260 likes | 397 Views
Information Governance, Love it or Hate it!. Norman Pottinger Information Governance Manager. Admin and Introductions. Fire alarms Please turn off or silence mobile phones There will be a break for coffee No hand-outs but I will send the slides to Sam if you want a copy. Objectives.
E N D
Information Governance,Love it or Hate it! Norman Pottinger Information Governance Manager
Admin and Introductions • Fire alarms • Please turn off or silence mobile phones • There will be a break for coffee • No hand-outs but I will send the slides to Sam if you want a copy
Objectives • To support the IG on-line training tool • Give you some more “local” guidance • Help you to understand wider implications of Information Governance • Keep you and your employers out of jail! • Answer (if I can) your questions
Quiz • On your own or in pairs, or groups – your choice • Just take ten minutes to do this • We will discuss your answers at the end of the session
What is Information governance? • All and anything to do with information • Data Protection Act • Freedom of Information • Caldicott (1 and 2) • Human Rights • Records Management • Information Security • Data Quality
Data Protection Act 1998 • European Legislation • 8 principles • Covers Personal Data and Sensitive Data • Test! • Define Personal Data • Define Sensitive Data • Gives rights to individuals (Data Subjects) • Responsibility is personal
First Principle • “Personal Data shall be processed fairly and lawfully” • Fair processing notices • No surprises • Access to personal data must be restricted and appropriate
If you get it wrong • A member of staff working in a GP practice illegally looked at the records of more than a thousand patients. As a result he was fined for a breach of the Data Protection Act. • Total fine over £1000 • The Information Commissioner has fined an ex GP's receptionist for accessing a patients notes. The receptionist from a practice in Hampshire looked up details of her ex husbands new wife on a number of occasions. • Total fine over £1100 • NHS England (formally the NHS Commissioning Board) are having to pay a £200,000 fine because NHS Surrey (whose services have moved to NHS England) failed to ensure that PCs they arranged to be "cleaned" by a third party were being sold on still containing patient identifiable information. • An ex-employee of University Hospitals of Leicester NHS Trust has been convicted of computer misuse after inappropriately accessing patient records. They received a six-month custodial sentence.
Caldicott 1 and 2 • Caldicott review 1997 • Reviewed use of and access to patient records • Established the role of the Caldicott Guardian • Original 6 principles • Caldicott “2” 2013 • Clarified the H&SCA 2012 in relation to PCD • Tasked NHS England and the HSCIC with providing more guidance and clarity • 26 recommendations – all accepted by the department of Health • Added a 7th principle
Caldicott Principles • Justify the purpose • Don’t use patient confidential data (PCD) unless it is absolutely necessary • Use the minimum that is necessary • Access to PCD should be on a strict need to know basis • Everyone with access to PCD should be aware of their responsibilities • Comply with the Law • The duty to share information can be as important as the duty to protect patient confidentiality
Information Security • Principle 7 of the Data Protection Act • Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
Information Security • Password Controls • Policies • Locked cabinets • “Hidden” VDU screens • Secure e-mail
Passwords Passwords are like underpants. They should be changed regularly, they are best kept hidden, and they shouldn’t be shared.
Good or bad • onedirection • 1direction • tbbbitw • tN1bbitw • Nj89219*nel(m,LKH
Data Disclosure • Could be a criminal offence • Easily Done • Normally done by accident
Secure e-mail • @anyhospital.nhs.uk • @nhs.net • @hotmail.com • @gp-d82973.nhs.uk
Summary Care Record • Populate a central register of all patients • Summary only (although enhanced data may be uploaded later) • Available to all clinicians • Primary use of data (for direct patient care) • Patients can opt-out
Care.Data (HSCIC) • NOW DELAYED UNTIL OCTOBER 2014 • Populate a central record of all patients • Contains full patient records (read coded items) • Data is anonymised or pseudonymised within the HSCIC • Links primary care to secondary care data • Collection of data is given legal basis under the H&SCA • Data is for secondary use (i.e. not direct patient care) • GPs and Patients DO NOT have a legal right to opt out
Quiz Let’s review the answers