Information Governance Peter McKenzie Information Governance Manager NHS Tayside

Slides:



Advertisements
Similar presentations
NIGB Legal requirements for use of personal data in research OnCore UK / NRES Training workshop Ethical Principles relating to consent for use of samples.
Advertisements

NATIONAL INFORMATION GOVERNANCE BOARD
Nomination of IM&T Lead and Caldicott Guardian. Click hereClick here for guidance on the Caldicott Guardians Responsibilities. Work through the Information.
Information Governance, Love it or Hate it!
Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.
Records Management and the NHS Code of Practice (Foundation) Information Governance Policy Team NHS Connecting for Health.
Information Governance An Introduction. Information Governance Outline What is Information Governance What initiatives does IG cover.
Introduction to Information Governance (IG)
Records Management and the NHS Code of Practice (Foundation) Information Governance Policy Team NHS Connecting for Health.
Quick Guide to Undertaking an Information Governance Compliant Clinical Audit Project Wendy Harrison and Heather Sharp NHS Bradford and Airedale.
Confidentiality & Records Management. What is Information Governance? What is Records Management?
Data Protection.
Revised Caldicott Manual- Practice Managers Groups Revised Caldicott Manual – November 2008.
Information Sharing Options Phil Walker. Outline I have been asked to present a range of options for lawful data sharing. There is unlikely to be one.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection Data Protection Acts 1988 & 2003 Directive 95/46/EC Privacy.
DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   
Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Audit of Practice Around Record Keeping and Partner Notification Maeve Cross & Martin Murchie.
Data Protection for Church of Scotland Congregations
HSC Diploma and Apprenticeships Principles of communication in adult social care settings 301.
Your GP record and working together Dr Duncan Gooch and Tom Atack.
Implementation of Security and Confidentiality in GP Practices.
Health & Social Care Apprenticeships & Diploma
Scottish Health Informatics Programme (SHIP)
Patient Group Meeting 3 September WORDS OF WISDOM TELL ME – I WILL FORGET SHOW ME – I WILL REMEMBER INVOLVE ME – I WILL UNDERSTAND.
Falkland Surgery Data Sharing 16 th July 2013.
The Data Protection Act 1998 The Eight Principles.
Medical Informatics Patient Administration System.
GEOG3025 Confidentiality and social implications.
DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.
A Formal Security Model for Collaboration in Multi-agency Networks Salem Aljareh Newcastle University, UK Nick Rossiter & Michael Heather Northumbria University,
What is personal data? Personal data is data about an individual which they consider to be private.
The power of information Putting all of us in control of the health and care information we need Dr Susan Hamer National Director of Nursing, Midwifery.
The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.
Data Protection and Records Management. Key Responsibilities - Record Management Keep Information Accurate Disclose only if compatible with purpose for.
FGM – THE ENHANCED DATASET DR EMMA TUKMACHI LEAD GP FOR SAFEGUARDING CHILDREN IN TOWER HAMLETS.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
CALDICOTT PRESENTATION. History Caldicott report published in 1997 and implemented in 1999 Inquiry chaired by Dame Fiona Caldicott.
Your health record How the local NHS uses and protects the information held about you Other ways that your records may be used Your local NHS services.
Access to data for local authority public health AGW Public Health Network Training Event: Public Health Data, Information and Intelligence 11 th November.
Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.
Information Systems Unit 3.
This leaflet explains the purpose of Berkshire West Connected Care and how it works. It also gives information to help you decide whether you want to opt.
INFORMATION GOVERNANCE AND CONFIDENTIALITY Information Governance Facilitator.
Data Protection and research Rachael Maguire Records Manager.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
DATA PROTECTION AND RUNNING A COMPLIANT PUB WATCH SCHEME Nigel Connor Head of Legal –JD Wetherspoon PLC.
Partners in improving local health Slide 1 Information Governance & IT Security in the NHS Ian Davison, Director of Business Information Services Alison.
Data protection—training materials [Name and details of speaker]
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
National Statistics - access and disclosure issues for Vital Events data Allan Baker Office for National Statistics.
Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.
Information Governance A refresher for all staff who have previously gone through the full course.
General Data Protection Regulation (EU 2016/679)
Data Protection and Confidentiality
Data Protection & Freedom of Information- An Introduction
GDPR - Individual’s Rights
Data Protection principles
Data Protection and You
Information for Patients Please return to reception
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
Recording Clinical Data
How we use Your Health Records
D3 Confidentiality.
Information management and communication
General Data Protection Regulations 2018
Recording Clinical Data
Presentation transcript:

