Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Information Governance Policy

advertisement 
Trust Informatics Policy
Information Governance
Information Governance Policy
Policy Reference: TIP/IG/IGP
Information Governance Policy
Information Assurance Manager
I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/Information Governance Policy
-1
Document Control
Policy Title
Author/Contact
Information Governance Policy
Pauline Nordoff-Tate – Information Assurance
Manager
Document Reference
TIP/IG/IGP
Version
3.2
Status
Approved
Publication Date
February 2004
Review Date
July 2012
Approved by
Dr P Williams, Caldicott
Guardian
10th August
2010
Ratified by
Information Governance
Group
10th August
2010
Distribution:
Royal Liverpool and Broadgreen University hospitals NHS Trust-intranet
Please note that the Intranet version of this document is the only version that
is maintained.
Any printed copies should therefore be viewed as “uncontrolled” and as such,
may not necessarily contain the latest updates and amendments.
Version
1
Date
02/02/2004
Author
A Penketh
04/12/2006
Comments
Approved by the Information
Governance Group
Amendments made and
reviewed and approved by
the Information Governance
Group
Notes new IGT standards
2
02/02/05
3
3.2
12/07/2010
Significant amendments
Information
Assurance
Manager
A Penketh
A Penketh
Review Process Prior to Ratification
NAME OF GROUP/DEPARTMENT/COMMITTEE
Information Governance Group
Information Governance Group
DATE
02/02/04
02/02/05
Information Governance Policy
Information Assurance Manager
I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/Information Governance Policy
-2
Information Governance Group (virtual meeting)
Information Governance Group (Virtual meeting)
21/01/07
10/08/10
Information Governance Policy
Information Assurance Manager
I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/Information Governance Policy
-3
Table of Contents
1.
Introduction
1.1
Equality and Diversity
5
5
2.
Objective
6
3.
Scope of Policy
6
4.
Policy
6
4.1
Protection of Information
7
4.2
Management of Records
8
4.3
Information Quality Assurance
8
4.4
Risk
9
5.
Roles and Responsibilities
9
6.
Associated documentation and references
9
7.
Training & Resources
10
8.
Monitoring and Audit
10
APPENDIX A – Supporting Legislation and Guidance
Information Governance Policy
Information Assurance Manager
I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/Information Governance Policy
-4
12
1.
Introduction
Information Governance ensures necessary safeguards for, and
appropriate use of, patient and personal information. Information is a
vital asset, both in terms of the clinical management of individual
patients and the efficient management of Trust services and resources.
It plays a key part in clinical governance, service planning and
performance management and decision-making. It is therefore of
paramount importance that information is effectively managed with
appropriate policies and procedures in place, and that management
accountability is identified to provide a robust information governance
framework to support the organisation.
The Trust Information Governance Policy is built on the work carried
out in relation to the Information Governance agenda, including
Information Quality Assurance, the Caldicott, Data Protection and
Information Security agendas and the Health and Corporate Records
Management agendas. Information governance needs to be allied
closely with advice and guidance from the Information Commissioner
and also includes initiatives such as Confidentiality: NHS Codes of
Practice, Information Governance Statement of Compliance, the
Operating Framework, the NHS Care Records Guarantee and has
been established in line with work carried out by the now long
established Information Governance Toolkit (IGT). The Information
Governance Lead within the Trust is via the Information Governance
Group which meets on a bi-monthly basis and includes the Director of
Information Management and Technology, and the Caldicott Guardian.
The IGT has undergone a major rewrite but still operates under the
following sub-headings:






