Information Mapping Guidance
TABLE OF CONTENTS
A. AN INTRODUCTION TO MAPPING INFORMATION
Why do information mapping?
What is an information flow?
Which information flows should be mapped?
What is meant by “person-identifiable” for this project?
B. GETTING STARTED - GUIDANCE FOR ADMINISTRATORS
1. SET UP AREAS FOR YOUR ORGANISATION
What is an area?
How do I create a new area?
How do I edit an area?
How do I delete an area?
2. SET UP DATA ITEMS FOR YOUR ORGANISATION
What is a data item?
How do I create a new data item?
How do I edit a data item?
How do I delete a data item?
3. SET UP LOCATIONS FOR YOUR ORGANISATION
What is a location?
How do I create a new location?
How do I edit a location?
How do I delete a location?
4. SET UP ACCESS FOR USERS IN YOUR ORGANISATION
How do I set up a new mapping user or mapping administrator?
How do I enable mapping or mapping administration for an existing user?
C. GETTING STARTED – GUIDANCE FOR USERS
How do I start?
How do I create a data flow?
How do I edit a data flow?
How do I delete a data flow?
Once I have created a data flow, how do I add another?
How can I create the same data flow in the opposite direction?
If I create a flow from Area A to Area B, will it also appear for Area B from Area A?
Where can I find help or example materials?
How do I run reports for an area?
How do I run reports for the whole organisation?
What should I do if a flow is at risk?
Why can’t I see the flows I created?
How can I export the data flows?
Page 1 of 14
Information Mapping Guidance
A. AN INTRODUCTION TO MAPPING INFORMATION
Why do information mapping?
Information mapping is important because it will help you to understand how data is
transferred to and from your organisation, and make sure that measures are in place to
ensure data is secure in transit and that it reaches its destination promptly and safely.
What is an information flow?
We would suggest that the following means
of transferring data should be mapped:







Email
Fax
Post/Courier – hard-copy or
electronic media
Text Message
Manual – e.g. USB stick, laptop
Automatic system transfer
Manual upload to system
Whilst clearly there are security issues
relating to other types of data transfer we
suggest excluding the following from a
data mapping exercise.
×
×
Phone call
Accessing a shared drive
Security awareness and training for these
types of transfer should be managed
separately.
Which information flows should be mapped?
Person-identifiable information that:


×
×
×
Flows between departments
Flows in/out of organisation
×
Includes manual/digital flows relating to
original and back up/copy data.
Non person-identifiable flows
Flows within departments
Patient case notes supporting
active care provision*
Automated flows between systems
*Patient case notes/health records exempt
from mapping will include those
transferred between health professionals
during normal episodes of care. Any
transfer of clinical records to courts,
solicitors, insurance companies etc or for
destruction or bulk transfer to external
locations should be mapped.
What is meant by person-identifiable for this project?

Contains person name and/or other items of data that could singly or compositely
identify the person to whom it relates.
NB: This includes staff as well as patient data.
Page 2 of 14
Information Mapping Guidance
B. GETTING STARTED - GUIDANCE FOR ADMINISTRATORS
1. SET UP AREAS FOR YOUR ORGANISATION
What is an area?
An area is a department within your organisation. A default list of areas has been provided for
each organisation type – this can be customised to suit the needs of each organisation.
When users start mapping they will add information flows to areas, to illustrate the flow of
information in and out of each department. As an administrator you can customise this list of
areas to suit the needs of your organisation.
How do I create a new area?
1.
Select the Area Administration option on the bottom right-hand side of the screen.
2.
Click on the New Area link in the top left of the screen.
3.
Enter the following information about the area:




