NIGB - National Information Governance Board for Health and

advertisement
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Building information governance
for personal health information
Karen Thomson
Information Governance Lead
19 March 2010
BCS ISSG Conference
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
• Role of the NIGB
• Definitions
• What are the issues with building
Information Governance for personal
health information
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
The role of the NIGB
• To support improvements in information
governance in health and social care
• To advise on the use of powers under
section 251 of the NHS Act 2006
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
The NIGB as a Statutory Body
• The NIGB is an Advisory Non-departmental
Public body
• Reports to the Secretary of State and of
Health
• Its Statutory powers support it in delivering
its terms of reference
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
The Care Record Guarantees
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
The NIGB has provided advice and
guidance on:
• Information governance during the swine flu
pandemic
• The implications of the Coroners and Justice
Bill
• Parental controls on information sharing for
children
• Access to clinical information by social workers
• The use of third parties to support
collaborative care
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
The NIGB Ethics and
Confidentiality Committee
• Provides a legal basis for the use of
information in medical research and other
NHS activities without consent
• Administers applications for support from
section 251 of the NHS Act 2006 and
advises on its use
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
What is information governance?
‘Information governance describes the
structures, policies and practices which are
used to ensure the confidentiality and security
of records of patients and service users.
Correctly developed and implemented it
enables the appropriate and ethical use of
information for the benefit of individuals and
the public good’.
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
What is personal health information?
DPA definition of “Personal data”
“Data which relate to a living individual who can be
identified –
a)
From those data, or
b)
From those data and other information, which is
in the possession of, or is likely to come into the
possession of the data controller…”
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
DPA definition of “Sensitive personal data”
“Personal data consisting of information as to –
(e) His physical or mental health or condition”
Or racial or ethnic origin, political opinions,
religious or other beliefs, membership of a
trade union, sexual life, the commission of any
offence or court proceedings related to any
offence.
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
NHS Act 2006 definition of “Patient information”
S251(10)(a)“Information (however recorded) which
relates to the physical or mental health or condition of
an individual, to the diagnosis of his condition or to his
care or treatment, and
(b) Information (however recorded) which is to any extent
derived from, directly or indirectly, from such
information,
whether or not the identity of the individual in question
is ascertainable from the information.”
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Definition of “Confidential patient information”
S251(11) “Patient information wherea) The identity of the individual in question is
ascertainable –
i. From that information, or
ii. From that information and other information
which is in the possession of, or likely to come
into the possession of, the person processing
the information, and
b) That information was obtained or generated by a
person who, in the circumstances, owed an
obligation of confidence to that individual.”
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
• Personal = Identifiability
• Health Information in broadest terms includes
derived data & could just be demographic
information
• Two sets of definitions whilst subtly different do
reflect one another.
• Information governance – how to use and
handle data appropriately to keep it confidential
and secure.
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Information Governance might be divided into a
number of areas:
• Data Protection & Confidentiality
• Information security & risk management
• Records management & information quality
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Confidentiality & Data Protection
Policies & procedures to cover:
– Consent for use & disclosure
– De-identification processes
– Information sharing protocols
– Fair & lawful processing & DP notification
– SARs & other DP requirements
– Offshore processing
– Confidentiality Code of Conduct
& demonstrate compliance with the Confidentiality Code
of Practice & NHS Care Record Guarantee
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Legal requirements
Legal requirements for processing
confidential personal data
Common law duty of Confidentiality
Data Protection Act 1998
Human Rights Act 1998
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
Common Law of Confidentiality
NIGB
• Information must be confidential in nature
• Information that is communicated as part of a
relationship where there is an expectation of
confidentiality
• May be limited by the circumstances
– Consent
– Statute/Court order
– Public interest favours disclosure
Legal and DH policy requirements are set out in
The NHS Confidentiality Code of Practice
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
Human Rights Act 1998
NIGB
• Right to freedom from interference by the
State in one’s privacy (Article 8)
• BUT breaches may be justified provided they
are “necessary [for]…public safety… [and] the
protection of health”
• Disclosures must be proportionate based on
the particular circumstances of individuals
• 3 tests – has there been interference with
privacy? is there justification? is the
justification proportionate to the breach?
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
Data Protection Act - 8 principles
NIGB
1) Fairly and lawfully;
2) Obtained for specific purposes and only
used for compatible purposes;
3) Adequate, relevant & not excessive;
4) Accurate
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
Data Protection Act - 8 principles
NIGB
5) Only kept for as long as necessary for the
agreed purpose;
6) In accordance with the rights of the subject;
7) Kept securely;
8) Only transferred outside EEA with equivalent
protections.
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Information security & risk management
Policies & procedures to cover:
– Business continuity & disaster recovery
– Physical & Network security
– Remote working & secure data transfer
– Access controls & management
– Data & media destruction
– Local data warehousing
– Cross boundary information sharing
To demonstrate compliance with the IS CoP
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Records Management & Information quality
Policies & procedures to cover:
– Record management
– Data flow mapping
– Retention & archiving
– Data quality including NHS number implementation
– Freedom of Information Act
– Environmental Information Regulations
– Re-use of public sector information regulations.
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Building information governance for
personal health information
• Reliable information available at the point of
care is essential to supporting quality care
• Information governance is about making it
available where and when it is needed to
support care whilst also protecting patient and
service user’s confidentiality and privacy
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
• Information security is not really the problem
• Most of the data losses and breaches due to
carelessness, stupidity or wrongdoing of
people, not weaknesses in systems
• IG is about helping humans to use systems
effectively and efficiently
• Technology supporting people
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
• Technology becomes a problem when “clunky”
or where changes to business processes are
necessary but not supported through training,
encourages workarounds
• Technology supporting people
• Staff supported through training
– Every level
– Specialist capacity to provide advice – IG managers,
SIROs, IAO.
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Technology can support people
• Allowing or preventing access & managing
where uncertain
• Prompts –
do you need to access?
why do you need to access?
• Audit trails – not just where made changes but
where viewed
• Alerts – direct reports & unusual patterns
analysis
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Supporting secondary uses of data
• De-identification tools
-
Data derivation
-
Pseudonymisation
• Electronic recording of consents & dissents
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Key Messages
• IG - Making personal health information
available where it is appropriate & necessary
• Preventing inappropriate access
• Transforming personal health information into
de-identified information for secondary uses or
recording consent to allow its use in identifiable
form
• Technology supporting people
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Contact details
•
•
•
•
www.nigb.nhs.uk
Phone us – 0207 633 7052
Email us – nigb@nhs.net
Write to us:
NIGB, Floor 7, New King’s Beam House
22 Upper Ground
London
SW1 9BW
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Questions?
Download