Presentation on theme: "Information Governance, Love it or Hate it!"— Presentation transcript:
1Information Governance, Love it or Hate it! Norman PottingerInformation Governance Manager
2Admin and Introductions Fire alarmsPlease turn off or silence mobile phonesThere will be a break for coffeeNo hand-outs but I will send the slides to Sam if you want a copy
3Objectives To support the IG on-line training tool Give you some more “local” guidanceHelp you to understand wider implications of Information GovernanceKeep you and your employers out of jail!Answer (if I can) your questions
4Quiz On your own or in pairs, or groups – your choice Just take ten minutes to do thisWe will discuss your answers at the end of the session
5What is Information governance? All and anything to do with informationData Protection ActFreedom of InformationCaldicott (1 and 2)Human RightsRecords ManagementInformation SecurityData Quality
6Data Protection Act 1998 European Legislation 8 principles Covers Personal Data and Sensitive DataTest!Define Personal DataDefine Sensitive DataGives rights to individuals (Data Subjects)Responsibility is personal
7First Principle “Personal Data shall be processed fairly and lawfully” Fair processing noticesNo surprisesAccess to personal data must be restricted and appropriate
8If you get it wrongA member of staff working in a GP practice illegally looked at the records of more than a thousand patients. As a result he was fined for a breach of the Data Protection Act.Total fine over £1000The Information Commissioner has fined an ex GP's receptionist for accessing a patients notes. The receptionist from a practice in Hampshire looked up details of her ex husbands new wife on a number of occasions.Total fine over £1100NHS England (formally the NHS Commissioning Board) are having to pay a £200,000 fine because NHS Surrey (whose services have moved to NHS England) failed to ensure that PCs they arranged to be "cleaned" by a third party were being sold on still containing patient identifiable information.An ex-employee of University Hospitals of Leicester NHS Trust has been convicted of computer misuse after inappropriately accessing patient records. They received a six-month custodial sentence.
9Caldicott 1 and 2 Caldicott review 1997 Caldicott “2” 2013 Reviewed use of and access to patient recordsEstablished the role of the Caldicott GuardianOriginal 6 principlesCaldicott “2” 2013Clarified the H&SCA 2012 in relation to PCDTasked NHS England and the HSCIC with providing more guidance and clarity26 recommendations – all accepted by the department of HealthAdded a 7th principleLet’s look at CaldicottIn 1997 Dame Fiona Caldicott asked to look at how the NHS manages patient information.Several recommendations including the appointment of Caldicott Guardians.Also the original 6 principlesCaldicott 2 started in 2012 but reported in 2013.Dismayed at the state of patient confidential in the NHS.Further 26 recommendations which the DH have agreed to. A lot of these put the onus on HSCIC and NHS England to put some rules and regulations in place. Biggie for CCGs is that it reinforced what was actually already the case that CCGs cannot process personal confidential data.Added the 7th principle. And slightly changed the original 6, mainly changing the reference to PCD.
10Caldicott Principles Justify the purpose Don’t use patient confidential data (PCD) unless it is absolutely necessaryUse the minimum that is necessaryAccess to PCD should be on a strict need to know basisEveryone with access to PCD should be aware of their responsibilitiesComply with the LawThe duty to share information can be as important as the duty to protect patient confidentialityMain change apart from adding the 7th principle is that reference is now to PCD where before it simply referred to personal information.
11Information Security Principle 7 of the Data Protection Act Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
13PasswordsPasswords are like underpants. They should be changed regularly, they are best kept hidden, and they shouldn’t be shared.So what about passwords?Talk about two main reasons for passwords.Security only giving access to stuff you are allowed to see.AndAudit it is done under your login so you did it!!!!
14Good or badonedirection1directiontbbbitwtN1bbitwNj89219*nel(m,LKH
18Monitors – easy for a patient to lean over and see what is on the screen – which might not be about them.
19Whilst providing a quick way to call a patient in, it does tell everyone else in the waiting room the name of another patient.
20Unattended notes – I have seen practices where although the door to the filing room was locked the window to the outside world was left wide open!!In this case someone working in the filing room, gets hot, opens the window, goes for a cup of tea later doesn’t shut the window……….
21Curtains contrary to what you may have heard are not soundproof!! More of a problem in hospital but shutting the curtains does not stop everyone else from hearing your discussion.
23Summary Care Record Populate a central register of all patients Summary only (although enhanced data may be uploaded later)Available to all cliniciansPrimary use of data (for direct patient care)Patients can opt-out
24Care.Data (HSCIC) NOW DELAYED UNTIL OCTOBER 2014 Populate a central record of all patientsContains full patient records (read coded items)Data is anonymised or pseudonymised within the HSCICLinks primary care to secondary care dataCollection of data is given legal basis under the H&SCAData is for secondary use (i.e. not direct patient care)GPs and Patients DO NOT have a legal right to opt outAnd the dreaded care.dataAs you will now be aware the HSCIC have agreed to defer the collection of data until the Autumn to enable them to make more information available to clarify their obligations and patients rights around sharing (or not) their data.Did you all get your leaflet by the way?No legal right to opt out under DPA as the collection of data is mandated under the H&SCA 2012.The secretary of state for health has however given patients an opt out.
25Let’s review the answers QuizLet’s review the answers