9 Information Governance/Data Policy Document Control Author/Contact: Version: Sheila Purser Caldicott Guardian and Mark Carhart Chair Primary Eyecare (Essex) Ltd 1 Information Governance / Data Policy Authorised/Ratified By: Primary Eyecare (Essex) Ltd Status: Current Publication Date: January 2014 Review Date: January 2015 Overview Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources. Primary Eyecare (Essex) Ltd aims to safeguard patient confidentiality and maintain data security. Information Governance (IG) is the way in which the company handles all of its information, in particular the personal and sensitive information relating to patients and sub-contractors. It provides a framework to ensure that personal information is dealt with legally, securely, efficiently and effectively, in order to deliver the best possible care. It also sets out a clear structure to deal consistently with the many different rules about how information is handled, including those set out in: The Data Protection Act 1998; The common law duty of confidentiality; The Confidentiality NHS Code of Practice; The Freedom of Information Act 2000. Our work will be guided by the following principles: Confidentiality Information must be secured against unauthorised access. Information Sharing Protocols must be in place for any data sharing. Integrity Information must be safeguarded against unauthorised modification. Efforts will be undertaken to ensure that all information is correct. Reviewed January 2014 Openness Information must be accessible to authorised users at times when they require it. Patients will have ready access to information relating to their own health care, their options for treatment and their rights as patients. The company complies with the eight data protection principles under the Data Protection Act 1988 in its processing of personal data in that such data is: - fairly and lawfully processed processed for limited purposes adequate, relevant and not excessive accurate and up to date not kept for longer than is necessary processed in line with patients’ rights secure not transferred to other countries without adequate protection The company complies with the six Caldicott principles: o Principle 1 – Justify the purpose(s) for using confidential information o Principle 2 – Only use it when absolutely necessary o Principle 3 – Use the minimum that is required o Principle 4 – Access should be on a strict need-to-know basis o Principle 5 – Everyone must understand his or her responsibilities o Principle 6 – Understand and comply with the law Non-confidential information on Primary Eyecare (Essex) Ltd and its services will be available to the public through a variety of media, including a Publication Scheme in line with the Freedom of Information Act. While the principles of Information Governance apply to all personnel and subcontractors of Primary Eyecare (Essex) Ltd, a structure is in place to monitor progress, minimise risks, advice and train staff, and ensure that Primary Eyecare (Essex) Ltd meets its legal responsibilities. Caldicott Guardian Primary Eyecare (Essex) Ltd have appointed a Caldicott Guardian - a senior person responsible for protecting the confidentiality of patient and service-user information and enabling appropriate information-sharing. Primary Eyecare (Essex) Ltd has appointed Sheila Purser to take on the role of Caldicott Guardian. Freedom of Information The administration of Freedom of Information (FOI) requests will be handled by the board of directors. The board will have a responsibility to ensure that requests are responded to within the 20 working day time limit. Primary Eyecare (Essex) Ltd has appointed the Caldicott Guardian as the lead on FOI. The company is registered with the Information Commissioner Registration No: ZA03672B Reviewed January 2014 All Sub-contractors must have an Information Governance/Data policy and provide assurance to Primary Eyecare (Essex) Ltd of this. All sub-contracting practices must be registered with the information commissioner. On an annual basis, the Board of Directors of Primary Eyecare (Essex) Ltd will review the information governance policy and compliance. Any matters of concerns arising will be dealt with on an ad-hoc basis. Reviewed January 2014