Presentation on theme: "Introduction to Information Governance (IG)"— Presentation transcript:
1Introduction to Information Governance (IG) IG Policy TeamNHS Connecting for Health
2Key Learning Points What is Information Governance? What do YOU need To Do to make this work?Follow the Caldicott GuidelinesProvide a confidential serviceComply with the LawUnderstand the Data Protection Act PrinciplesRecognise a Freedom of Information Act requestFollow the Records Management NHS CodeKeep Information SecureInput Quality Information
3What is IG?IG is to do with how NHS/Social Care organisations and individuals handle information
4Information means: Personal Sensitive Corporate E.g. Name, Date of Birth, Home addressSensitiveE.g. ethnicity, disease, medical condition, sexual lifeCorporateE.g. Contracts for suppliers, minutes of meetings, finance details
5Handling information means Holding it securely and confidentiallyObtaining it fairly and efficientlyRecording it accurately and reliablyUsing it effectively and ethicallySharing it appropriately and lawfully
6What is IG?IG is to do with how NHS/Social Care organisations and individuals handle informationIG is a series of best practice guidelines and principles of the Law to be followed by NHS/Social Care organisations and individuals
7Core elements of IG Data Protection Act 1998 Freedom of Information Act 2000Information Security Standards – ISO/IEC 17799: 2005 and IS Management NHS Code of PracticeThe NHS Confidentiality Code of PracticeThe Records Management NHS Code of PracticeInformation Quality Assurance
8IG ToolkitOrganisation Self Assessment against national set of standards. Annual submission.Adopted by NHS, Social Care, GP and Commercial Third Parties.Online ToolProcess may be subject to internal and external auditPast reports available onlineFor further information on the IG Toolkit go to:
9What is IG?IG is to do with how NHS/Social Care organisations and individuals handle informationIG is a series of best practice guidelines and principles of the Law to be followed by NHS/Social Care organisations and individualsIG is the core foundation for high quality healthcare using good quality information
10IG is the responsibility of every employee! What do YOU needTo Doto make this work?
11Confidentiality Do not share without consent The Caldicott Guardian 1997 Caldicott Report
12Follow the Confidentiality Caldicott Guidelines Justify the purpose of using confidential informationOnly use it when absolutely necessaryUse the minimum requiredAllow access on a strict need-to-know basisUnderstand your responsibilityUnderstand and comply with the law
13CDDFT Key Information Governance Staff Caldicott Guardian – Dr Alan McCullochSenior Information Risk Owner – Sue Jacques(Chief Operating Officer and Director of Finance)Data Protection Officer – Lisa Wilson(Head of Information Governance & IT Security)FOI Lead – Joanna Tyrell (nee Jenkins)
14If you are not sure, don’t disclose and seek further advice from your line Manager or Caldicott Guardian
15Provide a Confidential Service Protect individual’s information by recording relevant data, accurately, consistently, keeping it secure and confidential.Inform a patient how their information is used and when it may be disclosedProvide choice to patients to decide whether their information can be disclosedAlways look to Improve the way you/the organisation protects, informs and provides choice to the patient/clients/employees.ImproveProtectInformProvide ChoicePersonal information shared in confidence should not be used or disclosed further without the consent of the individual(Common Law Duty of Confidence)
16Comply with the LawData Protection Act 1998 – It is your responsibility to understand the principles in relation to your role and your organisationThe Data Protection PrinciplesPersonal data must be:Processed fairly and lawfullyProcessed for specified purposesAdequate, relevant and not excessiveAccurate and up-to-dateNot kept for longer than necessaryProcessed in accordance with the rights of data subjectsProtected by appropriate security (practical and organisational)Not transferred outside the EEA without adequate protection
17Comply with the LawCan you recognise a Freedom of Information (FOI) Act Request?Dear FOI LeadI have recently undergone an operation on my hip at your Trust and would like to see all the notes in my Health Record regarding this period of care.Please give me an indication of when this information can be provided to me.Yours sincerelyBetty BooI would like to know how much the Trust is spending on the refurbishment of the A&E ward, due to be completed in March 2007.Dear Sir/MadamI would like a list of the new medical and non medical equipment being purchased for this ward.Yours sincerelyMickey MouseABWhich of A or B is an FOI request?
18What you need to know about FOI Gives the public the right to access/view all non-personal public authority information upon requestRequests must be in writingAll staff must know who their FOI Lead is and be able to access/refer to their contact details.The requester may not and need not quote the FOI ActThe organisation must respond within 20 working daysExemptions may apply for non disclosure – FOI Lead will determine this.
19What you need to know about FOI Penalties for non compliance with or breach of the Act applies to the:OrganisationChief ExecutivePossibly Individual staff
20Follow the Records Management NHS Code of Practice Best Practice guidance states:All Staff have a legal and professional obligation to be responsible for any records which they create or use in the performance of their duties.Any record created by an individual, up to the end of its retention period, is a public record and subject to Information requests (FOI and Subject Access).Subject Access Request?
21Record Lifecycle Record Lifecycle Creation Using Retention Appraisal Close RecordRetentionAppraisalDisposalCreate & log Quality informationKeep/maintain in line with NHS recommended Retention ScheduleUse/handle in accordance with Data Protection ActDetermine whether records are worthy of permanent archival preservationDispose appropriately according to policy
22Record Quality Information }Keep all types of information:AccurateUp to dateComplete – Including NHS NumberQuick and easy to findFree from duplicationFree from fragmentationBetter Healthcare
23Keep Information Secure It is your responsibility to keep all personal and sensitiveinformation secureFollow Organisation PoliciesProtect Information PhysicallyPractice Password ManagementTransfer Information SecurelyReport Breaches of Security to Management
24Information Governance is the responsibility of every employee, so keep up the good work and aim to be 100% compliant.
25Further Guidance and useful links DH: Confidentiality NHS Code of PracticeDH: Records Management NHS Code of PracticeThe Data Protection Act 1998The Freedom of Information Act 2000The IG Policy Team websiteThe Department of Health websiteInformation Commissioners Office website (more information and guidance on FOI and DPA)