Information Governance An Introduction Information Governance Outline • What is Information Governance • What initiatives does IG cover Information Governance Information Governance “is a framework for handling personal information in a confidential and secure manner to appropriate ethical and quality standards in a modern health service” Information Governance contents • • • • • • • • • Caldicott Confidentiality: NHS Code of Practice BS7799 / ISO 17799 Information Security Management Data Protection Act 1998 Records Management - HSC 1999/053 for the record Information Quality Assurance – Data Accreditation Freedom of Information Act 2001 Controls Assurance – IM&T and Records Management Plus other standards and initiatives yet to be defined Information Governance Service Health Service Functions Quality Research Management Caldicott Report The Law: DPA 1998 Data Accreditation Process Human Rights Act 1998 Data quality audit Freedom of Information Act 2000 HSC 1999/053 Security & confidentiality audit Common Law Records Management EPR ISO17799 /Common Clinical Systems NHS Numbers project Quality NSTS/Exeter Risk Management Professional regulations Controls Assurance Ethics, Ethnicity& Beliefs Local Traditions & Practices Choice Technological & Sociological Change Seamless Services Protection Privacy Information Governance • Standards drawn together from the core Information Governance initiative • Underpins the ICRS • Modelled around • • • • • Holding information securely and confidentially Obtaining information fairly and efficiently Recording information accurately and reliably Using information effectively and ethically Sharing information appropriately and lawfully Information Governance Caldicott • Confidentiality: Code of Practice • Confidentiality covers ALL TYPES of information • Caldicott Principles (applies to patient information) • • • • • • Justify the purpose(s) for using confidential information Only use it when absolutely necessary Use the minimum that is required Access should be on a strict need-to-know basis Everyone must understand their responsibilities Understand and comply with the law Information Governance Confidentiality: Code of practice – read it – Gives guidance on when consent is required to share/disclose information – This will be covered by the Trusts policies and procedures – Do not share/disclose information without guidance from your line manager and the Information Governance Lead Employees must report any breaches in confidentiality to the Information Governance Lead Information Governance • Confidentiality – Common Law – Duty of Confidence All NHS bodies and those carrying out functions on behalf of the NHS have a common law duty of confidentiality to patients and an duty to maintain professional ethical standards of confidentiality Information Governance • Information Security – Based on ISO 17799 Code of Practice Information Security Management – Controls Assurance IM&T Employees must report any breaches in information security to the Information Governance Lead Information Governance Employee’s Responsibilities Employee’s MUST not • Divulge their password to anyone • Allow other users to access a system whilst logged in under their password • Share any information with any persons not authorised to see it • Attempt to access any system or information they are not authorised to do so Information Governance • Data Protection – Superceeds DPA 1984 – DPA 1984 only applied to electronic records Information Governance • Data Protection Act 1998 Anyone processing personal data must comply with the eight enforceable principles of good practice. – – – – – – – – fairly and lawfully processed; processed for limited purposes; adequate, relevant and not excessive; accurate; not kept longer than necessary; processed in accordance with the data subject's rights; secure; not transferred to countries without adequate protection Enquiries about or Breaches of the Data Protection Act must be reported to the Information Governance Lead Information Governance Data Protection Act 1998 Three main strands • Notification • Compliance with the Principles • Rights of the data subject Information Governance • Records Management – Based on HSC 1999/053 for the record – This sets out the legal obligations of NHS bodies for keeping information in a proper manner – Gives guidelines on length of time to legally keep certain documents – Promotes good practice within the NHS – All employees have a responsibility to implement good records management Information Governance • Information Quality Assurance – Ensuring the quality of information captured and used. – Relates to the quality of the information recorded – To develop and reinforce a culture where high quality information is expected. Information Governance • Information Quality Assurance – Based on Data Accreditation guidelines mandated in Information for Health – Assuring the quality of information captured and used. – Standards for holding, obtaining, recording, using and sharing information. – Developing and reinforcing a culture where high quality information is expected and delivered. Information Governance • Freedom of Information Act 2000 – The Act gives a general right of access to all types of 'recorded' information held by public authorities, sets out exemptions from that right and places a number of obligations on public authorities. Information Governance • Information Quality Assurance – Focuses on • • • • • • Training Policies & Procedures Efficient and Effective Processes Communication and Feedback of Issues Accountability structures Analysis of Outputs for Completeness, Validity and Accuracy Information Governance • Freedom of Information 2000 – all public authorities have a duty to adopt and maintain a publication scheme. A publication scheme is a guide to the types of information that a public authority will routinely make available. – All enquiries regarding FoI should be forwarded to the Information Governance Lead Information Governance • • • • Conclusion Read the Trusts policies and procedures to ensure you are aware of your responsibilities in keeping information confidential and secure Do not disclose information unless you have been given permission Ask if you are not sure Inform the Information Governance Lead of any breaches in confidentiality or information security Information Governance • Useful Web sites – Information Governance – Confidentiality: Code of Practice • http://www.doh.gov.uk/ipu/confiden/protect/index.htm – Data protection • http://www.dataprotection.gov.uk – For the Record • http://www.info.doh.gov.uk/doh/coin4.nsf/12d101b4f7b73d020025693c00548 8a9/ecd5f68ba22dd17b002567390036ef68/$FILE/Hsc053.pdf – The Trusts Policies and Procedures • www…..