Transcript Power Point Presentation

Information Governance –
Who Cares?
Alistair Stewart
Information Governance Co-ordinator
Key Learning Points
 What is Information Governance?
 What do YOU need To Do to make this work?
 Follow the Caldicott Guidelines
 Provide a confidential service – Corporate and staff
responsibility
 Comply with the Law
 Understand the Data Protection Act Principles
 Recognise a Freedom of Information Act request
 Follow the rules set out in Policies
 Keep Information Secure as you would your own
personal details
 Strive for accuracy in recording and using
information
Information Governance
“Information governance aims to support the
provision of high quality care by promoting the
effective and appropriate use of information.”
•
•
•
•
•
•
Confidentiality
Data Protection
Information Security
Records Management
Freedom of Information
Data Quality Assurance
IG is to do with
how the
NHS
handles
information
Handling information means:
• Holding it securely and confidentially
• Obtaining it fairly and efficiently
• Recording it accurately and reliably
• Using it effectively and ethically
• Sharing it appropriately and lawfully
Caldicott Principles
• Principle 1- Justify the purpose(s)
• Principle 2 - Don’t use patient-identifiable information
unless it is absolutely necessary.
• Principle 3 - Use the minimum necessary
patient-identifiable information.
• Principle 4 - Access to patient-identifiable
information should be on a strict need to know basis.
• Principle 5 - Everyone should be aware of their
responsibilities.
• Principle 6 - Understand and comply with the law
Data Protection Principles
1.
2.
3.
4.
5.
6.
Fairly and lawfully processed
Processed for limited purposes
Adequate, relevant and not excessive
Accurate and up to date
Not kept for longer than is necessary
Processed in line with rights of the
individual
7. Kept Secure, and
8. Not transferred to countries without
adequate protection.
Keep Information Secure
It is your responsibility to keep all personal and
sensitive information secure
 Adhere to all Organisation Policies
 Adhere to all local and national
Information Security Policies
 Protect Information Physically
 Practice Password Management
 Transfer Information Securely
 Report all actual and attempted
breaches of Security to
Management immediately
Primary Care IG Baseline
Benchmarking Information Governance and Data
Quality Standards, Directed Enhanced Service,
circular PCA(M)(2007)11
All practices should:
– be compliant with a basic list of standards for information
governance
– have completed and implemented an action plan (agreed with
the host NHS Board) on how they will improve data quality
and information governance
Regulator powers: Data Protection
• Privacy Impact Assessment (PIA)
• DP registration changes
• Extended Powers & Penalties
– Fines – up to £500,000 for reckless
breaches
– Enhanced powers of inspection
– Prosecution - prison sentences for s55
offences
– Wilful or reckless breach of the DP
Principles leading to damage or distress
http://www.ico.gov.uk
Regulator changes: Freedom of
Information
• Model Publication Scheme consultation
• Sets out types of information routinely
made available by a public authority.
• Should specify classes of information,
how available, and if charge.
• Extension of the Act consultation
• Review of exemption briefings
http://www.itspublicknowledge.info
NHS Scotland IG programme
Developing &
Implementing
Changes
Implemented
Continuous
Improvemen
t Cycle
Evaluation &
Monitoring
• Standards & Toolkit
• Communications &
Networks
• Education & Training
• Knowledge Base
• National IG Framework of
Policies & Guidelines
Fully
Implemented
National IG Guidance
• NHS Scotland Code of Protecting Patient Confidentiality
(reviewed)
• Caldicott Guardians Manual (reviewed)
• Caldicott Guardians Website available at
http://www.knowledge.scot.nhs.uk/caldicottguardians.aspx
• Looking After Information: Staff Awareness leaflet produced
• Refreshed NHS Scotland Code of Practice in Records
Management -Health and administrative records into single document
IG is a series of best
practice guidelines
and principles of the
Law to be followed
by the NHS
Ongoing national IG activities
• Training requirements and awareness raising
tools for NHSS staff
• Information Sharing Protocol (review)
• Evidence base for IG Standards
• Forum networking meetings
IG is the core
foundation for
high quality
healthcare using
good quality
information
Training and Awareness
•
•
•
•
•
Looking after information leaflet
DOTS module – scenario based
Flying Start – modular based
Medical Records material
On-line package
Further Information
Specialist e-Library – Knowledge Network
http://www.knowledge.scot.nhs.uk
IG Portal - IG Bulletin
http://www.elib.scot.nhs.uk/portal/ig/pages/index.aspx
eHealth Website
http://www.ehealth.scot.nhs.uk/
Contacts
NHSS IG Team: [email protected]
Alistair Stewart, Information Governance Co-ordinator, NHSS
[email protected]
Kim Kingan, Information Governance Lead, SGHD
[email protected]
David Armstrong, Enterprise Architect-Security, SGHD
[email protected]
Robert Bryden, Records Management Lead, SGHD
[email protected]
Could This Happen To You?
• Records stored in corridors
• Patient records removed from
premises
• Password attached to IT equipment
• Computers stolen from Office
• Disc lost in mail containing personal
information
• Lost Payslips
• Lost memory stick
Potential Breaches
Discussion
Consider your workplace in relation to
the breaches shown and highlight any
potential problem area.
What solutions are available to you to
reduce the risk?
Information Governance Is the responsibility of every NHS
Employee so let’s aim together to be
100% compliant and show that
WE CARE
Question time….