name of p lan : effective from: 11 /01/2016
TRANSCRIPT
Information Governance Staff Training Strategy (and Action Plan) v1 1
Policy No: IG14
Version: 1.0
Name of Plan: Information Governance Staff Training Strategy
(and Action Plan)
Effective From: 11/01/2016
Date Ratified 02/12/2015
Ratified Health Informatics Assurance Group (HIAG)
Review Date 01/12/2017
Sponsor Director of Finance and Informatics
Expiry Date 01/12/2018
Withdrawn Date
Unless this copy has been taken directly from the Trust intranet site (Pandora) there is no assurance that
this is the most up to date version
This strategy supersedes all previous issues
Information Governance Staff Training Strategy (and Action Plan) v1 2
Version Control
Version Release Author /
Reviewer
Ratified by /
Authorised by
Date Changes
(Please identify
page no.)
1.0
11/01/2016 M. Galloway Health
Informatics
Assurance Group
(HIAG)
02/12/2015 New strategy –
review of IG training
requirements for the
IGTK.
Information Governance Staff Training Strategy (and Action Plan) v1 3
Contents
Section Page
1. Introduction .................................................................................................................................. 4
2. Purpose ......................................................................................................................................... 4
3. Scope ............................................................................................................................................ 4
4. Duties and Responsibilities ........................................................................................................... 5
5. What is Information Governance ................................................................................................. 5
6. Annual Review of the IGTK Training and Comms Controls .......................................................... 6
7. Staff Training Needs Assessment (TNA) ....................................................................................... 6
8. The Information Governance Staff Training Programme ............................................................. 7
8.1 New Starters – Induction Process .................................................................................... 7
8.2 The Annual Mandatory Staff IG Training Programme .................................................... 7
8.3 Non Clerical Staff ............................................................................................................ 7
8.4 Specialised Roles .............................................................................................................. 7
8.5 Volunteers and Apprentices ............................................................................................ 8
8.6 One to One Sessions ........................................................................................................ 8
9. Governance .................................................................................................................................. 9
10. Session Evaluation Methodology.................................................................................................. 9
11. IG Reporting .................................................................................................................................. 9
12. Staff Training Assessment Methodology ...................................................................................... 9
13. Promotion of Procedural Documentation Guidance.................................................................... 10
14. Staff Communication .................................................................................................................... 10
15. Review ......................................................................................................................................... 10
16. Dissemination ............................................................................................................................... 11
17. Compliance and Monitoring ......................................................................................................... 11
18. Consultation and Approval ........................................................................................................... 11
APPENDICES
Appendix 1: An Annual Review of the IGTK Training and Comms Requirements 2015/2016 .................. 12-24
Appendix 2: DoH IG Staff Training Needs Assessment Matrix .................................................................. 25
Appendix 3: Gateshead Health NHS Foundation Trust IG Staff Training Needs Assessment Matrix ....... 26
Appendix 4: IG Staff Mandatory Training Programme for Specialised Roles Summary ............................ 27-28
Appendix 5: Staff Guidance for using the HSCIC IG Training Tool (IGTT) ................................................ 29
Appendix 6: Information Governance Letter and IG Spot Check Questionnaire ..................................... 30-32
Appendix 7: IG Staff Training and Comms Action Plan 2015-2017 ........................................................... 33
Information Governance Staff Training Strategy (and Action Plan) v1 4
Information Governance Staff Training Strategy (and Action Plan)
1. Introduction
To ensure compliance with current legislation and central DoH guidelines, the Health and Social
Care Information Centre (HSCIC) Information Governance Toolkit (IGTK) requires all organisations in
the Health and Social Care Sector to have a documented training and communication strategy and
action plan in place to raise staff awareness of best practice and to inform staff of their legal
responsibilities and consequences of non-compliance with the Trust’s IGTK requirements.
IG knowledge and awareness is at the heart of every organisation’s core activities. Appropriate
governance standards and best practices must be effectively communicated and embedded into an
organisation’s governance structure in order to achieve a stable workforce and an environment
that is free from data breaches and blunders. Without appropriate knowledge communicated to
staff the Trust’s ability to meet and maintain it’s legal and policy requirements could be severely
impaired.
It is now a mandated requirement of the IGTK (Control 112) that organisations must routinely
assess and monitor staff training needs. The requirement states “that Information Governance
awareness and mandatory training procedures are in place and all staff are appropriately trained”.
It further states that “basic IG training must include an individual comprehension test so that staff
understand the content of what they have learnt”.
Organisations are therefore expected to identify who needs to be trained, how the training will be
delivered and whether the requirement is beyond basic level training i.e. is it a specialised role.
2. Purpose
The purpose of this strategy is therefore to ensure:-
• There is a comprehensive IG staff training programme in place for all staff that covers the
ethical standards and requirements for handling patient and corporate data;
• The training programme covers an agreed level of competency requirements as outlined in
the IGTK Standard 112 and systematically assesses the needs of staff;
• Staff training is identified in a training needs assessment (TNA);
• Specialised roles receive additional training and support to help them perform in their work
duties;
• Action is taken where key information governance requirements are identified and need to
be addressed.
3. Scope
This strategy applies to any individual in any capacity, including temporary/honorary employees,
students, volunteers, placement students and contractors etc. who work on behalf of the Trust.
Information Governance Staff Training Strategy (and Action Plan) v1 5
4. Duties and Responsibilities
Job Role Type of Training
Chief Executive The Chief Executive will take full responsibility for the effective
implementation of this IG Staff Training Strategy.
Senior Information
Risk Officer (SIRO) (i.e.
the Director of
Finance and
Informatics)
The SIRO will ensure the Trust Board is adequately briefed on all
information risk issues associated with IG staff training. This will
ensure:-
• The Trust’s approach in terms of resource, commitment and
execution is effective and is communicated to all staff;
• Ensure all training requirements are kept up to date.
The Caldicott Guardian
i.e. the Medical
Director
The Caldicott Guardian will ensure all training requirements are kept up
to date in line with changes in legislation and national NHS guidance.
The Deputy Director of
IT and Informatics
The Deputy Director of IT and Informatics will take full ownership of this
strategy and ensure its sits within the current Information Governance
Framework.
Head of Information
and Data Quality
The Head of Information and Data Quality will ensure all the necessary
risk assessments and training needs assessments have been conducted
to ensure the effectiveness of the training programme is still fit for
purpose.
Information
Governance Lead
The Information Governance Lead will take full responsibility for the
development and co-ordination of the Trust’s IG staff training
programme with O&D. This will involve reviewing and agreeing actions
where information risks have been identified.
Line Managers Line Managers are responsible for ensuring that all IG communication
and training requirements are cascaded to junior members of staff and
all staff training sessions identified are attended to.
All Staff All staff are expected to complete / attend their IG training sessions
when requested.
5. What is Information Governance
Information governance brings together a cluster of best practice and standards relating to the use
and handling of data which staff are required to have an understanding of. These include, but are
not limited to:-
• Patient/client confidentiality;
• Data Protection and the Caldicott Principles/requirements;
• Subject access and disclosure requirements;
• Data quality;
• Records management;
• Information security;
• Freedom of Information.