Information Governance Peter McKenzie Information Governance Manager NHS Tayside

Caldicott Approval The Caldicott Guardian has a responsibility to review and monitor all flows of information in NHS Tayside and all transfers of data outside of the organisation. Approval must be sought when creating an information sharing protocol to share patient identifiable information (PII) with another organisation proposals for research projects that will use PII collecting PII for the purposes of creating a new database

GP/practice nurse Walk-in centre Health Care Guides Visited at home Online Services Dentist Lab.Services Out of Hours and Direct Calls A&E Pharmacy Out Patients Inpatient Boards Caldicott Coverage

Caldicott Approval – to cover… research where data is used for any living patient (this also includes images, videos, charts etc). all use of NHS patient data even if you consider the data being held to be non-identifiable data. it is the responsibility of the Caldicott Guardian to review the use of all data and determine if it is appropriately anonymised to ensure that this it non- identifiable. if identifiable data is to be used then you must be able to justify the requirement for use of this data. all databases created for the purposes of research to hold patient identifiable data must also be registered for data protection purposes

Caldicott Principles Justify the purpose for using person identifiable information (PII) Only use PII when absolutely necessary Use only the minimum PII required Access is on a strict “need to know” basis Everyone must be aware of their responsibilities You must comply with the law

Caldicott Principles and Data Protection DP1 Fair & Lawful DP2 Specific Purposes DP3 Adequate, Relevant and Not Excessive DP4 Accurate DP5 Retention DP6 Individual' s Rights DP7 Held & Used Securely DP8 Safe Non- EEA Transfers C1 Justify the Purpose   C2 Necessary      C3 Minimum   C4 “Need to Know”     C5 Responsib ilities     C6 Comply with Law 

Caldicott Requirements The Caldicott Guardian has to ensure that proposals comply with Caldicott Principles and that the technical and operational arrangements that are proposed will safeguard the information to be provided: the justification for using PII? – linkage, other data sets what that data is? – data items physical or electronic where you will get the data from? – collected, manually or electronically extracted is data to be collected from more than one source?

Caldicott Requirements how you will get that data? – encrypted transfer, who will provide you with the data? – an authorised administrator, self, colleague, service who will have access to the data? – co-users, data entry, processors how you intend to protect the data given to you? – anonymisation, encryption, retention if individuals are to be contacted who will do that and how will that be done? – GP, responsible medical officer, researcher

Researcher NHS Tayside Systems Central Vision TOPAS MiDiS Health Informatics Centre NHS Generic Caldicott Approval If the study is limited to: a) using electronic data already held within, or accessed via HIC and will be undertaken using anonymised data or b) also includes data collected directly from a patient who has explicitly consented to its use for this research and it is anonymously linked to other electronic data held within, or accessed via, HIC …the study will not require explicit Caldicott Guardian approval. The researcher will have no access to any identifiable data. Any request for identifiable data will require specific Caldicott approval. Request for Anonymous Data Request for Identifiable Data Researcher Caldicott Approval Caldicott Arrangements - HIC

Live NHS Tayside System e.g. Central Vision System Administrator Where a study relies on electronic data already held in an NHS Tayside clinical information system then Caldicott Guardian approval is required. Access to systems requires the identification of the person accessing data to be recorded by means of a transaction log. Such logs are essential evidence of legitimate (in this case approved) access and form part of the person’s personal data. These records will be disclosed as part of any subject access request and any investigation of activity around patient’s records. The researcher will normally have no access to any identifiable data unless specific approval has been given. Request for Identifiable or Anonymous Data Researcher Caldicott Approval Caldicott Arrangements - Clinical Systems

Caldicott Approval Caldicott Approval is concerned with: controlling access to patient identifiable information ensuring that adequate operational data handling arrangements are in place that clearly establish responsibilities ensuring that adequate technical data handling arrangements are in place to safeguard the data maintaining the trust and reassurance of patients in our handling of their personal data

Information Governance Peter McKenzie Information Governance Manager NHS Tayside

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.