Transcript Slide 1
Introduction to Information Governance (IG)
IG Policy Team NHS Connecting for Health
Key Learning Points
What is Information Governance?
What do YOU need To Do to make this work?
Follow the Caldicott Guidelines Provide a confidential service Comply with the Law Understand the Data Protection Act Principles Recognise a Freedom of Information Act request Follow the Records Management NHS Code Keep Information Secure Input Quality Information
What is IG?
IG is to do with how
NHS/Social Care
organisations and individuals
handle information
Information means:
Personal Sensitive Corporate E.g. Name, Date of Birth, Home address E.g. ethnicity, disease, medical condition, sexual life E.g. Contracts for suppliers, minutes of meetings, finance details
Handling information means
H
olding it securely and confidentially
O
btaining it fairly and efficiently
R
ecording it accurately and reliably
U
sing it effectively and ethically
S
haring it appropriately and lawfully
What is IG?
IG is to do with how NHS/Social Care organisations and individuals handle IG is a series of
best
information
practice
guidelines and principles of the
Law
to be followed by NHS/Social Care organisations and individuals
Core elements of IG
Data Protection Act 1998 Freedom of Information Act 2000 Information Security Standards – ISO/IEC 17799: 2005 and IS Management NHS Code of Practice The NHS Confidentiality Code of Practice The Records Management NHS Code of Practice Information Quality Assurance
IG Toolkit
Organisation Self Assessment against national set of standards. Annual submission.
Adopted by NHS, Social Care, GP and Commercial Third Parties.
Online Tool Process may be subject to internal and external audit Past reports available online For further information on the IG Toolkit go to:
www.igt.connectingforhealth.nhs.uk
What is IG?
IG is to do with how NHS/Social Care organisations and individuals handle IG is a series of best practice guidelines information and principles of the Law to be followed by NHS/Social Care organisations and individuals IG is the core foundation for high
quality healthcare
using good
quality information
IG is the responsibility of every employee!
What do YOU need To Do to make this work?
Confidentiality
Do not share without consent 1997 Caldicott Report The Caldicott Guardian
Follow the Confidentiality Caldicott Guidelines
1.
Justify the purpose of using confidential information 2.
3.
4.
5.
6.
Only use it when absolutely necessary Use the minimum required Allow access on a strict need to-know basis Understand your responsibility Understand and comply with the law
CDDFT Key Information Governance Staff
Caldicott Guardian –
Dr Alan McCulloch
Senior Information Risk Owner –
Sue Jacques
(Chief Operating Officer and Director of Finance) Data Protection Officer –
Lisa Wilson
(Head of Information Governance & IT Security) FOI Lead –
Joanna Tyrell (nee Jenkins)
If you are not sure, don’t disclose and seek further advice from your line Manager or Caldicott Guardian
Provide a Confidential Service
Protect
individual’s information by recording relevant data, accurately, consistently, keeping it secure and confidential.
Improve
Inform
a patient how their information is used and when it may be disclosed
Provide Choice Improve
Provide choice
to patients to decide whether their information can be disclosed Always look to
Improve
the way you/the organisation protects, informs and provides choice to the patient/clients/employees.
Personal information shared in confidence should not be used or disclosed further without the consent of the individual
(Common Law Duty of Confidence)
Comply with the Law
Data Protection Act 1998
–
It is your responsibility to understand the principles in relation to your role and your organisation The Data Protection Principles Personal data must be: 1.
Processed fairly and lawfully 2.
Processed for specified purposes 3.
Adequate, relevant and not excessive 4.
Accurate and up-to-date 5.
Not kept for longer than necessary 6.
Processed in accordance with the rights of data subjects 7.
Protected by appropriate security (practical and organisational) 8.
Not transferred outside the EEA without adequate protection
Comply with the Law
Can you recognise a Freedom of Information (FOI) Act Request?
Which of A or B is an FOI request?
What you need to know about FOI
Gives the public the right to access/view all non-personal public authority information upon request
Requests must be in writing
All staff must know who their FOI Lead access/refer to their contact details.
is and be able to
The requester may not and need not quote the FOI Act
The organisation must respond within 20 working days
Exemptions determine this.
may apply for non disclosure – FOI Lead will
What you need to know about FOI
Penalties for non compliance with or breach of the Act applies to the: • Organisation • Chief Executive • Possibly Individual staff
Follow the Records Management NHS Code of Practice
Best Practice guidance states:
All Staff have a legal and professional obligation to be responsible for any records which they create or use in the performance of their duties.
Any record created by an individual, up to the end of its retention period, is a public record and subject to Information requests (FOI and Subject Access).
Subject Access Request?
Record Lifecycle
Record Lifecycle
Creation Using Retention Appraisal Disposal
Create & log Quality information Use/handle in accordance with Data Protection Act Keep/maintain in line with NHS recommended Retention Schedule Determine whether records are worthy of permanent archival preservation Dispose appropriately according to policy
Record Quality Information
Keep all types of information: Accurate Up to date Complete – Including NHS Number Quick and easy to find Free from duplication Free from fragmentation
Better Healthcare
Keep Information Secure
It is your responsibility to keep all personal and sensitive information secure
Follow Organisation Policies Protect Information Physically Practice Password Management Transfer Information Securely Report Breaches of Security to Management
Information Governance is the responsibility of every employee, so keep up the good work and aim to be 100% compliant.
Further Guidance and useful links
DH: Confidentiality NHS Code of Practice DH: Records Management NHS Code of Practice The Data Protection Act 1998 The Freedom of Information Act 2000 The IG Policy Team website The Department of Health website Information Commissioners Office website (more information and guidance on FOI and DPA)