Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

Published byGodwin George Lewis Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk."— Presentation transcript:

1 1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk

2 2 Objectives Explain what Information Governance is Introduce you to the I.G. Toolkit Give some pointers to completing the toolkit Answer any question you may have

3 3 A Definition Wikipaedia defines Information Governance as: “a set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage information on all media in such a way that it supports an organisation's immediate and future regulatory, legal, risk, environmental and operational requirements”

4 4 So What? Legal requirement –Supported by significant fines –Evolving case law Protection of reputation –Breach of trust between patient and Dentist –Toolkit scores available to all Protection of patients –Sensitive data “in the wild” –Potential harm/distress –Identify theft

5 5 For Example Information Commissioner now has the power to issue fines up £500,000 Hertfordshire County Council fined £100,000 for misdirected fax A4C fined £60,000 for loss of unencrypted laptop

6 6 There’s More! USB memory stick lost containing details of 200 mental health patients Unencrypted laptop stolen from home - Doctor suspended Over 17,000 USB memory sticks left at dry cleaners during 2010

7 7 Information Governance Data Protection Act 1998 Freedom of Information Act 2000 Confidentiality Code of Practice Records Management Information Quality Assurance Information Security (ISO27001) Information Governance Management

8 8 Dental Defence Union Advice Avoid storing identifiable personal data on mobile devices Have an Information Security Policy in place & ensure staff are aware of it Never store patient data on staff home computers or laptops Be aware of relevant ethical & legal guidance specifically from the GDC & the NHS Prevent unauthorised access to confidential information, for example using password protection & providing members of staff, including locums, with unique passwords.

9 9 More….. Ensure electronic means of communication such as fax & email are secure before sending information Report any loss of data straightaway to the nominated senior person in the Practice, so that action can be taken to prevent further breaches & the ICO can be informed, if appropriate Take advice from IT specialists on ensuring the security of any patient information which is held electronically & this extends to sharing data & disposing of it securely when it is no longer needed. Ensure you have a written contract, outlining confidentiality requirements, with third party suppliers such as the company that repairs & maintains your computer.

10 10 Manual Data Everyone concentrates on computers - manual data is also vulnerable –Card indexes –Patient Files –X-ray images –Correspondence

11 11 The I.G. Toolkit An opportunity to easily provide assurance to Commissioners and Patients Clear expectations, understandable requirements A “compliance check” on legal requirements Source of exemplar documents Source of key guidance Robust Governance processes

12 12 The I.G. Toolkit Self assessment which is auditable Applies to all organisations who provide into the NHS 16 evidence focused requirements –Scored between 0 and 3 Level 0-Nothing done Level 1-Have a plan, some preparation Level 2-Have completed the plan, it works Level 3-Review, monitor & update the process.

13 13 The Requirements (1) Information Governance Management 9-114 Responsibility for Information Governance has been assigned to an appropriate member, or members, of staff 9-115 There is an information governance policy that addresses the overall requirements of information governance 9-116 All contracts (staff, contractor and third party) contain clauses that clearly identify information governance responsibilities 9-117 All staff members are provided with appropriate training on information governance requirements

14 14 The Requirements (2) Confidentiality and Data Protection Assurance 9-209 All person identifiable data processed outside of the UK complies with the Data Protection Act 1998 and Department of Health guidelines 9-212 Consent is appropriately sought before personal information is used in ways that do not directly contribute to the delivery of care services and objections to the disclosure of confidential personal information are appropriately respected 9-213 There is a publicly available and easy to understand information leaflet that informs patients/service users how their information is used, who may have access to that information, and their own rights to see and obtain copies of their records 9-214 There is a confidentiality code of conduct that provides staff with clear guidance on the disclosure of personal information

15 15 The Requirements (3) Information Security Assurance 9-304 Monitoring and enforcement processes are in place to ensure NHS national application Smartcard users comply with the terms and conditions of use 9-316 There is an information asset register that includes all key information, software, hardware and services 9-317 Unauthorised access to the premises, equipment, records and other assets is prevented 9-318 The use of mobile computing systems is controlled, monitored and audited to ensure their correct operation and to prevent unauthorised access 9-319 There are documented plans and procedures to support business continuity in the event of power failures, system failures, natural disasters and other disruptions 9-320 There are documented incident management and reporting procedures 9-321 There are appropriate procedures in place to manage access to computer-based information systems 9-322 All transfers of hardcopy and digital personal and sensitive information have been identified, mapped and risk assessed; technical and organisational measures adequately secure these transfers

16 16 Quick Wins 9-209 All person identifiable data processed outside of the UK complies with the Data Protection Act 1998 and Department of Health guidelines 9-304 Monitoring and enforcement processes are in place to ensure NHS national application Smartcard users comply with the terms and conditions of use

17 17 www.igt.connectingforhealth.nhs.uk

18 18 What you need to do Register your practice with the toolkit –The I.G. lead or an “appointed administrator” needs to register first You will need –Your Organisation Code (ODS Code) –A “work” email address Administrators can –Set up other users –Approve and submit your toolkit return

19 19

Download ppt "1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk."

Similar presentations

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?
Introduction to Information Governance (IG)

Introduction to Information Governance (IG)
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
University Safety Office 10 Parks Road Oxford OX1 3PD 01865 270811 https://www.admin.ox.ac.uk/safety Health and Safety Self Assurance Toolkit Directly.

University Safety Office 10 Parks Road Oxford OX1 3PD Health and Safety Self Assurance Toolkit Directly.
Information Governance. “ensuring the confidentiality, accuracy and availability of patient information” Why Information Governance?

Information Governance. “ensuring the confidentiality, accuracy and availability of patient information” Why Information Governance?
Rev.DescriptionAuthorDate 0.0First draftDavid Stone14/07/10 0.1ReviewPhil Walker Magi Nwoli Tony Heap Vanessa Kaliapermall 15/07/10 1.0FinalDavid Stone18/07/10.

Rev.DescriptionAuthorDate 0.0First draftDavid Stone14/07/10 0.1ReviewPhil Walker Magi Nwoli Tony Heap Vanessa Kaliapermall 15/07/10 1.0FinalDavid Stone18/07/10.
Information Governance – Who Cares? Alistair Stewart Information Governance Co-ordinator.

Information Governance – Who Cares? Alistair Stewart Information Governance Co-ordinator.
Clare Sanderson Executive Director of Information Governance The NHS Information Centre for health and social care.

Clare Sanderson Executive Director of Information Governance The NHS Information Centre for health and social care.
Confidentiality & Records Management. What is Information Governance? What is Records Management?

Confidentiality & Records Management. What is Information Governance? What is Records Management?
Data Protection.

Data Protection.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Security Controls – What Works

Security Controls – What Works
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Network security policy: best practices

Network security policy: best practices
Data Protection Recruitment Process

Data Protection Recruitment Process
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Similar presentations

Ads by Google