4.
Area Description: (e.g. A&E)
Contact Name (i.e. name of person responsible for mapping that area)
Contact Tel. No.
Contact Email
Click the Create button.
To return to the list of areas, click Back to List of Areas link in the top right-hand side of the
screen.
How do I edit an area?
1.
Select the Area Administration option on the bottom right-hand side of the screen.
2.
Click on the Edit link next to the Area you want to edit.
Page 3 of 14
Information Mapping Guidance
3.
Edit any fields as required.
4.
Click the Update button.
To return to the list of areas, click Back to List of Areas link in the top right-hand side of the
screen.
How do I delete an area?
1.
Select the Area Administration option on the bottom right-hand side of the screen.
2.
Click on the Delete link next to the area you want to delete.
Note: You will only see the Delete link for areas with no associated data flows.
To return to the list of areas, click Back to List of Areas link in the top right-hand side of the
screen.
2. SET UP DATA ITEMS FOR YOUR ORGANISATION
What is a data item?
A data item is a piece of person-identifiable information which is transferred from one physical
location to another.
When users are mapping information, they have to choose from a list of data items. As an
administrator you can customise this list of data items to suit the needs of your organisation.
How do I create a new data item?
5.
Select the Data Item Administration option on the bottom right of the screen.
6.
Click on the New Data Item link in the top left of the screen.
7.
Enter the name of the data item in the Description field.
8.
Click the Create button.
Page 4 of 14
Information Mapping Guidance
To return to the list of data items, click Back to List of Data Items link in the top right of the
screen.
How do I edit a data item?
1.
Select the Data Item Administration option on the bottom right of the screen.
2.
Click on the Edit link next to the Data Item you want to edit.
3.
Make changes to the Description field as required.
4.
Click the Update button.
To return to the list of data items, click Back to List of Data Items link in the top right of the
screen.
How do I delete a data item?
1.
Select the Data Item Administration option on the bottom right of the screen.
2.
Click on the Delete link next to the data item you want to delete.
Note: You will only see the Delete link for data items where no associated flows exist.
To return to the list of data items, click Back to List of Data Items link in the top right of the
screen.
3. SET UP LOCATIONS FOR YOUR ORGANISATION
What is a location?
A location is an external organisation which sends information to or receives information from
your department.
When users are mapping information to or from these organisations, they have to choose
from a list. As an administrator you can customise this list of locations to suit the needs of
your organisation.
How do I create a new location?
1.
Select the Location Administration option on the bottom right-hand side of the screen.
2.
Click on the New Location link.
Page 5 of 14
Information Mapping Guidance
3.
Type the name of the location in the Description field.
4.
Click the Create button.
To return to the list of locations, click Back to List of Locations link in the top right-hand side
of the screen.
How do I edit a location?
1.
Select the Location Administration option on the bottom right-hand side of the screen.
2.
Click on the Edit link next to the location you want to edit.
3.
Make changes to the Description field as required.
4.
Click the Update button.
To return to the list of locations, click Back to List of Locations link in the top right-hand side
of the screen.
How do I delete a location?
1.
Select the Location Administration option on the bottom right-hand side of the screen.
2.
Click on the Delete link next to the location you want to delete.
Note: You will only see the Delete link for locations where no associated flows exist.
To return to the list of locations, click Back to List of Locations link in the top right-hand side
of the screen.
3. SET UP ACCESS FOR USERS IN YOUR ORGANISATION
Select the User Admin option on the bottom right-hand side of the screen.
Page 6 of 14
Information Mapping Guidance
How do I set up a new mapping user or mapping administrator?
1.
Create a new user by clicking the New User link.
2.
Fill in user details as required.
3.
Check checkboxes as required:
4.

Information Mapping User – can add, edit or delete data flows.

Information Mapping Administrator – same access as Information Mapping User
plus can use the Area, Data Item and Location administration screens.
Click Create to save your changes.
How do I enable mapping or mapping administration for an existing user?
5. Edit an existing user by clicking the Edit link next to the user name.
6. Check checkboxes as required:

Information Mapping User – can add, edit or delete data flows.