Organisations like the Trust are required to ensure that information is used legally and ethically and
is managed in such a way that it receives the highest level of confidence and trust from its staff and
service users. This will not only protect the security and confidentiality of assets but enhance its
business activities and service delivery.
Information Governance Staff Training Strategy (and Action Plan) v1 6
6. Annual Review of the IGTK Training and Comms Controls
To meet this commitment, an annual review of the training and communication controls in v13 of
the IGTK was undertaken by the IG Lead to establish a clear plan of action tailored for specific staff
groups and job roles. (Appendix 1). The review observed the DoH IG Staff Training Matrix standards
(Appendix 2) and recommended guidance on the HSCIC IG Training Tool (IGTT).
A staff training programme was developed and a summary review was incorporated as good
practice into the current IG Improvement Plan. Where information risks were identified the IG
Team made improvements to ensure a level 2 or more compliance scoring could be achieved in all
mandated training/comms requirements.
7. Staff Training Needs Assessment (TNA)
The Training Needs Assessment identified the following points:-
• IG training must be provided as part of the staff induction process when staff join the
organisation (112);
• IG training must be part of an annual mandatory training programme where staff can
update their current knowledge;
• Key staff or groups/divisions are given additional training beyond basic confidentiality and
security levels to perform in their role;
• IG training should form part of the annual staff appraisal or performance review of staff;
• Training must be provided whenever there is a change in role or responsibilities or where
staff need more support;
• Further staff training is identified following a Root Cause Analysis (i.e. RCA) relating to an
information governance incident.
The Training Needs Assessment identified that all staff must receive some form of basic IG training
in relation to their role regardless of whether they are permanent, temporary or contracting staff.
The review highlighted that those in specialised roles were required to undertake additional
training to support their role activities as per the training hierarchy requirements in Table 1.
Table 1: The Hierarchy of Staff Training Needs Based on the IGTT Tool Recommendations
(All Staff)
Basic Mandatory Information Governance Training
An Introduction to IG Training / Refresher Module
Key Specialised Roles Training
(The Senior Information Risk Officer (SIRO), the Caldicott Guardian, Information
Governance Lead, Information Security Manager, Data Quality Lead, Clinical
Coders, FOI Lead)
Patient Confidentiality, Records Management / Caldicott / Access to Health
Records / Information Risk Management / Information Security / Security Data
Transfers
Personal Development Training
(Optional courses recommended in the IGTK by staff)
Business Continuity/Password Management/Secure Handling of
Confidential Information modules
Information Governance Staff Training Strategy (and Action Plan) v1 7
8. The Information Governance Staff Training Programme
The IG Staff Training programme to be imposed on staff is as follows:-
8.1 New Starters – Induction Process
All new starters will receive a training session in basic IG principles via the Trust’s staff
induction programme at the start their employment. This requirement will be expected to
be undertaken within 6 weeks of their start date of employment at the Trust. Managers
responsible for managing staff are required to comply with this requirement.
8.2 The Annual Mandatory Staff IG Training Programme
All staff (including clinical and non-clinical) will complete an annual mandatory IG training
session. This requirement will be co-ordinated by the Trust’s Organisation and
Development Team (O&D). Staff will be offered the option of attending a face to face
session or completing an online IG e-learning assessment module.
Those who do not have access to a PC will be required to attend a face to face training
session. Staff who are unable to make a face to face IG training session due to work rota
commitments will have to complete the e-learning module. If further support is required,
an O&D advisor may be available to provide further assistance on request.
The Trust’s e-learning portal can be accessed at: - http://e-learning
Staff completing the e-learning module are required to register online to the learning portal
to generate their password and login details, all of which are organised through O&D.
8.3 Non Clerical Staff
It is recognised that certain staff roles will not always routinely access personal data for
e.g.:-
• Cooks/catering staff;
• Helpers/assistants;
• Domestics, Housekeepers;
• Craftsmen;
• Porters;
• Support workers.
Even so, these roles still play an active part in the Trust’s business activities and therefore
will still need to have basic knowledge of current IG practices so that information risks and
trends can be identified, reported (via Datix) and acted upon. All these roles will therefore
still receive basic mandatory training each year.
8.4 Specialised Roles
All staff in designated roles (for e.g. the SIRO, Caldicott Guardian, specialised managers etc.)
will be required to undertake additional training via the Information Governance Training
Tool (IGTT) or by another means where professional development can be demonstrated.
The expected training format will be:-
Information Governance Staff Training Strategy (and Action Plan) v1 8
Table 2: Training Format for Specialised Roles
Job Role Type of Training
Senior Information Risk Officer (SIRO) IGTT Modules
The Caldicott Guardian – the Medical
Director
IGTT Modules
Information Governance Lead IGTT Modules / specialised training
The IT and Information Security Manager IGTT Modules / specialised training
Health Records Manager IGTT Modules
Subject Access Handlers IGTT Modules
FOI Lead and FOI Co-ordinators Specialised training
Data Quality Lead Specialised training
Clinical Coders Specialised training
Information Asset Owners and Information
Asset Administrators
IGTT Modules
Appendix 3 illustrates the Trust’s proposed training programme (covering recommended
and mandatory IGTT modules) for designated roles. (Based on recommended guidance)
Appendix 4 highlights the mandatory staff training programme for designated roles.
All modules required for completion can be accessed online at:
https://www.igtt.hscic.gov.uk/igte/index.cfm
Each designated role will be required to refresh their IG training modules every three years
with the exception of the SIRO who will complete the training annually.
A step by step guide on how to register and access the IGTT modules is illustrated in
Appendix 5.
All those in specialised roles will be informed by the IG lead of the IGTK requirement to
undertake additional IG training. Where modules are not completed within a specific time
frame line managers will be contacted to cascade the training requirement.
8.5 Volunteers and Apprentices
Group sessions will be provided to all volunteers and apprentices / cadets by the IG Lead
throughout the year prior to their commencement start date at the Trust.
8.6 One to One Sessions
Specialised training workshops will be available to staff who require more departmental
training, support and guidance. This will allow for more informal discussions to take place
about how IG policies and procedures apply to their own department/service areas.
Specialised training is likely to result from:-
• Departmental information security incidents;
• External/internal audit inspections and recommendations;
• New training standards and changes to legislation that apply to the service area.
Such sessions will be provided on an ad-hoc basis, on request.
Information Governance Staff Training Strategy (and Action Plan) v1 9
9. Governance
The IG Team will work closely with O&D to ensure:-
• Staff receive comprehensive awareness training;
• Are provided with appropriate induction materials (for e.g. Codes of Conduct summarising
staff legal obligations and requirements), staff handbooks and staff contracts which outline
appropriate Data Protection and Confidentiality Clauses;
• Service line managers are provided with appropriate induction checklists.
10. Session Evaluation Methodology
The IG Staff Training Programme will be evaluated using O&D’s standard staff training evaluation
form to help continuously improve the content and quality of the training delivered. This will
enable the IG Lead to identify any gaps that may need to be addressed.
Any changes to further develop the IG staff training programme will be through the HIAG in
collaboration with O&D to ensure all expected requirements are identified and realised.