1.1
Information Governance Management
Confidentiality and Data Protection Assurance
Information Security Assurance
Clinical Information Assurance
Secondary User Assurance
Corporate Information Assurance
Equality and Diversity
The Trust is committed to an environment that promotes equality and
embraces diversity in its performance as an employer and service
provider. It will adhere to legal and performance requirements and will
mainstream equality and diversity principles through its policies,
procedures and processes. This policy should be implemented with
due regard to this commitment.
To ensure that the implementation of this policy does not have an
adverse impact in response to the requirements of the Race Relations
(Amendment Act), the Disability Discrimination Act 2005, and the
Information Governance Policy
Information Assurance Manager
I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/Information Governance Policy
-5
Equality Act 2006 this policy has been screened for relevance during
the policy development process and a full impact assessment
conducted where necessary prior to consultation. The Trust will take
remedial action when necessary to address any unexpected or
unwarranted disparities and monitor practice to ensure that this policy
is fairly implemented.
This policy and procedure can be made available in alternative formats
on request including large print, Braille, moon, audio, and different
languages. To arrange this please refer to the Trust translation and
interpretation policy in the first instance.
The Trust will endeavour to make reasonable adjustments to
accommodate any employee/patient with particular equality and
diversity requirements in implementing this policy and procedure. This
may include accessibility of meeting/appointment venues, providing
translation, arranging an interpreter to attend appointments/meetings,
extending policy timeframes to enable translation to be undertaken, or
assistance with formulating any written statements.
2.
Objective
This document will detail the processes that must be adhered to in
ensuring that Information Governance is maintained within the Trust
comply with all guidance and legislation relating to this area.
3.
Scope of Policy
This policy applies to all staff employed by Royal Liverpool &
Broadgreen Hospitals NHS Trust, including bank, agency and locum
staff, students, voluntary staff, contractors and trainees on temporary
placement, those holding honorary contracts or subject to the joint
working authority with the Liverpool Chest and Heart Hospital.
4.
Policy
The Trust recognises the need for an appropriate balance between
openness and confidentiality in the management and use of
information. The Trust is publicly accountable and needs to ensure that
the principles of corporate governance are fully supported. An equal
importance must be placed on the need to ensure high standards of
information assurance, data protection and confidentiality to safeguard
personal and commercially sensitive information. The Trust also
recognises the need to share information with other health
organisations and other agencies in a controlled manner consistent
with the interests of the patient and in some circumstances, the public
interest. Underpinning this is the need for electronic and paper
information to be accurate, relevant, available when required and
processed appropriately, and measures must be taken to keep in line
with the information security agendas to safeguard personal data.
There are 4 key interlinked areas within Information Governance:
Information Governance Policy
Information Assurance Manager
I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/Information Governance Policy
-6
4.1
Protection of Information
This includes the implementation and maintenance of standards
associated with the Data Protection Act, the Freedom of Information
Act, Information Security Management: NHS Code of Practice
(ISO27001), the Confidentiality: NHS Code of Practice, the
pseudonymisation project and the Caldicott principles. There is a high
overlap with the Records Management Policy that details the
requirements for record retention and destruction.
In order to ensure high standards in this area:

The Trust will establish and maintain policies and procedures to
ensure the implementation of the Data Protection Act 1998,
Freedom of Information Act 2000, The Computer Misuse Act
1990, and any further related legislation and NHS guidance for
the effective and secure management and processing of its
information, it’s information assets and resources

The Trust will undertake or commission annual assessments
and audits of its levels of protection of information using the
Information Governance Toolkit version 8 and other available
mechanisms

The Trust will promote effective confidentiality, data protection
and security practice to staff through policies, procedures and
various methods of training

The Trust will ensure information assets are obtained and
documented throughout the Trust.

The Trust will maintain a risk log in conjunction with the North
Mersey Health Informatics Service (HIS).

The Trust will ensure a Senior Information Risk Owner (SIRO)
from the Trust Board.

The Trust will deliver a confidentiality and security work
Programme in line with the Information Governance Toolkit and
NHS Connecting for Health requirements.

The Trust will establish and maintain protocols for the controlled
and appropriate sharing of patient information with other
agencies, taking account of relevant legislation (e.g. Health and
Social Care Act, Crime and Disorder Act, Protection of Children
Act)

The Trust will initiate the planning for the Information Security
Standard ISO27001
Information Governance Policy
Information Assurance Manager
I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/Information Governance Policy
-7
4.2
Management of Records
This includes the implementation and maintenance of the records
management elements of the Clinical Negligence Scheme for Trusts
(CNST), the introduction of standards for health records and the
Freedom of Information Act. There is a high level of overlap with the
Protection of Information and with Information Quality Assurance
Policy.
In order to ensure high standards in this area:
4.3

The Trust will establish and maintain policies and procedures to
ensure compliance with the Freedom of Information Act, any
further related legislation and NHS guidance in relation to FOI
and Records Management

The Trust will undertake or commission annual assessments
and audits of its policies and arrangements for openness and
records management using the Information Governance Toolkit
and other available mechanisms

The Trust will have a strategy for dealing with Records
Management

The Trust will promote effective records management to staff
through policies, procedures/user manuals and training
Information Quality Assurance
This includes the implementation of information quality standards for
electronic and manual patient/staff information and the implementation
of the Clinical Information and Secondary User Assurance standards in
the Information Governance Toolkit. It has a high level of overlap with
Protection of Information and with Management of Records.
In order to ensure high standards in this area:

The Trust has established policies and procedures for
information quality assurance.

The Trust will maintain rigorous information quality validation
checks of data flows against national standards using both
internal reporting and externally available reports.

The Trust will undertake or commission annual assessments
and audits of its information quality using the Information
Governance Toolkit and other available mechanisms.

