal record

Other – e.g. bank

Confidential

Personal

Sensitive Personal

Anonymous



No reference number

No identifier

Mr X from Surrey wins lottery

Cannot be matched to anyone

Confidential

Personal

Sensitive Personal

Anonymous

Confirm – choose which criteria make information ‘confidential’?


??

??

??



It is private and personal to someone?

It is disclosed to someone who has a duty of confidence?

It is expected to be used in confidence?

It has not been given to anyone else?

It is written down?

Confirm – choose which criteria make information ‘confidential’?


??

??

??



It is private and personal to someone

It is disclosed to someone who has a duty of confidence

It is expected to be used in confidence

It has not been given to anyone else?

It is written down?

Types of Information- Summary


• 3 criteriaConfidential

• Such as your name, address, postcodePersonal

• Such as your healthSensitive Personal

• Not personal therefore not confidentialAnonymous


UK law says health information is sensitive personal information

Part 2


Confidentiality and Security

Confidentiality and Security


Protecting Information:What and Why?Who and When?How?

What and Why?


What Must be Protected?

Confidential

Personal

Sensitive Personal

Why Protect it?

Legal

Confidential Service

Patient Trust

No Protection

Anonymous

Public Domain

UK law says health information is sensitive personal informationUK law says health information is confidential

Who and When?


Who?

Organisation Board

Health Professionals

All Employees

All 3rd parties

When?

From creation to secure destruction

Locations, Formats

Duty of Confidence even after employment ends

How do we protect information?


Information Governance(The rules on handling information)

Security MeasuresPhysicalPeople

Electronic

Confidentiality Measures

Restrict peopleRestrict information

Train StaffEnforce

SecurityPlan and Overlap


SecurityWhich Measures?


?•CCTV•intruder alarms•passwords•encryption

?

•character references•vetting and background checks•awareness, education and training

?•Walls, fences, gates•lockable doors, windows and cabinets•security lighting

Security MeasuresPlan and Overlap


Electronic• CCTV• intruder

alarms• password

s• encryption

People

• character references

• vetting and background checks

• awareness, education and training

Physical

•Walls, fences, gates•lockable doors, windows and cabinets•security lighting

How Are We Doing?


Incident ReportingProactive

An identified weakness

ReactiveA breach has

occurred

Confidentiality and Security - Summary


• UK law says health information is confidential

Legal Requirement

• What needs protection, why, how, who and when

Confidential and Security

•Plan and overlap physical, people and electronic measuresSecurity

• Vital to improve weaknesses and prevent incidents happening againIncident reports

Part 3


Example Scenarios

Confidentiality and Security Scenarios - Alex’s day at work


By the end of this section you will know that confidentiality and security

involves every member of

staff.

Alex knows that personal

information given to the

NHS is nearly always

confidential - and patient information certainly is.

Alex walks into the hospital where he works. It’s

going to be an eventful day as Alex will face a

number of problems ...

Confidentiality and SecurityScenario 1 - Photocopier


Alex is at a photocopier

and finds a pay statement left in the machine. It

is a hospital employee’s. What should Alex do with

this?

1. Leave it on the photocopier and hope the person comes back to collect

it.2. Tell his line manager and

suggest sending the statement to the Pay Dept and reporting the incident.

3. Go and look for the person and hand it to

them.4. Rip it into

shreds and put it into a bin.

Confidentiality and SecurityScenario 2 - An Unexpected Email


Alex is working at his computer

when he receives an unexpected

email. He sees that it contains a list of patients

that are receiving dialysis

treatment. What should he do

with the email?

1. Delete it.2. Delete it but also mention it

to his line manager when

convenient.3. Forward the

e-mail to colleague and ask what to do.4. Tell his line

manager, report the incident and

secure the information.

Confidentiality and SecurityScenario 3 - A Job Application Form


Alex’s manager is going through a completed job

application forms sent from HR. The ethnicity

sections of the form have not been removed

before being sent to her. She asks

Alex if this is okay. What

should Alex say?

1. Tell his manager that it’s fine - as long as she treats the information

confidentially.2. Tell her that

this is confidential ‘sensitive personal’

information which should be

securely returned to the HR and

reported.3.Tell her that it is

‘sensitive personal’

information but nothing to worry

about.4. Tell her that she should call

HR and complain.

Confidentiality and SecurityScenario 4 - HR Personal File


Alex’s workmate phones him; he says that he is moving some empty cabinets and has just found a full HR file stuck at the back of one of them. What should Alex’s

workmate do?

1. Put the file in an office waste bin and move the cabinet.2. Put the file in the internal mail to the HR Dept.3. Have a quick look through it and leave it in the cabinet.4. Tell his line manager, suggesting the file should be returned to HR and the incident reported.

Confidentiality and SecurityScenario 5 - Paper In a Corridor


Alex finds a sheet of paper on the floor of a hospital corridor. It is a leaflet showing opening times for the staff

shop. On the back is written a name, address and telephone number. It is not a name he knows and it is not

a hospital telephone number. What should he do?

1. Ring the number and tell whoever answers that a sheet has been found with these details on.2. Rip the personal details into small bits and throw them in the bin.3. Pin the leaflet to a nearby notice board where it might be found.4. Put the sheet of paper in his pocket and think about it later.

Confidentiality and SecurityScenario 6 – Visiting Times


Alex is sitting on the bus home. Someone who knows him is sitting nearby and asks Alex what the hospital visiting

times are because her uncle was admitted to the hospital that morning. What can he say?

1. Tell his friend the visiting times2. Tell his friend that he cannot say as this is confidential information3. Tell his friend that he cannot say as this is personal information4. Tell his friend that he cannot say as this is sensitive personal information

Confidentiality and SecurityScenarios - Summary


Confidential information is protected by law.Confidential information may be written or spoken.Confidential information may be about staff or patients (including you and your relatives).We all have a legal responsibility to maintain confidentiality.Reporting incidents is vital to improvement. If you are unsure, seek advice or ask your line manager.

Part 4


The Beginners’ Guide To Information Governance – Summary

andConfirmatory Questions

The Beginners’ Guide To Information Governance - Summary


• A confidential service which relies on public trustThe NHS

• What needs protection, why, how, who and when

Confidential and Security

•Vital to improve weaknesses and prevent incidents happening againIncident reports

• Seek adviceIf in doubt?

UK law says health information is confidentialUK law says health information is sensitive personal information


Confirmatory Questions


HSCIC IG Training - The Beginners’ Guide To Information Governance

Law

Transcript of HSCIC IG Training - The Beginners’ Guide To Information Governance