11. IG Reporting
It is a requirement of the IGTK Control 112 (2a) that “at least 95% of all staff, including new
starters, locums, temporary, students and staff contracted to work in the organisation have
completed their annual IG training in the period 1 April to 31 March”.
Quarterly training reports on the IG Training Tool (IGTT) will be run off by the IG Lead (for targeted
staff groups) whilst mandatory attendance reports (Induction and Mandatory) provided by O&D
will be reviewed to identify non-compliance.
Compliance will be shown as follows:-
In Date
Nearly Out of Date
Out of Date
The IG Lead will administer the HSCIC Training Tool for the Trust and will deal with any staff
enquiries on training uptake and system access, where applicable.
The Trust’s Mandatory Training Dashboard will also be used as additional evidence for the IGTK
submission.
12. Staff Training Assessment Methodology
A criterion of the IGTK Requirement for 112 is that “action must be taken to test and follow up staff
understanding of IG…….providing staff with IG guidance does not provide assurance that they have
understood their IG responsibilities”. The Trust will collect evidence to demonstrate that the IG
training programme is effective in improving current working IG practices in the workplace.
Evidence as required by the IGTK will take the form of:-
• A comprehension test;
• Staff monitoring;
• Random IG spot checks and questionnaires;
Information Governance Staff Training Strategy (and Action Plan) v1 10
The comprehension test will be sent out to training attendees via a staff email link no later than
three days after the training session via the IG Team. The online questions will be reset annually at
the start of every financial year and the results of the comprehension test will be feedback to the
HIAG quarterly.
The IG Lead will conduct IG spot checks and confidentiality audits to ensure there is compliance
with the IGTK training requirements. The audit results will be fed back into the annual review of the
IG staff training presentation and training materials / handouts.
Appendix 6 highlights the IG spot check request letter and pre-spot check questionnaire to be
circulated to staff.
13. Promotion of Procedural Documentation Guidance
A number of IGTK controls require documented procedural guidance to be communicated to staff.
Specifically, guidance about:-
• Network security;
• Incident management;
• Information sharing i.e. subject access requests and information disclosures;
• Confidentiality audits / IG spot checks;
• Change management;
• Registration Authority and Smartcards;
• Business continuity planning;
• Mobile working/teleworking;
To ensure compliance, the IG Lead will advise all service contributors of the IGTK to ensure
appropriate guidance is communicated to staff, as and when necessary.9
14. Staff Communication
The IG Lead will maintain a Training and Comms Plan 2015-2017 (Appendix 7) to ensure staff are
informed about the requirements of the Trust’s Information Governance Framework.
In conjunction with the Trusts Communication Team, the Information Governance Team will
maintain a calendar to identify when IG messages should be cascaded to staff. This will be via the
Trust’s QE weekly to all corporate and clinical staff. The Information Governance Lead will collate
and comment on current issues around new legislation/NHS guidance updates and
confidentiality/security incidents (potential, near misses or actual incidents) so that staff are
informed about best practice. The suggested quarters for all staff briefings and newsletters will be:
January, April, July and October.
All comms messages will be signed off by the Deputy Director of Informatics for approval.
The Information Governance lead will maintain a catalogue of alerts, topics, briefings and
communications released to staff.
The Comms Team will circulate all approved newsletters/briefings to all staff in the Trust, as and
when necessary.
15. Review
This Strategy will be reviewed annually to keep up to date with national guidance and legislation or
when sudden changes in statutory law dictates otherwise.
Information Governance Staff Training Strategy (and Action Plan) v1 11
16. Dissemination
The Strategy will be disseminated via the staff intranet.
17. Compliance and Monitoring
The success of this Strategy will be monitored against the following performance objectives:-
Measureable Objective Audit Monitoring Frequency of
Monitoring
Assigned
Responsibility
Group/
Committee
Assigned
Responsibility
To achieve an annual
95% target rate for
attendance to IG training
sessions
Quarterly reports
from the mandatory
training dashboard,
e-learning
programme and
IGTT System
Quarterly Information
Governance Lead
Health Informatics
Assurance Group
(HIAG)
IG Incidents Training issues
flagged from RCA
reports and
investigations
Ongoing Information
Governance Lead
Health Informatics
Assurance Group
(HIAG)
Training Session
Evaluation Feedback
Forms
Review of staff
comments about the
current IG staff
training programme
Quarterly Information
Governance Lead
Health Informatics
Assurance Group
(HIAG)
Results of the IG
Comprehension Test
Review of whether
staff understand
current IG best
practices across the
Trust.
Quarterly Information
Governance Lead
Health Informatics
Assurance Group
(HIAG)
IG Spot Check
Questionnaire Results
Issues flagged up
from the IG spot
checks /
questionnaires
Quarterly Information
Governance Lead
Health Informatics
Assurance Group
(HIAG)
18. Consultation and Approval
This Strategy will be reviewed and approved by the Health Informatics Assurance Group (HIAG).
Information Governance Staff Training Strategy (and Action Plan) v1 12
Appendix 1: An Annual Review of the IGTK Training and Comms Requirements 2015/2016
IGTK
Req.
IGTK Req. Level Key Message Examples of Evidence Required Delivery Method
105 The IG policies have been
communicated to staff and there are
strategies and/or improvement plans in
place to deliver information
governance improvements, including
but not necessarily limited to the IG
Toolkit requirements, which have been
signed off at a senior level.
2a IG policies have been
communicated to appropriate staff
and made available throughout the
organisation.
A selection of policies that cover best IG
practice:-
• Overarching Information Governance
Strategy and Policy
• Confidentiality and Data Protection
Policy
• Information Security Policy
• FOI Policy
• Records Management Policy
• Data Quality Strategy and Policy
All policies are published on the
staff intranet.
Policies are referred to in the
Induction and Mandatory Training
sessions.
111 All current and new employment
contracts contain appropriate IG
compliance requirements. An action
plan has been documented to ensure
that individuals working on behalf of
the organisation understand their
responsibilities.
1b There is a documented action plan
for raising awareness and
compliance with information
governance standards
• IG Staff Training and Communication
Plan
All published on the staff intranet.
1c The action plan has been
implemented and all existing staff
are aware of their obligations for IG.
All new staff are appropriately
vetted, trained and provided with
guidelines to ensure they are aware
of their obligations for IG before
they start handling person
identifiable information.
• IG Staff Training Strategy, Training
and Communication Plan and TNA
• Staff Code of Conduct
• IG Staff Handbook
The action plan has been implemented
and all existing staff are aware of their
obligations for IG. All new staff are
appropriately vetted, trained and
provided with guidelines to ensure
they are aware of their obligations for
IG before they start handling person
identifiable information.
2a The action plan has been
implemented and all staff have
been informed of their
responsibilities and the
consequences of misconduct. Staff
may be informed through team
meetings, awareness sessions or
staff briefing materials
Consequences of misconduct are
highlighted in the:-
• Confidentiality and Data Protection
Policy
• Staff Code of Conduct IG Induction
and Mandatory Training Programme
/ Presentation
• IG Staff Handbook
• IG Staff Training Strategy and Training
and Communication Plan
Guidance is published on the staff
intranet.
