Information Governance Toolkit

advertisement
Information Governance
An Introduction
Information Governance
Outline
• What is Information Governance
• What initiatives does IG cover
Information Governance
Information Governance
“is a framework for handling personal
information in a confidential and secure
manner to appropriate ethical and quality
standards in a modern health service”
Information Governance
contents
•
•
•
•
•
•
•
•
•
Caldicott
Confidentiality: NHS Code of Practice
BS7799 / ISO 17799 Information Security Management
Data Protection Act 1998
Records Management - HSC 1999/053 for the record
Information Quality Assurance – Data Accreditation
Freedom of Information Act 2001
Controls Assurance – IM&T and Records Management
Plus other standards and initiatives yet to be defined
Information Governance
Service
Health Service Functions
Quality
Research
Management
Caldicott Report
The Law: DPA 1998
Data Accreditation Process
Human Rights Act 1998
Data quality audit
Freedom of Information Act 2000
HSC 1999/053 Security & confidentiality audit
Common Law
Records Management
EPR
ISO17799
/Common Clinical Systems NHS Numbers project
Quality
NSTS/Exeter
Risk Management
Professional regulations
Controls Assurance
Ethics, Ethnicity& Beliefs
Local Traditions & Practices
Choice
Technological & Sociological Change
Seamless Services
Protection
Privacy
Information Governance
• Standards drawn together from the core
Information Governance initiative
• Underpins the ICRS
• Modelled around
•
•
•
•
•
Holding information securely and confidentially
Obtaining information fairly and efficiently
Recording information accurately and reliably
Using information effectively and ethically
Sharing information appropriately and lawfully
Information Governance
Caldicott
• Confidentiality: Code of Practice
• Confidentiality covers ALL TYPES of information
• Caldicott Principles (applies to patient information)
•
•
•
•
•
•
Justify the purpose(s) for using confidential information
Only use it when absolutely necessary
Use the minimum that is required
Access should be on a strict need-to-know basis
Everyone must understand their responsibilities
Understand and comply with the law
Information Governance
Confidentiality: Code of practice – read it
– Gives guidance on when consent is required to
share/disclose information
– This will be covered by the Trusts policies and
procedures
– Do not share/disclose information without guidance
from your line manager and the Information
Governance Lead
Employees must report any breaches in confidentiality
to the Information Governance Lead
Information Governance
• Confidentiality
– Common Law – Duty of Confidence
All NHS bodies and those carrying out functions
on behalf of the NHS have a common law
duty of confidentiality to patients and an duty
to maintain professional ethical standards of
confidentiality
Information Governance
• Information Security
– Based on ISO 17799 Code of Practice
Information Security Management
– Controls Assurance IM&T
Employees must report any breaches in
information security to the Information
Governance Lead
Information Governance
Employee’s Responsibilities
Employee’s MUST not
• Divulge their password to anyone
• Allow other users to access a system whilst
logged in under their password
• Share any information with any persons not
authorised to see it
• Attempt to access any system or information
they are not authorised to do so
Information Governance
• Data Protection
– Superceeds DPA 1984
– DPA 1984 only applied to electronic records
Information Governance
• Data Protection Act 1998
Anyone processing personal data must comply with the eight enforceable
principles of good practice.
–
–
–
–
–
–
–
–
fairly and lawfully processed;
processed for limited purposes;
adequate, relevant and not excessive;
accurate;
not kept longer than necessary;
processed in accordance with the data subject's rights;
secure;
not transferred to countries without adequate protection
Enquiries about or Breaches of the Data Protection Act must be reported to
the Information Governance Lead
Information Governance
Data Protection Act 1998
Three main strands
• Notification
• Compliance with the Principles
• Rights of the data subject
Information Governance
• Records Management
– Based on HSC 1999/053 for the record
– This sets out the legal obligations of NHS bodies for
keeping information in a proper manner
– Gives guidelines on length of time to legally keep
certain documents
– Promotes good practice within the NHS
– All employees have a responsibility to implement
good records management
Information Governance
• Information Quality Assurance
– Ensuring the quality of information captured
and used.
– Relates to the quality of the information
recorded
– To develop and reinforce a culture where high
quality information is expected.
Information Governance
• Information Quality Assurance
– Based on Data Accreditation guidelines mandated in
Information for Health
– Assuring the quality of information captured and used.
– Standards for holding, obtaining, recording, using and
sharing information.
– Developing and reinforcing a culture where high
quality information is expected and delivered.
Information Governance
• Freedom of Information Act 2000
– The Act gives a general right of access to all
types of 'recorded' information held by public
authorities, sets out exemptions from that
right and places a number of obligations on
public authorities.
Information Governance
• Information Quality Assurance
– Focuses on
•
•
•
•
•
•
Training
Policies & Procedures
Efficient and Effective Processes
Communication and Feedback of Issues
Accountability structures
Analysis of Outputs for Completeness, Validity and
Accuracy
Information Governance
• Freedom of Information 2000
– all public authorities have a duty to adopt and
maintain a publication scheme. A publication
scheme is a guide to the types of information
that a public authority will routinely make
available.
– All enquiries regarding FoI should be
forwarded to the Information Governance
Lead
Information Governance
•
•
•
•
Conclusion
Read the Trusts policies and procedures to
ensure you are aware of your responsibilities in
keeping information confidential and secure
Do not disclose information unless you have
been given permission
Ask if you are not sure
Inform the Information Governance Lead of any
breaches in confidentiality or information
security
Information Governance
• Useful Web sites
– Information Governance
– Confidentiality: Code of Practice
• http://www.doh.gov.uk/ipu/confiden/protect/index.htm
– Data protection
• http://www.dataprotection.gov.uk
– For the Record
• http://www.info.doh.gov.uk/doh/coin4.nsf/12d101b4f7b73d020025693c00548
8a9/ecd5f68ba22dd17b002567390036ef68/$FILE/Hsc053.pdf
– The Trusts Policies and Procedures
• www…..
Download