1 / 25

Introduction to Information Governance (IG)

Understand the importance of Information Governance (IG) policies and guidelines in healthcare settings, including data protection, confidentiality, and lawful practices. Learn how to comply with IG principles to ensure high-quality healthcare and security of sensitive information.

zook
Download Presentation

Introduction to Information Governance (IG)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to Information Governance (IG) IG Policy Team NHS Connecting for Health

  2. Key Learning Points • What is Information Governance? • What do YOU need To Do to make this work? • Follow the Caldicott Guidelines • Provide a confidential service • Comply with the Law • Understand the Data Protection Act Principles • Recognise a Freedom of Information Act request • Follow the Records Management NHS Code • Keep Information Secure • Input Quality Information

  3. What is IG? • IG is to do with howNHS/Social Careorganisations and individuals handle information

  4. Information means: Personal E.g. Name, Date of Birth, Home address Sensitive E.g. ethnicity, disease, medical condition, sexual life Corporate E.g. Contracts for suppliers, minutes of meetings, finance details

  5. Handling information means • Holding it securely and confidentially • Obtaining it fairly and efficiently • Recording it accurately and reliably • Using it effectively and ethically • Sharing it appropriately and lawfully

  6. What is IG? IG is a series of best practice guidelines and principles of the Law to be followed by NHS/Social Care organisations and individuals • IG is to do with how NHS/Social Care organisations and individuals handle information

  7. Core elements of IG • Data Protection Act 1998 • Freedom of Information Act 2000 • Information Security Standards – ISO/IEC 17799: 2005 and IS Management NHS Code of Practice • The NHS Confidentiality Code of Practice • The Records Management NHS Code of Practice • Information Quality Assurance

  8. IG Toolkit • Organisation Self Assessment against national set of standards. Annual submission. • Adopted by NHS, Social Care, GP and Commercial Third Parties. • Online Tool • Process may be subject to internal and external audit • Past reports available online • For further information on the IG Toolkit go to: • www.igt.connectingforhealth.nhs.uk

  9. What is IG? IG is a series of best practice guidelines and principles of the Law to be followed by NHS/Social Care organisations and individuals • IG is to do with how NHS/Social Care organisations and individuals handle information IG is the core foundation for high qualityhealthcare using good quality information

  10. IG is the responsibility of every employee! • What do YOU need • To Do • to make this work?

  11. Confidentiality • Do not share without consent The Caldicott Guardian 1997 Caldicott Report

  12. Follow the Confidentiality Caldicott Guidelines • Justify the purpose of using confidential information • Only use it when absolutely necessary • Use the minimum required • Allow access on a strict need-to-know basis • Understand your responsibility • Understand and comply with the law

  13. CDDFT Key Information Governance Staff • Caldicott Guardian – Dr Alan McCulloch • Senior Information Risk Owner – Sue Jacques • (Chief Operating Officer and Director of Finance) • Data Protection Officer – Lisa Wilson • (Head of Information Governance & IT Security) • FOI Lead – Joanna Tyrell (nee Jenkins)

  14. If you are not sure, don’t discloseand seek further advice from your line Manager or Caldicott Guardian

  15. Improve Inform Protect Provide Choice Improve Provide a Confidential Service • Protectindividual’s information by recording relevant data, accurately, consistently, keeping it secure and confidential. • Informa patient how their information is used and when it may be disclosed • Provide choiceto patients to decide whether their information can be disclosed • Always look toImprovethe way you/the organisation protects, informs and provides choice to the patient/clients/employees. Personal information shared in confidence should not be used or disclosed further without the consent of the individual (Common Law Duty of Confidence)

  16. Comply with the Law • The Data Protection Principles • Personal data must be: • Processed fairly and lawfully • Processed for specified purposes • Adequate, relevant and not excessive • Accurate and up-to-date • Not kept for longer than necessary • Processed in accordance with the rights of data subjects • Protected by appropriate security (practical and organisational) • Not transferred outside the EEA without adequate protection • Data Protection Act 1998 – It is your responsibility to understand the principles in relation to your role and your organisation

  17. Comply with the Law Dear FOI Lead I have recently undergone an operation on my hip at your Trust and would like to see all the notes in my Health Record regarding this period of care. Please give me an indication of when this information can be provided to me. Yours sincerely Betty Boo Dear Sir/Madam I would like to know how much the Trust is spending on the refurbishment of the A&E ward, due to be completed in March 2007. I would like a list of the new medical and non medical equipment being purchased for this ward. Yours sincerely Mickey Mouse • Can you recognise a Freedom of Information (FOI) Act Request? A B Which of A or B is an FOI request?

  18. What you need to know about FOI • Gives the public the right to access/view all non-personalpublic authority information upon request • Requests must be in writing • All staff must know who their FOI Lead is and be able to access/refer to their contact details. • The requester may not and need not quote the FOI Act • The organisation must respond within 20 working days • Exemptions may apply for non disclosure – FOI Lead will determine this.

  19. What you need to know about FOI • Penalties for non compliance with or breach of the Act applies to the: • Organisation • Chief Executive • Possibly Individual staff

  20. Follow the Records Management NHS Code of Practice Best Practice guidance states: All Staff have a legal and professional obligation to be responsible for any records which they create or use in the performance of their duties. Any record created by an individual, up to the end of its retention period, is a public record and subject to Information requests (FOI and Subject Access). Subject Access Request?

  21. Record Lifecycle Record Lifecycle Creation Using Close Record Retention Appraisal Disposal Keep/maintain in line with NHS recommended Retention Schedule Create & log Quality information Use/handle in accordance with Data Protection Act Dispose appropriately according to policy Determine whether records are worthy of permanent archival preservation

  22. } Record Quality Information Better Healthcare • Keep all types of information: • Accurate • Up to date • Complete – Including NHS Number • Quick and easy to find • Free from duplication • Free from fragmentation

  23. It is your responsibility to keep all personal and sensitive information secure Keep Information Secure • Follow Organisation Policies • Protect Information Physically • Practice Password Management • Transfer Information Securely • Report Breaches of Securityto Management

  24. Information Governance is the responsibility of every employee, so keep up the good work and aim to be 100% compliant.

  25. Further Guidance and useful links

More Related