The IG staff training presentation
is available on request.
Information Governance Staff Training Strategy (and Action Plan) v1 13
112 An IG training programme has been
developed that includes staff training
needs analysis, induction for new
starters and the completion of basic IG
training with an individual test of
comprehension for all staff.
1b An IG training programme has been
developed and documented, to
provide basic IG training for
everyone including new starters,
training needs analysis and
additional training for key staff
groups or roles.
• A documented Training Plan /
Programme.
• A Staff Training Needs Assessment
The TNA and action plan is
documented in the IG Staff
Training Strategy
1c Basic IG training, including an
individual comprehension test, is
provided to all new starters as part
of their induction.
• Completion of an IG comprehension
test
Staff are requested to complete a
comprehension test at the end of
their IG mandatory training
session.
IGTK
Req.
IGTK Req. Level Key Message Examples of Evidence Required Delivery Method
112 All staff, including new starters,
locums, temporary students and staff
contracted to work in the organisation
have completed their annual training.
Training materials and plans are
checked for equivalent materials in the
NHS IG Training Tool by auditors or
through another documented local
governance process. Training needs are
regularly reviewed and re-evaluated
when necessary.
2a At least 95% of all staff, including
new starters, locums, temporary
students and staff contracted to
work in the organisation have
completed their annual IG training
in the period 1st
April to 31 March.
• Induction and mandatory training
attendance reports
• IGTT generated training reports to
evidence roles and number of staff
who have undertaken specialised IG
training.
• For NHS organisations only –
approval of training presentation
materials by an auditor
IGTT reports are down loaded by
the IG Lead quarterly
Updates on the Trust training
dashboard is monitored and
reported on quarterly to the HIAG.
200 There is a Caldicott function with
adequate confidentiality and data
protection skills, knowledge and
experience to successfully co-ordinate
and implement the confidentiality and
data protection work programme.
2b All staff assigned responsibility for
co-ordinating and implementing the
confidentiality and data protection
work programme, including the
Caldicott Guardian, have been
appropriately trained to carry out
their role.
• Caldicott training – completion of
IGTT modules
The Caldicott Guardian undertook
his training in Jan 2015.
201 There is documented guidance for staff
on keeping personal information
secure and on respecting the
confidentiality of service users that also
includes guidance on the duty to share
information for care purposes. The
documented guidance has been
1b There is staff guidance (e.g.
document, or handbook, or leaflet)
on keeping personal information
secure, on respecting the
confidentiality of service users, and
on the duty to share information for
care purposes.
• Documented IG Staff Handbook
• Staff induction/mandatory materials
The IG staff handbook is circulated
to staff prior to the induction
process.
Information Governance Staff Training Strategy (and Action Plan) v1 14
approved by senior management or
committee.
1d The guidance for staff is made
accessible to them in an appropriate
location.
• Published staff guidance
202 All purposes that require confidential
personal data to be used or shared
have been identified and have a clear
and documented lawful basis. All staff
engaged in supporting these purposes
understand what is lawful and what is
not.
2a There are guidelines for staff that
are accessible to them in an
appropriate location.
• IG Staff Handbook
• Confidentiality and Data Protection
Policy (IG06)
The policy is published on the staff
intranet.
The IG Staff Handbook is under
review.
203 Communication materials clearly set
out how personal information and de-
identified data are used and shared,
both for direct care and for other
purposes, including who it is shared
with and for what purposes.
1a There are documented fair
processing materials.
• Fair processing notice The Trust’s fair processing notice is
published on the staff intranet.
1c All relevant staff members have
been effectively informed about the
existence of the materials. They
might be informed through team
meetings, awareness sessions, or
staff briefing materials.
• Fair processing notice – fair
processing is discussed in the
mandatory training programme and
the Confidentiality and Data
Protection Policy
The Fair Processing is published via
the GHNT internet website.
Guidance on fair processing is
discussed in the IG induction and
mandatory staff training
programme.
205 There is a documented procedure for
handling subject access requests that
has been approved by senior
management or committee.
1a There is a documented procedure
for processing subject access
requests efficiently and in
accordance with the law
• Documented subject access
procedures
A Trust SAR Policy is currently in
development.
SAR procedures are held by
individual teams that process
SARs.
Subject access requests are actioned by
fully trained and resourced staff and all
staff members are aware of the need
to support subject access requests, and
where in the organisation such
requests should be directed. The
procedure has been implemented
effectively to meet the statutory
deadlines.
2a All staff assigned responsibility for
processing subject access requests
have been appropriately resourced
and trained to do so.
• Subject access handler training All subject access handlers in the
Trust are required to complete the
following recommended modules
on the IGTT:-
• Access to Health Records
• Patient Confidentiality
Information Governance Staff Training Strategy (and Action Plan) v1 15
206 All staff members with the potential to
access confidential personal
information have been made aware of
the procedures. The procedures have
been implemented and appropriate
action is taken where confidentiality
processes have been breached.
2a All staff members with the potential
to access confidential personal
information have been informed
that monitoring and auditing of
access is being carried out, of the
need for compliance with
confidentiality and security
procedures and the sanctions for
failure to comply. Staff might be
informed through team meetings,
awareness sessions, staff briefing
materials, or staff may be provided
with their own copy of the
procedures.
• Confidentiality audit procedures
• SSSP Policies
A Confidentiality Audit Procedure
has been drafted and requires
approval by the HIAG.
Staff access controls are outlined
in the Trust’s SSSP Policies held by
the system administrators.
210 All staff members who may be
responsible for introducing changes to
processes or information assets have
been effectively informed about the
requirement to seek approval from the
appropriate group. All new
implementations follow the
documented procedure. Where the
proposed new process or information
asset is likely to involve a new use or
significantly change the way in which
personal data is handled, an
appropriate privacy impact assessment
is always carried.
2a All staff members that are likely to
introduce new information
processes or information assets are
effectively informed about the
requirement to obtain approval
from the IG forum (or equivalent) at
the proposal stage of the new
process or information asset. Staff
might be informed through team
meetings, awareness sessions, or
staff briefings.
• Privacy impact procedure / policy –
IG10
The Privacy Impact Assessment
Procedure & Checklist and the
Information Governance Policy for
New and Changed Systems,
Processes and Services (IG10) are
both published on the staff
intranet.
These are both under review.
300 There is an appropriate Information
Security framework in place with
adequate skills, knowledge and
experience to successfully co-ordinate
and implement the Information
Security agenda.
2b All staff assigned responsibility for
Information Security have been
appropriately trained to carry out
their role.
• Information security accreditation
certificate – recently updated
• Training attendance lists
• Training evaluation records
The Trust’s Information Security
Manager needs to refresh their
training security certificate. Last
training took place in 2006.
Information Governance Staff Training Strategy (and Action Plan) v1 16
302 The information security event
reporting and management procedures
have been communicated to
staff/relevant third parties.
2a The procedures have been
effectively communicated to staff
and third parties working on behalf
of or under contract to the
organisation, including the
importance of reporting
information security events and
near misses.
