550 likes | 1.13k Views
Information Governance. What you will learn in this session?. P rinciples of Information Governance and their application to health and social care organisations Accessing Information Governance resources including national legislation, guidance and local policies & procedures
E N D
What you will learn in this session? Principles of Information Governance and their application to health and social care organisations Accessing Information Governance resources including national legislation, guidance and local policies & procedures Health and social care organisations’ responsibilities Protection of an individual’s confidentiality and the Caldicott Principles How to practice and promote a confidential service Principles of ensuring and maintaining good client records Recognising / responding to Freedom of Information requests Keeping Information Secure
What is Information Governance? • Information Governance is about how health and social care organisations and their employees must handle sensitive information IG is to do with howNHS/Social Careorganisations and individuals handle information
A framework of legal and ethical principles that apply when sensitive information is collected, processed and shared What is Information Governance? Howorganisations& individuals handlepersonal & sensitive information Excellent Care is built on a Foundation of confidence & trust Different Data Sets: • Personal & Sensitive (Healthcare records) • Person based & anonymous (Research data) • Corporate(Trust Financial Accounts) Principlesof Law andbest practice Slide 4 of 21
What is Information? • Personal • Sensitive • Corporate • Examples • Name, Address,Date of Birth,Next of Kin • Ethnicity, Diagnosis, Illness & Disorders, Sexual Orientation • Minutes of Meetings, Employee Details, Financial Information
Why is Information Governance so important? • Information is critical for safe, timely and effective care • Information is sensitive • Excellent healthcare is built on a foundation of confidence & trust For patients and service users
Why is Information Governance so important? • Sensitive information • Ethical and legal responsibility of every employee • Information must be: accessed, used & shared appropriately • For an employee
Why is Information Governance so important? • Ethical and legal responsibility of every organisation • Breaches of confidentiality costs money and reputation • For a health or social careorganisation
Information Governance requirements for health & social care organisations ; Trust policies, guidelines and procedures All information must be: • Held securely and confidentially • Obtained fairly and efficiently • Recorded accurately and reliably • Used effectively and ethically • Shared appropriately and lawfully
The Law and Information Governance • People have legal rights through common law to confidentiality • It is an offence to access / attempt to access computer systems without appropriate authorisation • States legal obligations for the collection, use, sharing and disclosure of personal information • Enshrines a basic human right for all to have the right to privacy • Allows the public to request information held by Public Authorities • Common Law Duty of Confidentiality • Computer Misuse Act 1990 • Data Protection Act 1998 • The Human Rights Act 1998 • The Freedom of Information Act 2000
Standards, Policies &Codes of Practice • Information Security Standards – ISO/IEC 17799: 2005 and IS Management NHS Code of Practice • The NHS Confidentiality Code of Practice • The Records Management NHS Code of Practice • Information Quality Assurance
The Caldicott principles must be used when accessing and using Patient Identifiable Information (PID) or confidential information and which must be maintained by all healthcare organisations. Justify the purpose of using confidential information Only use it when absolutely necessary Use the minimum information required Allow access on a strict need-to-know basis Always understand your responsibility Understand and comply with the law The duty to share information can be as important as the duty to protect patient confidentiality Always follow the Caldicott Principles Slide 12 of 21
Q.Who is a Caldicott Guardian? A.A senior person in the organisation responsible for ensuring the Caldicott principles are applied and maintained Q.Are you unsure whether to disclose? A.Don’t disclose Ask your manager or the Caldicott Guardian Caldicott Guardians
Subject Access Requests • Individuals have the right to access sensitive information including paper, computer records and other related information • Patients can request access to their medical record • Employees can request access to their personal records
What is a Freedom of Information (FOI) Request? • A request for official information held by Public Bodies such as hospital trusts • Public have a right to access/view all non-personal, public authority information • Purpose is to promote openness & accountability • Requests must be made in writing • There are Exemptions • Law requires that any FOI request must receive a response within 20 days Direct Freedom of Information requests to the Lead in your Organisation
Can you recognise a Freedom of Information (FOI) Request? Dear Sir/Madam, I would like to know how much the Trust is spending on the new A&E unit due to be completed in March 2014. I would like a list of the new medical and non medical equipment being purchased for this unit. Yours sincerely Daniel Radcliffe MP Dear FOI Lead, I have recently undergone an operation on my hip at your Trust and would like to see all the notes in my health record regarding this period of care. Please give me an indication of when this information can be provided to me. Yours sincerely Mrs A Smith
Duty of Confidence • You have a legal duty to protect and maintain confidentiality • There’s a confidentiality clause in your contract of employment • You have a professional duty of confidence It’s in your Code of Professional Conduct Slide 17 of 21
Duty of Confidence Be careful and cautious when answering the telephone: • Callers request information under false pretences • Requests for information need to be verified • If possible, always obtain requests in writing Are you unsure? Don’t discloseAsk your manager or the Caldicott Guardian who’s responsible for ensuring confidentiality
Good Quality Record Keeping • Does a record already exist? • Records must be clear, factual, accurate & complete • Can everybody else read them? • Complete them quickly! • Make sure they dated, timed and signed • Keep information up-to-date • Store them safely • Read them, check them, then check again! Slide 19 of 21
Good Quality Record Keeping • Check the minimum period records have to be retained • Are you deleting records? If so check the organisation’s Disposal of Records Policy and Procedures
Information Security Information security is about ensuring information is: • Protected and secure • Reliable • Available to authorised users only Your responsibilities are to ensure: • Records are correctly stored • Passwords are kept secure • Report inappropriate disclosures • Safe Haven processes when faxing are used • Delete spam mail without opening • You don’t download unauthorised software • You use IT equipment correctly Any breaches of data security, no matter how small must be reported
Information Security – A serious matter • Organisations have systems in place to monitor the access, use of systems and information by staff • Failure to comply with legal obligations or organisational policy & guidelines could mean disciplinary and legal action being taken
Your Responsibilities • DO • Protect an individual’s information • Be aware of national & local information, Policy & Procedures • Inform patients how information is used and when it may be disclosed • Help to improve the way organisation protects information • Report any suspected or actual breaches of information security • Seek advice from the appropriate leads if you have any Information Governance concerns • DON’T • Send confidential, person-identifiable data without applying the required encryption/security measures • Store Personal/Sensitive information on unencrypted and unauthorised portable devices • Disclose confidential information with unauthorised people • Leave person-identifiable data (PID) unattended or in vehicles • Access inappropriate websites • Use an organisation's equipment or information to promote private business or for financial gain
Useful sources of Information and links Further advice Contact your local Information Governance Manager or Lead Useful Links • Information Commissioners Office www.ico.org.uk/ • Connecting for Health Toolkit www.igt.hscic.gov.uk/
Thank you for the support in developing these materials • Michael Abbotts St Helens and Knowsley NHS Hospitals Trust • Jonathan Mayes Information Risk ManagerPennine Care NHS Foundation Trust • Trish Noon Information Governance Manager Pennine Acute Hospitals NHS TrustTrish’s original presentation was used as the basis for these materials • Barbara Smart Data Protection Liaison Officer Royal Liverpool and Broadgreen University Hospitals NHS Trust • Cora Suckley Information Governance Project Coordinator The Clatterbridge Cancer Centre NHS Foundation Trust • Menna Harland Academic Lead for Practice Learning Liverpool John Moores University • Nick Moseley Moseley Multimedia Ltd
THANK YOUAny Questions? Insert trainer’s name, telephone number and email here