INFORMATION INFORMATION GOVERNANCE AND GOVERNANCE AND CONFIDENTIALITYCONFIDENTIALITY

Information Governance FacilitatorInformation Governance Facilitator

What is Information Governance?What is Information Governance?

Information Governance (IG) ensures that Information Governance (IG) ensures that information (personal or corporate) is dealt information (personal or corporate) is dealt with in a legal and ethical manner.with in a legal and ethical manner.

Every member of staff handles information Every member of staff handles information on a day-to-day basis, so you need to on a day-to-day basis, so you need to make sure you comply with the legislation.make sure you comply with the legislation.

Why is Information Why is Information Governance Important ?Governance Important ?

If you don’t comply with the If you don’t comply with the legislation you will more than legislation you will more than likely have committed a likely have committed a criminal offencecriminal offence

YouYou can be held legally can be held legally responsible.responsible.

INFORMATION

GOVERNANCE

PERSONALINFORMATION

CORPORATEINFORMATION

USING & TRANSFERRING

PATIENTINFORMATION

RECORDINGINFORMATION

PROTECTING &STORING

INFORMATION

DATA PROTECTION

ACT

FREEDOM OF

INFORMATIONACT

CALDICOTTREPORT

INFORMATION SECURITY

RECORDS MANAGEMENT

What Does IG Cover?What Does IG Cover?

Personal InformationPersonal Information

Is covered by the Data Is covered by the Data Protection ActProtection Act

Includes patient and staff Includes patient and staff informationinformation

Paper and computerised Paper and computerised recordsrecords

Penalties for breaching Penalties for breaching confidentialityconfidentiality

Main Points - Data ProtectionMain Points - Data ProtectionPersonal information should be:Personal information should be:

Processed fairly and lawfullyProcessed fairly and lawfully

Adequate, relevant & not excessiveAdequate, relevant & not excessive

Accurate & up-to-dateAccurate & up-to-date

Not kept longer than is necessaryNot kept longer than is necessary

Kept secureKept secure

The Data Protection Act is Not a The Data Protection Act is Not a Barrier to Sharing Information.Barrier to Sharing Information.

When can I use and share patient information?When can I use and share patient information?

When it is When it is necessarynecessary for the provision of a for the provision of a patient’s health care.patient’s health care.

Other reasons to share or disclose personal information:Other reasons to share or disclose personal information:

When the law requires When the law requires To prevent harm to the patient or to others To prevent harm to the patient or to others

(eg suicide or murder)(eg suicide or murder) In the overriding public interestIn the overriding public interest

All other uses and disclosures require consent from the individualAll other uses and disclosures require consent from the individual

Rights of IndividualsRights of Individuals

Right to see their records Right to see their records

Right to object to inaccurate Right to object to inaccurate entriesentries

Right to request that inaccurate Right to request that inaccurate data is correcteddata is corrected

Right to compensationRight to compensation

Corporate InformationCorporate Information Under the FOI Act, anyone can Under the FOI Act, anyone can

request recorded information held request recorded information held by the PCT by the PCT

Reports, accounts, policies, Reports, accounts, policies, correspondence (inc. e-mails)correspondence (inc. e-mails)

Requests may be from the Press, Requests may be from the Press, Political Parties, Pressure Groups Political Parties, Pressure Groups or individualsor individuals

20 working days to produce 20 working days to produce information if it is not exemptinformation if it is not exempt

FOI Publication schemesFOI Publication schemes

Using and Transferring Using and Transferring Patient InformationPatient Information

The Caldicott Report The Caldicott Report reviewed the use and reviewed the use and transfer of patient-transfer of patient-identifiable informationidentifiable information

6 Caldicott principles6 Caldicott principles Recommended that every Recommended that every

Trust have a Caldicott Trust have a Caldicott GuardianGuardian

The 6 Caldicott PrinciplesThe 6 Caldicott Principles

Justify the purpose(s) for using Justify the purpose(s) for using confidential informationconfidential information

Only use it when absolutely necessaryOnly use it when absolutely necessary Use the minimum that is requiredUse the minimum that is required Access should be on a strict need-to-Access should be on a strict need-to-

know basisknow basis Everyone must understand his or her Everyone must understand his or her

responsibilitiesresponsibilities Understand and comply with the lawUnderstand and comply with the law

Information SecurityInformation Security Physical and access controlsPhysical and access controls Notes/screens not left on Notes/screens not left on

viewview Password protectionPassword protection Transfer of records by postTransfer of records by post Telephone enquiriesTelephone enquiries Fax machinesFax machines Overheard conversationsOverheard conversations

Records ManagementRecords Management

Records Management Records Management Policy (includes storage, Policy (includes storage, retention, archiving and retention, archiving and destruction of records)destruction of records)

Archiving – Make sure you Archiving – Make sure you store and archive records store and archive records correctly (can they be traced correctly (can they be traced if they are needed at some if they are needed at some point in the future?)point in the future?)

Who is Responsible for Information Who is Responsible for Information Governance?Governance?

WE ALL AREWE ALL ARE