• Datix training sessions
• Datix training materials
• The Reporting of Serious IG Incidents
Policy (IG11)
• Incident/Near Miss Reporting and
Investigation Policy (Including Serious
Incidents. (RM04)
The Datix User Guides and
guidance on Datix training is
published via the staff intranet
web pages.
Both policies are published on the
staff intranet.
303 The RA policy, RA implementation plan
and business processes and procedures
have been implemented and operate
effectively.
2a The organisation has moved fully to
PBAC; the training needs of RA staff
have been analysed and a training
programme has been implemented
to ensure that all staff assigned
responsibility for managing and
implementing the RA function have
access to the latest software and RA
Process Guidance and are
appropriately trained to carry out
their role.
• RA Policy - Training needs analysis
documents, training attendance
certificates, training materials,
existing qualifications, e-learning
completion certificates or training
evaluation records.
Due the implementation of a new
national RA System the RA Policy is
yet to be refreshed.
Smart Card usage is referred to in
the Information Governance Staff
Handbook.
IGTK
Req.
IGTK Req. Level Key Message Examples of Evidence Required Delivery Method
304 The plan/procedure has been
implemented and all NHS Smartcard
users have been effectively informed
that NHS Smartcard usage will be
monitored, the need for compliance
and the sanctions for non-compliance.
2b The plan/procedure has been
implemented and all NHS Smartcard
users including new, temporary and
contract staff members are aware
that compliance with the terms and
conditions of NHS smartcard usage
is monitored and the procedures for
breach and disciplinary measures.
• RA Terms and conditions for usage
and compliance
Information Governance Staff Training Strategy (and Action Plan) v1 17
307 The SIRO and supporting Information
Risk Management leads (IAOs and
supporting staff) are appropriately
trained and conduct regular risk
reviews for all key assets.
2a The SIRO and all other staff assigned
responsibility for co-ordinating and
implementing information risk
management have been
appropriately trained to carry out
their role.
• IAO and IAA training certificates
• SIRO training certificates
All IAOS and IAAs are asked to
complete a range of
recommended modules every
three years on the IGTT. These
modules include:-
IAOs
• Introduction to
Information Governance
• NHS Information Risk
Management for SIROs
and IAOs
• NHS Information Risk
Management: Foundation
IAAs
• Introduction to
Information Governance
• NHS Information Risk
Management:
Introductory
• NHS Information Risk
Management: Foundation
Guidance about Information Asset
Training needs to be published on
the staff intranet so that staff
understand their role
responsibilities.
Information Governance Staff Training Strategy (and Action Plan) v1 18
3b The SIRO successfully completes
strategic information risk
management training at least
annually, which may be through the
modules in the NHS IG Training Tool
or through external training.
• IG Training Tool reports,
attendance certificates, formal
qualifications, or booking and
invoicing documentation for
external training.
The SIRO completes a range of
recommended modules annually
on the IGTT. These include:-
• Introduction to
Information Governance
• NHS Information Risk
Management for SIROs
and IAOs
• NHS Information Risk
Management: Foundation
• Secure Transfer of Data
• Security Guidelines
IGTK
Req.
IGTK Req. Level Key Message Examples of Evidence Required Delivery Method
308 Routine transfers of person identifiable
and sensitive information in all areas
have been identified, mapped and risk
assessed. All risks are appropriately
recorded in the risk register along with
the actions taken to secure the
information. IAOs (or equivalent) have
developed information agreements
and procedures to ensure transfers are
adequately protected, comply with
NHS Codes of Practice and NHS IG
standards and ensure their staff who
transfer or receive this information are
effectively informed of the procedure
which applies to the transfer method
they use.
2d Relevant staff (including post room
and reception staff) have been
effectively informed of the secure
transfer and receipt requirements
for person identifiable and sensitive
information.
• All post and reception staff
attendance training lists
All post room staff attend the IG
Staff Mandatory Training
Programme.
Signed signatures will need to be
collected for future training
requirements.
Information Governance Staff Training Strategy (and Action Plan) v1 19
309 Approved Business Continuity Plans are
in place for all critical Information
Assets and all staff are aware of their
roles and responsibilities. Information
Asset Owners (or equivalent) have
implemented approved procedures
and controls for their information
assets and have effectively informed all
relevant staff.
2c All relevant staff are made aware of
business continuity plans and any
implications for their role.
• Staff need to be informed of the
need to manage business
continuity plans for their
information assets.
The IG Lead, in conjunction with
the Business Continuity Manager,
will send out staff email
communication regarding BC
Planning.
The IG Lead will ask the BC
Manager to publish all BC
documentation on the staff
intranet.
311 The approved procedures and controls
for network security in respect of all
information networks controlled by the
organisation have been implemented.
2b The documented and approved
procedures and controls have been
made available at appropriate
points in the organisation and all
relevant staff have been informed
of their responsibilities to maintain
network security by complying with
them. Informing staff might be done
through team meetings, staff
briefings, awareness sessions and
by IT user induction training.
• Network security advice must be
provided to staff.
Staff guidance on network security
is highlighted in the IT and
Information Security Policy (OP06)
which is published on the staff
intranet.
314 All mobile or teleworkers are
appropriately approved, authorised
and made aware of
procedures/guidelines. Robust remote
access solutions and adequate
information security functionality for
mobile devices and removable media
has been provided.
2b Mobile or teleworkers are provided
with procedures / guidelines.
• Remote working procedures and
IT spec must be provided to staff.
The Trust’s remote working
procedures are highlighted in the
IT and Information Security Policy
(OP06) which is published on the
staff intranet.
Information Governance Staff Training Strategy (and Action Plan) v1 20
400 There is an appropriate Information
Quality and Records Management
framework in place with adequate
skills, knowledge and experience to
successfully co-ordinate and
implement the information quality and
records management agenda.
2b All staff assigned responsibility for
Information Quality and Records
Management Assurance have been
appropriately trained to carry out
their role.
• Training attendance courses and
lists for the records manager and
data quality leads.
The Health Records Manager is
required to complete a set of
modules on the IGTT. These
include:-
• Introduction to IG
• Records Management
and the NHS Code of
Practice
• Records Management in
the NHS
• The Importance of Good
Clinical Record Keeping
IGTK
Req.
IGTK Req. Level Key Message Examples of Evidence Required Delivery Method
400 • Patient Confidentiality
• Access to Health Records
The Data Quality Lead may need to
update the current DQ training
certificate as this dates back to
June 2008.
402 Data collection and validation activities
are regularly monitored. All staff
collecting and recording data are
effectively trained to do so and
dedicated staff take appropriate action
where errors and omissions are
identified.
2b Procedures have been made
accessible to all staff involved in
data collection activities.
• User Guide RTT Data Quality
Guide
The Medway and RTT Data Quality
Guides are published on the staff
intranet.
The Data Quality Strategy and
Action Plan published on the staff
intranet also outlines the Trusts
DQ requirements.
2c All staff entering data are effectively
trained to accurately collect and
record service user information,
check the information with an
appropriate source and report
errors or omissions.
• Training materials
• Attendance lists
• Staff briefings
Information is briefed to staff at
the Data Quality group meetings.
