Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Governance Jym Bates Head of Information Assurance.

Published byMoris Merritt Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Governance Jym Bates Head of Information Assurance."— Presentation transcript:

1 Information Governance Jym Bates Head of Information Assurance

2 What Is Information Governance? Data Protection Data Protection Freedom Of Information Freedom Of Information Information Security Information Security

3 Relevant Policies Data Protection Act 1998 (and subsequent Special Information Notices) Data Protection Act 1998 (and subsequent Special Information Notices) Human Rights Act 1998 Human Rights Act 1998 Access to Health Records act 1990 (where not superseded by the Data Protection Act 1998) Access to Health Records act 1990 (where not superseded by the Data Protection Act 1998) Computer Misuse Act 1990 Computer Misuse Act 1990 Copyright, Designs and Patents Act 1988 (as amended by the Copyright, Designs and Patents Act 1988 (as amended by the Copyright (Computer Programs) Regulations 1992). Copyright (Computer Programs) Regulations 1992). Crime & Disorder Act 1998 Crime & Disorder Act 1998 Electronic Communications Act 2000 Electronic Communications Act 2000 Regulation of Investigatory Powers Act 2000 (& Lawful Business Regulation of Investigatory Powers Act 2000 (& Lawful Business Practice Regulations 2000 Practice Regulations 2000 Freedom of Information Act 2000 Freedom of Information Act 2000 Gender Recognition Act 2004 Gender Recognition Act 2004

4 Email Ownership of emails Ownership of emails Addressing emails Addressing emails Personal emails Personal emails Freedom of information Freedom of information Attachments Attachments Spam Spam Why it occursWhy it occurs Actions to takeActions to take

5 Internet Use Personal access Personal access Out of working hoursOut of working hours Monitoring - Disciplinary Action Monitoring - Disciplinary Action Not to be viewed Not to be viewed Adult/Sexually explicit topicAdult/Sexually explicit topic HackingHacking Alcohol & TobaccoAlcohol & Tobacco SpywareSpyware Intolerance & HateIntolerance & Hate Criminal ActivityCriminal Activity GamblingGambling Personals & DatingPersonals & Dating Tasteless & OffensiveTasteless & Offensive Glamour & Intimate ApparelGlamour & Intimate Apparel Illegal DrugsIllegal Drugs ViolenceViolence WeaponsWeapons Streaming Media DownloadsStreaming Media Downloads ChatChat

6 Data Protection Act Security of Person Identifiable Information (PII) Security of Person Identifiable Information (PII) Confidentiality Confidentiality Storage Storage Transfer Transfer

7 Principles of the Data Protection Act Fairly and lawfully processed Fairly and lawfully processed Processed for limited purposes Processed for limited purposes Adequate, relevant and not excessive Adequate, relevant and not excessive Accurate and up to date Accurate and up to date Not kept for longer than is necessary Not kept for longer than is necessary Processed in line with your rights Processed in line with your rights Secure Secure Not transferred to other countries without adequate protection Not transferred to other countries without adequate protection

8 Confidentiality Security risks Security risks Not following the clear desk policyNot following the clear desk policy Not logging off a PC when it is not being usedNot logging off a PC when it is not being used Talk e.g. the canteenTalk e.g. the canteen Telephone conversations e.g. open wardTelephone conversations e.g. open ward Patients seeing their own notesPatients seeing their own notes

9 Storage of PII - Electronic PII must not be stored on: - PII must not be stored on: - Unencrypted laptopsUnencrypted laptops Non Biometric USB memory sticksNon Biometric USB memory sticks CDROM / DVD unless encryptedCDROM / DVD unless encrypted External hard drives unless encryptedExternal hard drives unless encrypted Any home PCAny home PC Any PC not on central storageAny PC not on central storage

10 Storage of PII - Paper Medical notes must be held in Medical Records, in a locked office or in a locked notes trolley Medical notes must be held in Medical Records, in a locked office or in a locked notes trolley Any PII should always be locked in a filing cabinet or desk drawer unless it is in a secure office Any PII should always be locked in a filing cabinet or desk drawer unless it is in a secure office

11 Transfer of PII – Electronic Whenever possible PII should not be transferred Whenever possible PII should not be transferred Email should not be used unless it is encrypted Email should not be used unless it is encrypted PII should only be uploaded to secure web sites PII should only be uploaded to secure web sites For support please contact ISC Help Desk For support please contact ISC Help Desk

