Introduction to Information Governance (IG) IG Policy Team NHS Connecting for Health.
-
Upload
kole-rayer -
Category
Documents
-
view
223 -
download
0
Transcript of Introduction to Information Governance (IG) IG Policy Team NHS Connecting for Health.
Introduction to Information Governance (IG)
IG Policy TeamNHS Connecting for Health
Key Learning Points What is Information Governance? What do YOU need To Do to make this work?
Follow the Caldicott GuidelinesProvide a confidential serviceComply with the Law
Understand the Data Protection Act PrinciplesRecognise a Freedom of Information Act request
Follow the Records Management NHS CodeKeep Information Secure Input Quality Information
What is IG?
IG is to do with how NHS/Social Care organisations and individuals handle information
Information means:
E.g. Name, Date of Birth, Home address
E.g. ethnicity, disease, medical condition, sexual life
E.g. Contracts for suppliers, minutes of meetings, finance details
Personal
Sensitive
Corporate
Handling information means
Holding it securely and confidentially
Obtaining it fairly and efficiently
Recording it accurately and reliably
Using it effectively and ethically
Sharing it appropriately and lawfully
What is IG?
IG is to do with how NHS/Social Care organisations and individuals handle information
IG is a series of best practice guidelines and principles of the Law to be followed by NHS/Social Care organisations and individuals
Core elements of IG
Data Protection Act 1998 Freedom of Information Act 2000 Information Security Standards – ISO/IEC
17799: 2005 and IS Management NHS Code of Practice
The NHS Confidentiality Code of Practice The Records Management NHS Code of
Practice Information Quality Assurance
IG Toolkit
Organisation Self Assessment against national set of standards. Annual submission.
Adopted by NHS, Social Care, GP and Commercial Third Parties.
Online Tool Process may be subject to internal and
external audit Past reports available online For further information on the IG Toolkit go to:
www.igt.connectingforhealth.nhs.uk
What is IG?
IG is to do with how NHS/Social Care organisations and individuals handle information
IG is a series of best practice guidelines and principles of the Law to be followed by NHS/Social Care organisations and individuals
IG is the core foundation for high quality healthcare using good quality information
IG is the responsibility of every employee!
What do YOU need To Do
to make this work?
Confidentiality
Do not share without consent
1997 Caldicott Report
The Caldicott Guardian
Follow the Confidentiality Caldicott Guidelines
1. Justify the purpose of using confidential information
2. Only use it when absolutely necessary
3. Use the minimum required
4. Allow access on a strict need-to-know basis
5. Understand your responsibility
6. Understand and comply with the law
CDDFT Key Information Governance Staff
Caldicott Guardian – Dr Alan McCulloch
Senior Information Risk Owner – Sue Jacques(Chief Operating Officer and Director of Finance)
Data Protection Officer – Lisa Wilson(Head of Information Governance & IT Security)
FOI Lead – Joanna Tyrell (nee Jenkins)
If you are not sure, don’t disclose
and seek further advice from your
line Manager or Caldicott Guardian
Provide a Confidential Service
Protect individual’s information by recording relevant data, accurately, consistently, keeping it secure and confidential.
Inform a patient how their information is used and when it may be disclosed
Provide choice to patients to decide whether their information can be disclosed
Always look to Improve the way you/the organisation protects, informs and provides choice to the patient/clients/employees.
Improve
Protect Inform
Provide Choice
Improve
Personal information shared in confidence should not be used or disclosed further without the consent of the individual
(Common Law Duty of Confidence)
Comply with the Law
The Data Protection PrinciplesPersonal data must be:1.Processed fairly and lawfully2.Processed for specified purposes3.Adequate, relevant and not excessive4.Accurate and up-to-date5.Not kept for longer than necessary6.Processed in accordance with the rights of data subjects7.Protected by appropriate security (practical and organisational)8.Not transferred outside the EEA without adequate protection
Data Protection Act 1998 – It is your responsibility to understand the principles in relation to your role and your organisation
Comply with the LawCan you recognise a Freedom of Information (FOI) Act
Request?
Dear Sir/Madam
I would like to know
how much the Trust is
spending on the
refurbishment of the
A&E ward, due to be
completed in March
2007.
I would like a list of
the new medical and
non medical
equipment being
purchased for this
ward.
Yours sincerely
Mickey Mouse
Dear FOI Lead
I have recently
undergone an
operation on my hip at
your Trust and would
like to see all the
notes in my Health
Record regarding this
period of care.
Please give me an
indication of when this
information can be
provided to me.
Yours sincerely
Betty Boo
Which of A or B is an FOI request?
What you need to know about FOI
Gives the public the right to access/view all non-personal public authority information upon request
Requests must be in writing
All staff must know who their FOI Lead is and be able to access/refer to their contact details.
The requester may not and need not quote the FOI Act
The organisation must respond within 20 working days
Exemptions may apply for non disclosure – FOI Lead will determine this.
What you need to know about FOI
Penalties for non compliance with or breach of the Act applies to the:
•Organisation•Chief Executive•Possibly Individual staff
Follow the Records Management NHS Code of Practice
Best Practice guidance states:
All Staff have a legal and professional obligation to be responsible for any records which they create or use in the performance of their duties.
Any record created by an individual, up to the end of its retention period, is a public record and subject to Information requests (FOI and Subject Access).
Subject Access Request?Subject Access Request?
Record Lifecycle
Determine whether records are worthy
of permanent archival
preservation
Record Lifecycle
Creation Using Retention
Create & log Quality
information
Use/handle in accordance with Data Protection
Act
Keep/maintain in line with
NHS recommended
Retention Schedule
Dispose appropriately according to
policy
Appraisal DisposalC
lose
Rec
ord
Record Quality Information
Keep all types of information:
Accurate
Up to date
Complete – Including NHS Number
Quick and easy to find
Free from duplication
Free from fragmentation
}Better
Healthcare
Keep Information Secure
Follow Organisation Policies Protect Information Physically Practice Password Management Transfer Information Securely Report Breaches of Security to
Management
It is your responsibility to keep all personal and sensitive information secure
Information Governance is the responsibility of every
employee, so keep up the good work and aim to be 100%
compliant.
Further Guidance and useful links
DH: Confidentiality NHS Code of Practice
DH: Records Management NHS Code of Practice
The Data Protection Act 1998
The Freedom of Information Act 2000
The IG Policy Team website
The Department of Health website
Information Commissioners Office website (more information and guidance on FOI and DPA)