Information Governance Staff Training Strategy (and Action Plan) v1 21
404 The approach to auditing clinical
records has been implemented and all
staff are informed of their
responsibilities with regards to clinical
record keeping
2b Staff have been informed of their
responsibilities for clinical record
keeping (including clinical record
keeping standards, the standard
design and filing to be followed and
the importance of participating in
regular audit). Staff may be
informed through awareness
sessions, briefing materials or
training.
• Induction training sessions
• Staff briefing sessions
• Team news letters
• Staff guidance
Clinical recording is referred to in
the induction and mandatory
training programmes.
Safe Care have a staff webpage
but it is out of date now.
Safe Care newsletters used to be
communicated but these are
rarely done now.
406 There are documented and approved
procedures to monitor the availability
of paper health/care records, including
tracking records and tracing missing
records.
1a There are documented procedures
in place for monitoring paper
health/care record availability,
which includes measures to track
records removed from the records
storage area, to take appropriate
action when records are unavailable
and to trace missing records
• Tracking and tracing record
procedures
The Records Management Policy
(IG05) is currently under review to
take account of these
requirements.
The procedures for monitoring the
availability of paper health/care
records have been implemented and
action taken where availability of
records is considered poor
2a All relevant staff members have
been informed about the
procedures, and in particular of
their own responsibilities to comply
with the record tracking process,
and to appropriately report
unavailable or missing records.
Informing staff may be through
team meetings, awareness sessions,
staff briefings or training (e.g. on
induction or in specific training
programmes).
• Team meetings
• Training sessions
Records management training is
provided to all staff via the
induction process.
The Records Management Policy
(IG05) is available on the staff
intranet.
Information Governance Staff Training Strategy (and Action Plan) v1 22
IGTK
Req.
IGTK Req. Level Key Message Examples of Evidence Required Delivery Method
504 Documented procedures have been
developed for using local and national
benchmarking to identify possible data
quality issues.
1b There are documented procedures
for using local and national
benchmarking to identify possible
data quality issues including
analysing trends in information over
time and making comparisons
between periods.
• Data quality procedure for local
and national bench marking
These procedures are held by the
Information System Teams.
The procedures have been
implemented by appropriately trained
staff, and local and national
benchmarking is used to identify and
investigate data quality issues.
2a Appropriate staff members are
effectively trained to analyse and
investigate data quality issues.
• Data quality training sessions Clinical coders are trained to
identify incorrect data entries.
Data quality training requirements
are delivered via the data quality
and clinical team meetings.
506 Data quality is addressed as part of the
Information Lifecycle Management
Policy and reflected in the terms of
reference of a Data Quality
monitoring/review group. Service user
data accuracy audits are incorporated
into the organisation's audit plan.
1c Staff guidance on accuracy checking
has been publicised and distributed
to easily accessible locations
targeting all relevant staff.
• Data quality staff briefings
• Guidance published on the staff
intranet
• Procedures in a communal area
of a network for staff to access
DQ procedures are located on the
staff intranet and on the
communal network drive for the
systems team.
DQ issues are discussed at the DQ
and system meetings.
508 A strategy for involving clinical/care
staff in validating information derived
from the recording of clinical/care
activity has been developed.
1c Information has been publicised
and distributed to easily accessible
locations targeting all relevant staff.
• Staff guidance in the staff
internet
• Procedures in communal
networks
The Safe Care Risk Strategy is
publicised on the staff intranet.
Staff guidelines are also
highlighted in the Clinical Policy.
510 There is a programme of clinical coding
standards training conforming to
national standards for all clinical coding
staff entering coded clinical
information.
1a All clinical coding staff who assign
ICD-10 and OPCS-4 codes must
complete the e-learning packages ‘A
Basic Introduction to Clinical
Coding’ and ‘Anatomy and
physiology’ prior to attendance on
formal clinical coding standards
training, of no less than 21 days
duration, within 6 months of
commencing employment.
• Clinical coder training All clinical coders complete a
training programme every three
years.
Information Governance Staff Training Strategy (and Action Plan) v1 23
A programme of clinical coding
standards refresher training every
three years for all clinical coding staff
entering coded clinical information is in
place that conforms to national
standards. All clinical coders are
supported in gaining Accredited Clinical
Coder (ACC) status by passing the
National Clinical Coding Qualification
(UK).
2a All clinical coding staff who assign
ICD-10 and OPCS-4 codes must
attend a clinical coding standards
refresher course of no less than four
days duration every 3 years.
• Clinical coding certificates
• Staff attendee lists
• Evaluation reports
The Clinical Coders certificates
were refreshed in 2014.
2c The organisation supports all clinical
coders in gaining Accredited Clinical
Coder (ACC) status. National Clinical
Coding Qualification training is
based on national standards for ICD-
10 and OPCS-4 and is delivered by a
Clinical Classifications Service
approved clinical coding trainer.
• Clinical trainer training The Clinical Coder trainer
refreshed her certificate in Sept
2014.
IGTK
Req.
IGTK Req. Level Key Message Examples of Evidence Required Delivery Method
Clinical coders have attended clinical
coding specialty and update training
workshops when classification
revisions require
3a Clinical coding staff who assign ICD-
10 and OPCS-4 codes within the
organisation have attended all
specialty workshops relevant to
their work, and update training
workshops when classification
revisions require.
• Clinical coding staff training All clinical coding training was
refreshed in 2014. Refresh training
is every three years so the next
refresh is 2017.
601 The record management procedures
have been implemented. All staff
members have access to and have
been effectively informed of the
procedures.
1b Staff have been effectively informed
of the procedures and their
responsibilities. Staff might be
informed through team meetings,
awareness sessions, staff briefings,
or staff may be provided with their
own copy of the procedures.
• Procedures involved in the
naming, creation, filing and
referencing tracking and tracing
of corporate records.
Certain sections of the Records
Management Policy are currently
under review so it is aligned to the
requirements of this IGTK control.
Information Governance Staff Training Strategy (and Action Plan) v1 24
603 There are documented procedures for
FOIA 2000 compliance, which set out
clear responsibilities for responding to
information requests efficiently and in
accordance with the law. The ICO
model publication scheme has been
adopted and a guide to information has
been communicated to, and is
accessible by members of the public.
1b Formal FOI procedures have been
publicised and distributed to easily
accessible locations targeting all
relevant staff.
• Staff FOI Policy/Procedures Staff guidance about FOI is
published on the staff intranet.
All staff members are aware of their
responsibility to support requests for
information, and are aware of where in
the organisation such requests should
be directed. Front-line staff members
are provided with more detailed
guidance about the procedure to
follow. Staff in areas where requests
are ultimately managed are provided
with comprehensive training.
2a Staff members are effectively
informed of the need to support
requests for information. Staff
might be informed through team
meetings, awareness sessions or
staff briefings, or staff may be
provided with their own copy of the
procedure.
• Staff FOI training details
• Training certificates
• Attendees lists
In March 2015 all the FOI Co-
ordinators attended a one off FOI
training session that was delivered
by Dyllis Jones Ltd.
In June 2014, a 2 hour in-house
FOI training session was delivered
to the Directors and Associate
Directors of the Trust.