The Trust will promote information quality to staff through
policies, procedures/user manuals and training.
Information Governance Policy
Information Assurance Manager
I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/Information Governance Policy
-8
4.4
Risk
The Senior Information Risk Owner (SIRO) will be a Board member
and ensure the Trust has appropriate staff available to oversee the
completion of an Information Risk Register and its management. The
Trust must ensure that it operates within a robust Information
Governance framework to reduce the risk of both potential litigation and
compromise to patient care. Risk assessments will be carried out in
the individual component areas as required by the Information
Governance Toolkit.
5.
Roles and Responsibilities
This Policy is the responsibility of the Information Assurance Manager
having been ratified with the Information Governance Group. The policy
is available through the Trusts intranet and is referred to in information
assurance training.
It is the responsibility of all staff to familiarise themselves with this
policy and all related Informatics policies and documentation where
applicable.
It is the responsibility of all Divisional and Directorate Managers to
ensure the policy is disseminated to all staff, and that staff have read
and understood the policy.
Staff must ensure at all times that high standards of information quality,
data protection, integrity, confidentiality and records management are
met in compliance with the relevant legislation and NHS guidance.
Clinicians and managers must promote high standards of Information
Governance.
Information Governance paragraphs must be included in job
descriptions and contracts to ensure that all staff are aware of their
responsibilities.
6.
Associated documentation and references
This policy should be read in conjunction with all Informatics policies
found on the Intranet Policy website, which include:








Trust Information Assurance Policy
Trust Information Access Policy
Caldicott Report
Personal Information and Confidentiality Policy
Password Policy
Risk Management Policy (for IT)
Information Quality Policy
Records Management Policy and Strategy
Information Governance Policy
Information Assurance Manager
I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/Information Governance Policy
-9
Legislation to restrict disclosure of personal identifiable information:









The Freedom of Information Act 2000
The Data Protection Act 1998
The NHS Code of Confidentiality
The Privacy and Electronic Communications Regulations 2003
The Computer Misuse Act 1990
Human Fertilisation and Embryology (Disclosure of Information)
Act 1992
The National Health Service (Venereal Diseases) Regulations
1974 (S.I.1974/29)
Abortion Act 1967
The Adoption Act 1976
Legislation requiring disclosure of personal identifiable information:




7.
Public Health (Control of Diseases) Act 1984 & Public Health
(Infectious Diseases) Regulations 1985
Births and Deaths Act 1984
Police and Criminal Evidence Act 1984
The Records Management Code of Practice April 2006
Training & Resources
The implementation of policies in this area will be carried out across the
Trust by all involved staff and will be led by the Information Assurance
Manager and associated teams (Information Quality, Data Protection,
Information Security, Records Management, Freedom of Information
etc).
Information Governance elements will be included in standard Trust
induction, mandatory training programmes, specific data protection
training packages and electronic learning packages.
Managers will ensure that the relevant paragraphs are included in staff
job descriptions.
8.
Monitoring and Audit
The Information Governance Sub-Group is the Trust committee with
responsibility for the ratification of Information Governance Policies and
approval of work programmes. This group has senior level
representation, chaired by the Caldicott guardian, and supported from
all appropriate areas to ensure the Trust steers this agenda
appropriately. It receives regular reports from the Information
Assurance Manager and responsible staff dealing with all aspects of
Information Governance Policy
Information Assurance Manager
I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/Information Governance Policy
- 10
the agenda as outlined above, and approves central returns required
by the Information Governance Toolkit to NHS Connecting for Health.
The Information Governance Toolkit (IGT) will be used by the Trust to
conduct baseline audit and construct action plans for future compliance
with this agenda. The work programmes in the individual areas will be
created by adherence to the IGT standards and to the national
standards appropriate to the individual field of activity.
Information Governance Policy
Information Assurance Manager
I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/Information Governance Policy
- 11
APPENDIX A – Supporting Legislation and Guidance
The Data Protection Act 1998 Seventh Principle states:
“…Appropriate technical and organisational measures shall be taken
against unauthorised or unlawful processing of personal data and
against accidental loss or destruction of, or damage to, personal
data…”
Information Governance Policy
Information Assurance Manager
I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/Information Governance Policy
- 12
Related documents
EL PASO COUNTY COMMUNITY COLLEGE DISTRICT BOARD POLICY 2.01.01 DISTRICT GOVERNANCE
EL PASO COUNTY COMMUNITY COLLEGE DISTRICT BOARD POLICY 2.01.01 DISTRICT GOVERNANCE
STAFF ROLE IN GOVERNANCE AR 2140
STAFF ROLE IN GOVERNANCE AR 2140
Download
advertisement