12 Transfer of PII – Paper / Letters Whenever possible PII should not be transferred Whenever possible PII should not be transferred Ensure that the correct information is being sent to the correct person Ensure that the correct information is being sent to the correct person Any letters containing PII should be clearly addressed ‘Private & Confidential’ and only this & the contact details should be visible Any letters containing PII should be clearly addressed ‘Private & Confidential’ and only this & the contact details should be visible Requests for tests etc must always be sealed in an envelope Requests for tests etc must always be sealed in an envelope Use of Fax Machines should be discouraged Use of Fax Machines should be discouraged

13 Transfer of PII – Medical Notes The location of medical records should always be entered on the PAS tracking system The location of medical records should always be entered on the PAS tracking system Medical records must always be sealed in an envelope Medical records must always be sealed in an envelope Staff should not ferry casenotes to other locations in their cars Staff should not ferry casenotes to other locations in their cars

14 Viruses A virus is a malicious code that can affect an individual PC or entire network A virus is a malicious code that can affect an individual PC or entire network The Trust has a comprehensive virus scanning and damage control system that starts up when a PC is turned on The Trust has a comprehensive virus scanning and damage control system that starts up when a PC is turned on Major sources are: - Major sources are: - Unsolicited emailsUnsolicited emails Unlicensed softwareUnlicensed software

15 Passwords You must never let anyone use the password to your PC or any software you use You must never let anyone use the password to your PC or any software you use Do not keep lists of your passwords Do not keep lists of your passwords Regularly change your password Regularly change your password Passwords must contain at least one number, one lowercase letter and one uppercase letter. Passwords must contain at least one number, one lowercase letter and one uppercase letter.

16 Unlicensed Software The only software allowed on Trust PCs are the systems purchased by the trust The only software allowed on Trust PCs are the systems purchased by the trust You are not allowed to load any software onto a Trust PC You are not allowed to load any software onto a Trust PC Please contact ISC Help Desk if you require a programme for your work Please contact ISC Help Desk if you require a programme for your work

17 PII and Audit / Research Always review the need for PII. Could you just use an allocated patient identifier Always review the need for PII. Could you just use an allocated patient identifier The NHS number with no further PII is acceptableThe NHS number with no further PII is acceptable Do not pull off PII from a system unless you are allowed to do so. Do not pull off PII from a system unless you are allowed to do so. Requests for reports should go through ISC Help Desk or individual Business Information SpecialistsRequests for reports should go through ISC Help Desk or individual Business Information Specialists

18 Guidance Check the Trust’s Information Governance Policies on Synapse in Check the Trust’s Information Governance Policies on Synapse in Email Email InformationSecurity&xxxxxxxxxxxxxx@ xxxx.xxx.xxInformationSecurity&xxxxxxxxxxxxxx@ xxxx.xxx.xxInformationSecurity&xxxxxxxxxxxxxx@ xxxx.xxx.xxInformationSecurity&xxxxxxxxxxxxxx@ xxxx.xxx.xx Telephone Telephone (0161 20) 62601(0161 20) 62601

Download ppt "Information Governance Jym Bates Head of Information Assurance."

Similar presentations

Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.

Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
Confidentiality & Records Management. What is Information Governance? What is Records Management?

Confidentiality & Records Management. What is Information Governance? What is Records Management?
Legal Implications of ICT. In this section will look at: Legal Implications of ICT: ☼ Data Protection Act 1998 ◦ The 8 Principles, ◦ The Data Subject.

Legal Implications of ICT. In this section will look at: Legal Implications of ICT: ☼ Data Protection Act 1998 ◦ The 8 Principles, ◦ The Data Subject.
Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,

Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,
Training prepared by Geoff Webb Information Security & Governance Consultant Data Protection isn’t a choice, it’s the law What all CPH staff must do 17/07/2013.

Training prepared by Geoff Webb Information Security & Governance Consultant Data Protection isn’t a choice, it’s the law What all CPH staff must do 17/07/2013.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
IT Security Essentials Ian Lazerwitz, Information Security Officer.

IT Security Essentials Ian Lazerwitz, Information Security Officer.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
3 Is there something I should know? Exercising our rights.

3 Is there something I should know? Exercising our rights.
By Mrs. Smith DATA INTEGRITY AND SECURITY. Accurate Complete Valid Data Integrity.

By Mrs. Smith DATA INTEGRITY AND SECURITY. Accurate Complete Valid Data Integrity.
10 Essential Security Measures PA Turnpike Commission.

10 Essential Security Measures PA Turnpike Commission.
DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales  2074 6677  2074 5626 

DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA HIPAA Basic.

HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
HIPAA Privacy & Security EVMS Health Services 2004 Training.

HIPAA Privacy & Security EVMS Health Services 2004 Training.
The Legal Framework Can you work out which slide each bullet point should go on?!

The Legal Framework Can you work out which slide each bullet point should go on?!
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.

CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.

Similar presentations

Ads by Google