2c Comprehensive staff training has
been provided for staff working in
areas where FOI requests are
managed.
• Staff FOI training details
• Training certificates
All staff affected by the Trust’s
legal obligations to deliver FOI
training have been trained in 2015.
Information Governance Staff Training Strategy (and Action Plan) v1 25
Appendix 2: DoH IG Staff Training Needs Assessment Matrix
Depending on the designated role, staff inevitably have different levels of IG responsibilities in respect of patient confidentiality, protecting and securing data and
preserving the information security of data. Staff may have established working routines and practices that may need to be challenged or improved. The NHS
Mandatory Information Governance Training Tool provides a range of IG training modules at a basic, intermediate and advanced level for staff who are required to
have sufficient knowledge in order to perform well in their role. The below matrix outlines the Department of Health expected IG training requirements per
designated staff role.
IGTT Course SIRO Caldicott
Guardian
IG Lead Informatio
n Security /
Risk
Manager
Informatio
n Asset
Owners
(IAOs)
Information
Asset
Administrat
ors (IAAs)
Health
Records
Manage
r
Clinical
Staff
Admin
Staff
Governing
Body
Access to Information and Information Sharing in the
NHS
Access to Health Records R
Business Continuity Management R R R R
Information Governance for Medical Secretaries
Information Governance for Pharmacy Staff
Information Governance – The Beginner’s Guide
Information Governance – The Refresher Module R R
Information Security Guidelines R R R R
Information Security Management R R R R
Introduction to Information Governance M M M M M M M M M M
NHS Information Risk Management for SIROs and IAOs R R R R R R
NHS Information Risk Management: Foundation R R
NHS Information Risk Management: Introductory R R R R R R
Password Management R
Patient Confidentiality R R
Records Management and the NHS Code of Practice R R R R
Records Management in the NHS R R
Secure Handling of Confidential Information R
Secure Transfers of Personal Data R R R R R R R R R
The Caldicott Guardian in the NHS and Social Care R R R R
The Importance of Good Record Clinical Keeping R R
Information Governance Staff Training Strategy (and Action Plan) v1 26
Appendix 3: Gateshead Health NHS Foundation Trust IG Staff Training Needs Assessment Matrix
The Trust has conducted a training needs assessment of all designated roles across the Trust. Taken into consideration guidance provided by the DoH and the
HSCIC the TNA recommended the following IGTT modules be completed as additional training per specific role.
IGTT Course SIRO Caldicott
Guardian
IG Lead Informatio
n Security
Manager
Informatio
n Asset
Owners
(IAOs)
Informatio
n Asset
Administra
tors (IAAs)
Health
Records
Manage
r
Clinical
Staff
Admin
Staff
Governing
Body
Access to Information and Information Sharing in the
NHS
R R
Access to Health Records R
Business Continuity Management R R R R R R
Information Security Guidelines M M M R R R
Information Security Management R M R R R R
Introduction to Information Governance M M M M M M M M M M
IG – Refresher Module
NHS Information Risk Management for SIROs and IAOs M R M M M R R
NHS Information Risk Management: Foundation M R R M M
NHS Information Risk Management: Introductory R R R R M R
Password Management R R R R R R R
Patient Confidentiality R M R R R R R R R R
Records Management and the NHS Code of Practice R R R R R R
Records Management in the NHS R R
Secure Handling of Confidential Information R R R R R R R R R R
Secure Transfers of Personal Data M M M M M M M M M M
The Caldicott Guardian in the NHS and Social Care M R R R
The Importance of Good Record Clinical Keeping R R
Information Governance Staff Training Strategy (and Action Plan) v1 27
Appendix 4: IG Staff Mandatory Training Programme for Specialised Roles Summary
The Mandatory Information Governance training programme requires staff in specialist roles to undertake the
following training within 3 months of taking up their post. Access to the modules is via the HSCIC e-learning IG
Training Tool at:- https://www.igtt.hscic.gov.uk/igte/index.cfm
Role Information Governance Toolkit Training Approx. to
Complete
Frequency
SIRO Introduction to Information Governance
NHS Information Risk Management: Foundation
NHS Information Risk Management for SIROs and IAOs
Secure Transfer of Data
Information Security Guidelines
1 hour
1 hour
1 hour
1.5 hours
1 hour
Annually
Caldicott
Guardian
Introduction to Information Governance
The Caldicott Guardian in the NHS and Social Care
Patient Confidentiality
1 hour
1 hour
1 hour
3 years
Trust Secretary
(who covers
corporate
records)
Introduction to Information Governance
Information Security Guidelines
Secure Transfers of Personal Data
NHS Information Risk Management for SIROs and IAOs
Records Management and the NHS Code of Practice
Patient Confidentiality
1 hour
1 hour
1.5 hours
1 hour
0.5 hour
1 hour
3 years
Information
Governance
Lead
Introduction to Information Governance
Information Security Guidelines
Information Security Management
Secure Transfers of Personal Data
NHS Information Risk Management for SIROs and IAOs
Access to Health Records
Patient Confidentiality
Business Continuity Management
Access to Information and Information Sharing
1 hour
1 hour
1 hour
1.5 hours
1 hour
0.5 hours
1 hour
1 hour
3 years
IT and
Information
Security
Manager
Introduction to Information Governance
Information Security Guidelines
Password Management
Secure Transfers of Personal Data
NHS Information Risk Management: Foundation
NHS Information Risk Management for SIROs and IAOs
Business Continuity Management
Patient Confidentiality
1 hour
1 hour
0.5 hours
1.5 hours
1 hour
1 hour
1 hour
1 hour
3 years
Head of
Information
and Data
Quality
Introduction to Information Governance
NHS Information Risk Management: Foundation
NHS Information Risk Management for SIROs and IAOs
Business Continuity Management
1 hour
1 hour
1 hour
1 hour
3 years
Health Records
Manager
Introduction to Information Governance
Records Management and the NHS Code of Practice
Records Management in the NHS
The Importance of Good Clinical Record Keeping
Access to Health Records
Patient Confidentiality
1 hour
0.5 hours
0.5 hours
0.75 hours
0.5 hours
1 hour
3 years
Subject Access
Request
Handlers (SARS)
Introduction to Information Governance
Access to Health Records
Patient Confidentiality
1 hour
0.5 hours
1 hour
3 years
Information Governance Staff Training Strategy (and Action Plan) v1 28
Role Information Governance Toolkit Training Approx. to
Complete
Frequency
RA Manager Introduction to Information Governance
1 hour
3 years
Clinical
Manager
Introduction to Information Governance
The Importance of Good Clinical Record Keeping
1 hour
0.75 hours
3 years
IAO Introduction to Information Governance
NHS Information Risk Management for SIROs and IAOs
NHS Information Risk Management: Foundation
1 hour
1 hour
1 hour
3 years
IAA Introduction to Information Governance
NHS Information Risk Management: Introductory
NHS Information Risk Management: Foundation
1 hour
1 hour
1 hour
3 years
Information Governance Staff Training Strategy (and Action Plan) v1 29
Appendix 5: Staff Guidance for using the HSCIC IG Training Tool (IGTT)
The IG Training Tool (IGTT) is a national NHS online training tool provided by the Health and Social Care
Information Centre (HSCIC) that focuses on all aspects of Information Governance (IG). The Trust uses
this system to roll out specialised IG staff training to designated roles who need to develop and improve
their working knowledge and skill set within their own service areas, to support the provision of high
quality health care. To complete the relevant training module that applies to your designated role
please complete the following steps:-.
