Information Governance – Who Cares?

Alistair StewartInformation Governance Co-ordinator

Key Learning Points

What is Information Governance? What do YOU need To Do to make this work?

Follow the Caldicott Guidelines Provide a confidential service – Corporate and staff

responsibility Comply with the Law

Understand the Data Protection Act Principles Recognise a Freedom of Information Act request

Follow the rules set out in Policies Keep Information Secure as you would your own

personal details Strive for accuracy in recording and using

information

Information Governance

“Information governance aims to support theprovision of high quality care by promoting theeffective and appropriate use of information.”

• Confidentiality• Data Protection• Information Security• Records Management• Freedom of Information• Data Quality Assurance

IG is to do with how the NHS handles information

Handling information meansHandling information means::

• Holding it securely and confidentially

• Obtaining it fairly and efficiently

• Recording it accurately and reliably

• Using it effectively and ethically

• Sharing it appropriately and lawfully

Caldicott Principles

• Principle 1- Justify the purpose(s)

• Principle 2 - Don’t use patient-identifiable information unless it is absolutely necessary.

• Principle 3 - Use the minimum necessary patient‑identifiable information.

• Principle 4 - Access to patient‑identifiable information should be on a strict need to know basis.

• Principle 5 - Everyone should be aware of their responsibilities.

• Principle 6 - Understand and comply with the law

Data Protection Principles

1. Fairly and lawfully processed 2. Processed for limited purposes 3. Adequate, relevant and not excessive 4. Accurate and up to date5. Not kept for longer than is necessary 6. Processed in line with rights of the

individual 7. Kept Secure, and 8. Not transferred to countries without

adequate protection.

Keep Information Secure

Adhere to all Organisation Policies Adhere to all local and national

Information Security Policies Protect Information Physically Practice Password Management Transfer Information Securely Report all actual and attempted

breaches of Security to Management immediately

It is your responsibility to keep all personal and sensitive information secure

Primary Care IG Baseline

Benchmarking Information Governance and Data Quality Standards, Directed Enhanced Service, circular PCA(M)(2007)11

All practices should:– be compliant with a basic list of standards for information

governance – have completed and implemented an action plan (agreed with

the host NHS Board) on how they will improve data quality and information governance

Regulator powers: Data Protection

• Privacy Impact Assessment (PIA) • DP registration changes• Extended Powers & Penalties

– Fines – up to £500,000 for reckless breaches

– Enhanced powers of inspection – Prosecution - prison sentences for s55

offences– Wilful or reckless breach of the DP

Principles leading to damage or distress

http://www.ico.gov.uk

Regulator changes: Freedom of Information

• Model Publication Scheme consultation• Sets out types of information routinely

made available by a public authority.• Should specify classes of information,

how available, and if charge.• Extension of the Act consultation• Review of exemption briefings

http://www.itspublicknowledge.info

NHS Scotland IG programme

• Standards & Toolkit• Communications &

Networks• Education & Training• Knowledge Base• National IG Framework of

Policies & GuidelinesDeveloping & Implementing

Fully Implemented

Evaluation & Monitoring

Changes Implemented

Continuous Improvemen

t Cycle

National IG Guidance

• NHS Scotland Code of Protecting Patient Confidentiality (reviewed)

• Caldicott Guardians Manual (reviewed)• Caldicott Guardians Website available at

http://www.knowledge.scot.nhs.uk/caldicottguardians.aspx• Looking After Information: Staff Awareness leaflet produced• Refreshed NHS Scotland Code of Practice in Records

Management -Health and administrative records into single document

IG is a series of best practice guidelines and principles of the Law to be followed by the NHS

Ongoing national IG activities

• Training requirements and awareness raising tools for NHSS staff

• Information Sharing Protocol (review)• Evidence base for IG Standards• Forum networking meetings

IG is the core foundation for high quality healthcare using good quality information

Training and Awareness

• Looking after information leaflet• DOTS module – scenario based• Flying Start – modular based• Medical Records material• On-line package

Specialist e-Library – Knowledge Networkhttp://www.knowledge.scot.nhs.uk

IG Portal - IG Bulletinhttp://www.elib.scot.nhs.uk/portal/ig/pages/index.aspx

eHealth Websitehttp://www.ehealth.scot.nhs.uk/

Further Information

Contacts NHSS IG Team: NSS.infogov@nhs.net

Alistair Stewart, Information Governance Co-ordinator, NHSSAlistairstewart@nhs.net

Kim Kingan, Information Governance Lead, SGHDKim.Kingan@scotland.gsi.gov.uk

David Armstrong, Enterprise Architect-Security, SGHD David.Armstrong@scotland.gsi.gov.uk

Robert Bryden, Records Management Lead, SGHD Robert.Bryden@scotland.gsi.gov.uk

• Records stored in corridors• Patient records removed from

premises• Password attached to IT equipment• Computers stolen from Office• Disc lost in mail containing personal

information• Lost Payslips• Lost memory stick

Could This Happen To You?

Potential Breaches

Discussion

Consider your workplace in relation to the breaches shown and highlight any potential problem area.

What solutions are available to you to reduce the risk?

Information Governance -

Is the responsibility of every NHS Employee so let’s aim together to be 100% compliant and show that

WE CARE

Question time….