information governance – who cares? alistair stewart information governance co-ordinator
TRANSCRIPT
Key Learning Points
What is Information Governance? What do YOU need To Do to make this work?
Follow the Caldicott Guidelines Provide a confidential service – Corporate and staff
responsibility Comply with the Law
Understand the Data Protection Act Principles Recognise a Freedom of Information Act request
Follow the rules set out in Policies Keep Information Secure as you would your own
personal details Strive for accuracy in recording and using
information
Information Governance
“Information governance aims to support theprovision of high quality care by promoting theeffective and appropriate use of information.”
• Confidentiality• Data Protection• Information Security• Records Management• Freedom of Information• Data Quality Assurance
IG is to do with how the NHS handles information
Handling information meansHandling information means::
• Holding it securely and confidentially
• Obtaining it fairly and efficiently
• Recording it accurately and reliably
• Using it effectively and ethically
• Sharing it appropriately and lawfully
Caldicott Principles
• Principle 1- Justify the purpose(s)
• Principle 2 - Don’t use patient-identifiable information unless it is absolutely necessary.
• Principle 3 - Use the minimum necessary patient‑identifiable information.
• Principle 4 - Access to patient‑identifiable information should be on a strict need to know basis.
• Principle 5 - Everyone should be aware of their responsibilities.
• Principle 6 - Understand and comply with the law
Data Protection Principles
1. Fairly and lawfully processed 2. Processed for limited purposes 3. Adequate, relevant and not excessive 4. Accurate and up to date5. Not kept for longer than is necessary 6. Processed in line with rights of the
individual 7. Kept Secure, and 8. Not transferred to countries without
adequate protection.
Keep Information Secure
Adhere to all Organisation Policies Adhere to all local and national
Information Security Policies Protect Information Physically Practice Password Management Transfer Information Securely Report all actual and attempted
breaches of Security to Management immediately
It is your responsibility to keep all personal and sensitive information secure
Primary Care IG Baseline
Benchmarking Information Governance and Data Quality Standards, Directed Enhanced Service, circular PCA(M)(2007)11
All practices should:– be compliant with a basic list of standards for information
governance – have completed and implemented an action plan (agreed with
the host NHS Board) on how they will improve data quality and information governance
Regulator powers: Data Protection
• Privacy Impact Assessment (PIA) • DP registration changes• Extended Powers & Penalties
– Fines – up to £500,000 for reckless breaches
– Enhanced powers of inspection – Prosecution - prison sentences for s55
offences– Wilful or reckless breach of the DP
Principles leading to damage or distress
http://www.ico.gov.uk
Regulator changes: Freedom of Information
• Model Publication Scheme consultation• Sets out types of information routinely
made available by a public authority.• Should specify classes of information,
how available, and if charge.• Extension of the Act consultation• Review of exemption briefings
http://www.itspublicknowledge.info
NHS Scotland IG programme
• Standards & Toolkit• Communications &
Networks• Education & Training• Knowledge Base• National IG Framework of
Policies & GuidelinesDeveloping & Implementing
Fully Implemented
Evaluation & Monitoring
Changes Implemented
Continuous Improvemen
t Cycle
National IG Guidance
• NHS Scotland Code of Protecting Patient Confidentiality (reviewed)
• Caldicott Guardians Manual (reviewed)• Caldicott Guardians Website available at
http://www.knowledge.scot.nhs.uk/caldicottguardians.aspx• Looking After Information: Staff Awareness leaflet produced• Refreshed NHS Scotland Code of Practice in Records
Management -Health and administrative records into single document
IG is a series of best practice guidelines and principles of the Law to be followed by the NHS
Ongoing national IG activities
• Training requirements and awareness raising tools for NHSS staff
• Information Sharing Protocol (review)• Evidence base for IG Standards• Forum networking meetings
IG is the core foundation for high quality healthcare using good quality information
Training and Awareness
• Looking after information leaflet• DOTS module – scenario based• Flying Start – modular based• Medical Records material• On-line package
Specialist e-Library – Knowledge Networkhttp://www.knowledge.scot.nhs.uk
IG Portal - IG Bulletinhttp://www.elib.scot.nhs.uk/portal/ig/pages/index.aspx
eHealth Websitehttp://www.ehealth.scot.nhs.uk/
Further Information
Contacts NHSS IG Team: [email protected]
Alistair Stewart, Information Governance Co-ordinator, [email protected]
Kim Kingan, Information Governance Lead, [email protected]
David Armstrong, Enterprise Architect-Security, SGHD [email protected]
Robert Bryden, Records Management Lead, SGHD [email protected]
• Records stored in corridors• Patient records removed from
premises• Password attached to IT equipment• Computers stolen from Office• Disc lost in mail containing personal
information• Lost Payslips• Lost memory stick
Could This Happen To You?
Discussion
Consider your workplace in relation to the breaches shown and highlight any potential problem area.
What solutions are available to you to reduce the risk?
Information Governance -
Is the responsibility of every NHS Employee so let’s aim together to be 100% compliant and show that
WE CARE