1. The online IG training tool can be accessed at:
https://www.igtt.hscic.gov.uk/igte/index.cfm
2. To register as a new user:-
• Select “Register Now”.
• When the organisation box appears type in the Gateshead’s Trust code – RR7.
• From this point onwards you will be asked a series of security questions. Please
complete these as normal. You will be asked these questions if you need to
request a new password.
• Once completed the system will generate a password which will be sent to you in further
email communication.
3. To access the training modules:-
• Log back into the system using your username and password. Your log in details will be as follows:-
o Username: this is the email address you registered with – most likely your Gateshead email address: [email protected]
o Password: this is the password you were given or changed when you registered.
• Select the “Learning Tools” from the top menu tab.
• Select the module you wish to complete and then select “Launch”.
• Each assessment must be finished in one session or your score will not be recorded. The “Learn all about it” section contains a “bookmarking function”,
which remembers where you left off in case you need to leave the module and finish it later.
The module pass rate is 80%.
• Please print the certificate when you pass the course and save it somewhere save. This evidence will illustrate you completed the module.
4. Forgotten Password
Select “Reset my password”. This will generate an email to you to change your password.
5. Still Can’t Access the Site
Contact the IG Team on 0191 445 5680 for further assistance. Please note the system may be difficult to log into during busy periods.
Information Governance Staff Training Strategy (and Action Plan) v1 30
Appendix 6: Information Governance Letter and IG Spot Check Questionnaire
Dear Manager,
As part of the Trust’s IG Toolkit assessment we are required to carry out quarterly IG spot checks. This will
involve you:-
• Completing the attached pre-spot check IG questionnaire;
• Attending an IG spot-check meeting with the IG Lead on an agreed date.
Your department has been selected for a scheduled IG spot check as part of a random selection of
departments across the Trust on………………………Please advise if you will be available on this day.
The spot checks are not intended to catch anybody out but rather to identify any areas that we, as a Trust,
need to review in order to ensure that we are compliant with the various areas of the Information Governance
framework.
As you are the nominated IAA (Information Asset Administrator) for this area I would like to arrange to visit
your team in order to carry out the spot check with you. The check itself should take only around 30 minutes
to complete and the results will be reported back to you and the relevant IAO (Information Asset Owner)
together with any action plan and recommendations.
I would therefore be grateful if you could contact me asap in order to arrange a suitable time for me to visit
the team. The visit will need to be carried out before (add date)……………………………………..
If the above date is not suitable then please advise asap.
Pre-Spot Check IG Questionnaire
The following pre-spot check IG questionnaire should take only about ten minutes to complete:-
Administration
1. How many staff do you have managerial responsibility for?
2. Of these, how many staff have completed their information governance training in the last 12 months?
Safehaven Procedures
3. Do you implement a clear desk policy? Yes No
4. Are staff informed about the Trust’s Safehaven Procedure in the first week of induction?
Yes No
5. Do you use a fax machine? Yes No
6. If yes to 5, does the fax machine provide a receipt facility? Yes No
7. Do staff ring the person once the fax has been received? Yes No
Information Governance Staff Training Strategy (and Action Plan) v1 31
Transferring PID
8. How do staff send personal/patient identifiable data to external bodies and agencies? (Please provide
details of courier and email requirements?
9. If you use a courier are audit trails in place? Yes No
Fair Processing
10. Do you collect personal data from staff and patients? Yes No
11. If yes to 10, are patients informed of how their data will be used and shared?
Access
12. If staff handle personal data in paper format is access restricted to those who only have a need for
access? (Please advise how access is controlled for e.g. key codes, locked storage/cupboard/desk draw
facilities, sign in and sign out access.)
13. Are staff in the department advised about the issues covering patient confidentiality?
Yes No
14. Are all IT devices used in the department encrypted? For e.g. laptops, Ipads, ipods etc.
Yes No
Remote Working
15. Do staff take patient records home? Yes No
16. If yes to 15, please explain why?
Information Governance Staff Training Strategy (and Action Plan) v1 32
Records Management
17. Do paper records ever leave the department? Yes No
18. If yes to 17, are there record tracking processes in place? Yes No
Research
19. What is the process for using patient data for research processes within the team? Is this approved?
IG Incidents
20. Are IG and IT incidents reported via Datix as soon as they occur? Yes No
Caldicott Guardian
21. Do you know who the Trust Caldicott Guardian is? Please confirm.
Please email us your completed questionnaire back to:- [email protected]
If you do not have an email facility, please send it to us in the internal post to the following address:-
Information Governance Team
Bensham Hospital
Saltwell Road | Gateshead
NE8 4YL
Tel. No. 0191 445 5680
Information Governance Staff Training Strategy (and Action Plan) v1 33
Appendix 7: IG Staff Training and Comms Action Plan 2015-2017
New Starters
All new starters will be informed of their IG responsibilities through the following communication tools:-
Target
Audience
Briefing Type Frequency When Distribution
Method
New Staff IG Induction Briefing Pack –
hand-outs and presentation
Once Induction Process Via email by O&D
New Staff IG Induction Training for all new
starters – staff, doctors,
consultants, volunteers etc.
Once Induction Process IG Team -
presentation by
the IG Lead
New Staff Employment Contracts Once When staff start O&D
New Staff Confidentiality Statements for all
types of contracts
Once When staff start O&D
New Staff Corporate Staff Handbook –
Code of Conduct
Once Induction Process Via email by O&D
New Staff The provision of the IG Staff
Handbook
Once When staff start O&D
Current Workforce
Current staff of the Trust will be informed of their legal IG responsibilities through information cascaded
through the following communication tools below:-
Target
Audience
Briefing Type Frequency When Distribution
Method
All Staff IG Annual Staff Mandatory
Training Programme
Annually At a chosen period
in the year
IG Team
Presentation / E-
learning IG
module
All Staff Team Briefs by Service Line
Managers
Weekly Weekly Delivered by
Service Line
Manager
All Staff Division news letters (for
specialised areas)
As and when
required
When required Via email by the
IG Team
All Staff Articles in the Trust’s QE Weekly Quarterly When availability
exists
Via email by the
IG Team
All Staff Staff emails – only for serious
issues as the QE Comms Weekly
is the main vehicle for staff
communication
As and when
required
As and when
required
Via email by the
Comms Team
All Staff An Information Governance Hub
– dedicated staff Intranet pages
on information governance
Available
continuously
Periodically
reviewed
IG intranet pages
All Staff The Trust’s IG framework of
policies and procedures
Available
continuously
Periodically
reviewed
IG intranet pages
Service
Line
Managers
The use of dashboards i.e. for IG
Training etc.
Available
continuously
All the time Intranet
All Staff Screensaver alerts on desk tops As and when
required
Following a
security incident
Desk Top
Screensavers