Presentation on theme: "Information Governance – Who Cares? Alistair Stewart Information Governance Co-ordinator."— Presentation transcript:
Information Governance – Who Cares? Alistair Stewart Information Governance Co-ordinator
Key Learning Points What is Information Governance? What do YOU need To Do to make this work? Follow the Caldicott Guidelines Provide a confidential service – Corporate and staff responsibility Comply with the Law Understand the Data Protection Act Principles Recognise a Freedom of Information Act request Follow the rules set out in Policies Keep Information Secure as you would your own personal details Strive for accuracy in recording and using information
Information Governance “Information governance aims to support the provision of high quality care by promoting the effective and appropriate use of information.” Confidentiality Data Protection Information Security Records Management Freedom of Information Data Quality Assurance IG is to do with how the NHS handles information
Handling information means: H olding it securely and confidentially O btaining it fairly and efficiently R ecording it accurately and reliably U sing it effectively and ethically S haring it appropriately and lawfully
Caldicott Principles Principle 1- Justify the purpose(s) Principle 2 -Don’t use patient-identifiable information unless it is absolutely necessary. Principle 3 -Use the minimum necessary patient ‑ identifiable information. Principle 4 -Access to patient ‑ identifiable information should be on a strict need to know basis. Principle 5 -Everyone should be aware of their responsibilities. Principle 6 -Understand and comply with the law
Data Protection Principles 1.Fairly and lawfully processed 2.Processed for limited purposes 3.Adequate, relevant and not excessive 4.Accurate and up to date 5.Not kept for longer than is necessary 6.Processed in line with rights of the individual 7.Kept Secure, and 8.Not transferred to countries without adequate protection.
Keep Information Secure Adhere to all Organisation Policies Adhere to all local and national Information Security Policies Protect Information Physically Practice Password Management Transfer Information Securely Report all actual and attempted breaches of Security to Management immediately It is your responsibility to keep all personal and sensitive information secure
Primary Care IG Baseline Benchmarking Information Governance and Data Quality Standards, Directed Enhanced Service, circular PCA(M)(2007)11 All practices should: –be compliant with a basic list of standards for information governance –have completed and implemented an action plan (agreed with the host NHS Board) on how they will improve data quality and information governance
Regulator powers: Data Protection Privacy Impact Assessment (PIA) DP registration changes Extended Powers & Penalties –Fines – up to £500,000 for reckless breaches –Enhanced powers of inspection –Prosecution - prison sentences for s55 offences –Wilful or reckless breach of the DP Principles leading to damage or distress
Regulator changes: Freedom of Information Model Publication Scheme consultation Sets out types of information routinely made available by a public authority. Should specify classes of information, how available, and if charge. Extension of the Act consultation Review of exemption briefings
NHS Scotland IG programme Standards & Toolkit Communications & Networks Education & Training Knowledge Base National IG Framework of Policies & Guidelines Developing & Implementing Fully Implemented Evaluation & Monitoring Changes Implemented Continuous Improvemen t Cycle
National IG Guidance NHS Scotland Code of Protecting Patient Confidentiality (reviewed) Caldicott Guardians Manual (reviewed) Caldicott Guardians Website available at Looking After Information: Staff Awareness leaflet produced Refreshed NHS Scotland Code of Practice in Records Management - Health and administrative records into single document IG is a series of best practice guidelines and principles of the Law to be followed by the NHS
Ongoing national IG activities Training requirements and awareness raising tools for NHSS staff Information Sharing Protocol (review) Evidence base for IG Standards Forum networking meetings IG is the core foundation for high quality healthcare using good quality information
Training and Awareness Looking after information leaflet DOTS module – scenario based Flying Start – modular based Medical Records material On-line package
Specialist e-Library – Knowledge Network IG Portal - IG Bulletin eHealth Website Further Information
Contacts NHSS IG Team: Alistair Stewart, Information Governance Co-ordinator, NHSS Kim Kingan, Information Governance Lead, SGHD David Armstrong, Enterprise Architect-Security, SGHD Robert Bryden, Records Management Lead, SGHD
Records stored in corridors Patient records removed from premises Password attached to IT equipment Computers stolen from Office Disc lost in mail containing personal information Lost Payslips Lost memory stick Could This Happen To You?
Discussion Consider your workplace in relation to the breaches shown and highlight any potential problem area. What solutions are available to you to reduce the risk?
Information Governance - Is the responsibility of every NHS Employee so let’s aim together to be 100% compliant and show that WE CARE