Information Mapping Administrator – same access as Information Mapping
User plus can use the Area, Data Item and Location administration screens.
Page 7 of 14
Information Mapping Guidance
7. Click on Update to save your changes.
C. GETTING STARTED – GUIDANCE FOR USERS
How do I start?
1.
Select the Information Mapping option on the bottom right-hand side of the screen.
2.
Choose the area you wish to map, and click the Edit link.
If your area is not listed you need to contact your administrator (their name should be listed at
the top of the screen) and they can create the area for you.
How do I create a data flow?
1.
To map flows going out of your area, click on the Outbound Flows tab (this should
show by default).
OR
To map flows coming into your area, click on the Inbound Flows tab.
Page 8 of 14
Information Mapping Guidance
2.
In the Type of Data field, select the type of data item from the list and optionally enter a
description of the data item in the Description field.
If the required data item is not here either:

Contact your administrator to request a new data item.
OR

Select “Other” from the list and enter name of data type in the Description
field.
3.
Check the Bulk checkbox if there is information about more than 50 people involved.
4.
Check the Sensitive checkbox if the data sent is sensitive.
[Sensitive data is information where loss, misdirection or loss of integrity could impact
adversely on individuals, the organisation or on the wider community. This is wider
than, but includes, data defined as sensitive under the Data Protection Act 1998. In
addition to personal and clinical information, financial and security information is also
likely to be deemed “sensitive”.]
5.
For outbound flows, under “1. WHERE IS THIS DATA GOING?”:

In the Location Type field, if the data is going outside of your organisation select
“External”; otherwise select “Internal” from the list.

Select the Create Corresponding Inbound Flow checkbox if you wish to create
an identical flow in the opposite direction.
(See How can I create the same data flow in the opposite direction?)

In the Data Destination field, select the area the data is going to from the
dropdown list.

In the Description field, enter a description of the data destination (optional).
OR
For inbound flows, under “1. WHERE IS THIS DATA COMING FROM?”:
6.

In the Location Type field, if the data is coming from within your organisation
select “Internal”, otherwise select “External” from the list.

Select the Create Corresponding Outbound Flow checkbox if you wish to
create an identical flow in the opposite direction.
(See How can I create the same data flow in the opposite direction? )

In the Data Source field, select an area from the dropdown list.

In the Description field, enter a description of the data source (optional).
In the “2. HOW IS THE DATA TRANSFERRED?” section:
Page 9 of 14
Information Mapping Guidance

Tick the appropriate boxes to indicate which methods of transfer are used i.e.

Automatic System Transfer
(Data moves automatically from one system to another)
 Answer related questions to determine risk.

Email
 Answer related questions to determine risk.

Fax
 Answer related questions to determine risk.

Manual e.g. USB Stick
(This is anything transported/delivered by hand by a member of staff)
 [No related questions – always a risk if the data is sensitive]

Manual Upload to System
(Staff manually load data onto an external system or database)
 Answer related questions to determine risk.

Post/Courier
 Answer related questions to determine risk.

Text Message
 [No related questions – always a risk if the data is sensitive]

For each method chosen, tick the checkboxes appropriate to this information
flow. These checkboxes will change according to the data source.

Click the Create button.

You will then see the flow listed at the bottom of the screen with an indication of
whether this flow is at risk or not.
Note: Creating, updating or deleting an internal flow also creates, updates or deletes the
'matching' flow in the other direction, e.g. Area A’s outbound flow to Area B is synchronised
with the Area B’s inbound flow from Area A.
How do I edit a data flow?
1.
Edit your area, and select either Outbound Flows or Inbound Flows tab.
2.
Scroll to the bottom of the screen and click the Edit link next to the flow you wish to
work on.
3.
Once you have finished editing, click Update to save, or Cancel to cancel changes.
Page 10 of 14
Information Mapping Guidance
How do I delete a data flow?
1.
Edit your area, and select either Outbound Flows or Inbound Flows tab.
2.
Scroll to the bottom of the screen and click the Edit link next to the flow you wish to
delete.
3.
Click the Delete button at the bottom to permanently delete the flow.
Once I have created a data flow, how do I add another?
Once you have created a flow, you can create another one by clicking the Add New Flow
button.
Alternatively, if the new flow is similar to the one you have just created i.e. if you are entering
multiple data flows which are:

the same data item going to multiple locations
OR

different data items going to the same location
...it is quicker to use the Copy link at the bottom of the screen next to the flow you wish to
copy, rather than create a new flow from scratch. Then change the necessary fields and click
Create.
Page 11 of 14
Information Mapping Guidance
How can I create the same data flow in the opposite direction?
There is a checkbox on the Information Mapping screen, just to the right of the Location
Type dropdown list.

