Information Governance Outline What is Information Governance What initiatives does IG cover
Information Governance “is a framework for handling personal information in a confidential and secure manner to appropriate ethical and quality standards in a modern health service”
Information Governance contents Caldicott Confidentiality: NHS Code of Practice BS7799 / ISO 17799 Information Security Management Data Protection Act 1998 Records Management - HSC 1999/053 for the record Information Quality Assurance – Data Accreditation Freedom of Information Act 2001 Controls Assurance – IM&T and Records Management Plus other standards and initiatives yet to be defined
Information Governance Caldicott Report HSC 1999/053 Records Management EPR /Common Clinical Systems The Law: DPA 1998 Human Rights Act 1998 Freedom of Information Act 2000 Common Law ISO17799 Quality Risk Management Controls Assurance Professional regulations Ethics, Ethnicity& Beliefs Local Traditions & Practices Data Accreditation Process Data quality audit Security & confidentiality audit NHS Numbers project NSTS/Exeter Technological & Sociological Change ChoiceSeamless ServicesProtection Privacy Health Service Functions ServiceQualityResearchManagement
Information Governance Standards drawn together from the core Information Governance initiative Underpins the ICRS Modelled around Holding information securely and confidentially Obtaining information fairly and efficiently Recording information accurately and reliably Using information effectively and ethically Sharing information appropriately and lawfully
Information Governance Caldicott Confidentiality: Code of Practice Confidentiality covers ALL TYPES of information Caldicott Principles (applies to patient information) Justify the purpose(s) for using confidential information Only use it when absolutely necessary Use the minimum that is required Access should be on a strict need-to-know basis Everyone must understand their responsibilities Understand and comply with the law
Information Governance Confidentiality: Code of practice – read it –Gives guidance on when consent is required to share/disclose information –This will be covered by the Trusts policies and procedures –Do not share/disclose information without guidance from your line manager and the Information Governance Lead Employees must report any breaches in confidentiality to the Information Governance Lead
Information Governance Confidentiality –Common Law – Duty of Confidence All NHS bodies and those carrying out functions on behalf of the NHS have a common law duty of confidentiality to patients and an duty to maintain professional ethical standards of confidentiality
Information Governance Information Security –Based on ISO 17799 Code of Practice Information Security Management –Controls Assurance IM&T Employees must report any breaches in information security to the Information Governance Lead
Information Governance Employee’s Responsibilities Employee’s MUST not Divulge their password to anyone Allow other users to access a system whilst logged in under their password Share any information with any persons not authorised to see it Attempt to access any system or information they are not authorised to do so
Information Governance Data Protection –Superceeds DPA 1984 –DPA 1984 only applied to electronic records
Information Governance Data Protection Act 1998 Anyone processing personal data must comply with the eight enforceable principles of good practice. –fairly and lawfully processed; –processed for limited purposes; –adequate, relevant and not excessive; –accurate; –not kept longer than necessary; –processed in accordance with the data subject's rights; –secure; –not transferred to countries without adequate protection Enquiries about or Breaches of the Data Protection Act must be reported to the Information Governance Lead
Information Governance Data Protection Act 1998 Three main strands Notification Compliance with the Principles Rights of the data subject
Information Governance Records Management –Based on HSC 1999/053 for the record –This sets out the legal obligations of NHS bodies for keeping information in a proper manner –Gives guidelines on length of time to legally keep certain documents –Promotes good practice within the NHS –All employees have a responsibility to implement good records management
Information Governance Information Quality Assurance –Ensuring the quality of information captured and used. –Relates to the quality of the information recorded –To develop and reinforce a culture where high quality information is expected.
Information Governance Information Quality Assurance –Based on Data Accreditation guidelines mandated in Information for Health –Assuring the quality of information captured and used. –Standards for holding, obtaining, recording, using and sharing information. –Developing and reinforcing a culture where high quality information is expected and delivered.
Information Governance Freedom of Information Act 2000 –The Act gives a general right of access to all types of 'recorded' information held by public authorities, sets out exemptions from that right and places a number of obligations on public authorities.
Information Governance Information Quality Assurance –Focuses on Training Policies & Procedures Efficient and Effective Processes Communication and Feedback of Issues Accountability structures Analysis of Outputs for Completeness, Validity and Accuracy
Information Governance Freedom of Information 2000 –all public authorities have a duty to adopt and maintain a publication scheme. A publication scheme is a guide to the types of information that a public authority will routinely make available. –All enquiries regarding FoI should be forwarded to the Information Governance Lead
Information Governance Conclusion Read the Trusts policies and procedures to ensure you are aware of your responsibilities in keeping information confidential and secure Do not disclose information unless you have been given permission Ask if you are not sure Inform the Information Governance Lead of any breaches in confidentiality or information security
Information Governance Useful Web sites –Information Governance –Confidentiality: Code of Practice http://www.doh.gov.uk/ipu/confiden/protect/index.htm –Data protection http://www.dataprotection.gov.uk –For the Record http://www.info.doh.gov.uk/doh/coin4.nsf/12d101b4f7b73d020025693c0054 88a9/ecd5f68ba22dd17b002567390036ef68/$FILE/Hsc053.pdfhttp://www.info.doh.gov.uk/doh/coin4.nsf/12d101b4f7b73d020025693c0054 88a9/ecd5f68ba22dd17b002567390036ef68/$FILE/Hsc053.pdf –The Trusts Policies and Procedures www…..