When adding a new outbound flow, you can check the 'Create Corresponding
Inbound Flow' checkbox.

When adding a new inbound flow, you can check the 'Create Corresponding
Outbound Flow' checkbox.
This creates a completely separate flow which is the reverse of the flow being created i.e. if a
flow goes from A to B, you can create the equivalent flow coming from B to A. This will save
you time if the same flow is going in both directions.
Note: There is no link between the two flows once they have been created; either flow can be
amended, updated or deleted as required without affecting the other flow in any way.
If I create a flow from Area A to Area B, will the same flow appear for Area B
from Area A?
Yes. Creating, updating or deleting an internal flow also creates, updates or deletes the
'matching' flow in the other direction, e.g. Area A’s outbound flow to Area B is synchronised
with the Area B’s inbound flow from Area A.
Where can I find help or example materials?

Select the Information Mapping option on the bottom right-hand side of the screen.

Click the Information Mapping Guidance link in the top right-hand corner.

Select from the list of guidance materials provided (click on links to open the
documents).
How do I run reports for an area?
1.
Select the Information Mapping option on the bottom right-hand side of the screen.
2.
Select the Report link next to the area you are interested in.
Page 12 of 14
Information Mapping Guidance
(If there is no Report link & it says “No Flows To Report On”, this means that no
information flows have been created for this area. Once you create some information
flows, the Report link should appear.)
3.
Select which report you wish to view from the list:



Report by Risk:
Report by Delivery Method:
Report by Direction:
Separates flows into those at risk and those not.
Separates flows by the delivery method used.
Separates flows into inbound and outbound flows.
How do I run reports for the whole organisation?
1.
Select the Information Mapping option on the bottom right-hand side of the screen.
2.
Click on the View Reports For All Areas link.
3.
Select which report you wish to view from the list:



Report by Risk:
Report by Delivery Method:
Report by Direction:
Separates flows into those at risk and those not.
Separates flows by the delivery method used.
Separates flows into inbound and outbound flows.
What should I do if a flow is at risk?
To find out why a flow is at risk you can do the following:

Run the Report by Delivery Method to highlight which delivery methods have put the
flow at risk.

View the Risk Assessment flow maps (in the Guidance section) to see when risk is
associated with particular flows of information.
If any data flows are flagged as a risk by the system, we recommend that you carry out the
following steps:
Page 13 of 14
Information Mapping Guidance
1.
Carry out a risk assessment of any data flows flagged as a risk, and consider what
would happen if the data in question went missing.
2.
Immediately suspend the flows which you consider to be a serious risk, until a secure
method of transferring the data can be implemented.
Why can’t I see the flows I created?
When you have created a flow, the details of the flow will still be displayed on the page. If you
make changes and click the Update button, you will be editing the existing flow and not
creating a new flow.
If you wish to create a new flow, use the Add New Flow button or the Copy link (see Once I
have created a data flow, how do I add another?)
How can I export the data flows?
If you need to export the data you have entered onto the mapping tool to an external system
e.g. a corporate risk register, you can copy it from a report into a spreadsheet as follows.
Once it is in spreadsheet format it can be exported into most other systems.
1.
Run the required report (see How do I run reports for an area?).
2.
Click the Printable Version of Report link at the bottom of the page.
3.
Select Edit – Select All (or Ctrl + A).
4.
Select Edit – Copy (or Ctrl + C).
5.
Open Microsoft Excel and create a new document.
6.
Select Edit – Paste (or Ctrl + V).
You can also paste the data into other applications if necessary, such as Word or PowerPoint.
Page 14 of 14