Information Governance

Tutor:

© Training Innovations Ltd 2015 Last updated: 21.08.15

What you will learn in this session?

1. Principles of Information Governance and their application to health and social care organisations

2. Accessing Information Governance resources including national legislation, guidance and local policies & procedures

3. Health and social care organisations’ responsibilities4. Protection of an individual’s confidentiality

and the Caldicott Principles5. How to practice and promote a confidential service6. Principles of ensuring and maintaining good client records7. Recognising / responding to Freedom of Information requests8. Keeping Information Secure

What is Information Governance?

Information Governance is about how health and social care organisations and their employees must handle sensitive information IG is to do

with how NHS/Social Care organisations

and individuals handle information

Slide 4 of 21

A framework of legal and ethical principles that apply when sensitive information is collected, processed and shared

What is Information Governance?

ExcellentCare is built on a

Foundation ofconfidence

& trust

Howorganisations

& individuals handlepersonal & sensitive

information

Principlesof Law

andbest practice

Different Data Sets: • Personal & Sensitive (Healthcare records) • Person based & anonymous (Research data) • Corporate (Trust Financial Accounts)

What is Information?

Personal

Sensitive

Corporate

Examples Name, Address,

Date of Birth,Next of Kin

Ethnicity, Diagnosis, Illness & Disorders, Sexual Orientation

Minutes of Meetings, Employee Details, Financial Information

Why is Information Governance so important?

For patients and service users

Information is critical for safe, timely and effective care

Information is sensitive Excellent healthcare

is built on a foundation of confidence & trust

Why is Information Governance so important?

For an employee

Sensitive information Ethical and legal

responsibility of every employee

Information must be: accessed, used & shared appropriately

Why is Information Governance so important?

For a health or social careorganisation

Ethical and legal responsibility of every organisation

Breaches of confidentiality costs money and reputation

Information Governance requirements for health & social care organisations

; Trust policies, guidelines and proceduresAll information must be:

– H eld securely and confidentially– O btained fairly and efficiently– R ecorded accurately and reliably – U sed effectively and ethically – S hared appropriately and lawfully

Common Law Duty of Confidentiality

Computer Misuse Act 1990

Data Protection Act 1998

The Human Rights Act 1998

The Freedom of Information Act 2000

People have legal rights through common law to confidentiality

It is an offence to access / attempt to access computer systems without appropriate authorisation

States legal obligations for the collection, use, sharing and disclosure of personal information

Enshrines a basic human right for all to have the right to privacy

Allows the public to request information held by Public Authorities

The Law and Information Governance

Information Security Standards – ISO/IEC 17799: 2005 and IS Management NHS Code of Practice

The NHS Confidentiality Code of Practice

The Records Management NHS Code of Practice

Information Quality Assurance

Standards, Policies &Codes of Practice

Slide 12 of 21

The Caldicott principles must be used when accessing and using Patient Identifiable Information (PID) or confidential information and which must be maintained by all healthcare organisations. Justify the purpose of using confidential information Only use it when absolutely necessary Use the minimum information required Allow access on a strict need-to-know basis Always understand your responsibility Understand and comply with the law The duty to share information can be as important as the duty to protect

patient confidentiality

Always follow the Caldicott Principles

• Q. Who is a Caldicott Guardian?• A. A senior person in the organisation responsible for • ensuring the Caldicott principles are applied and

maintained

• Q. Are you unsure whether to disclose? • A. Don’t disclose

• Ask your manager or the Caldicott Guardian•   

Caldicott Guardians

Individuals have the right to access sensitive information including paper, computer records and other related information

Patients can request access to their medical record

Employees can request access to their personal records

Subject Access Requests

What is a Freedom of Information (FOI) Request?

A request for official information held by Public Bodies such as hospital trusts

Public have a right to access/view all non-personal, public authority information

Purpose is to promote openness & accountability Requests must be made in writing There are Exemptions Law requires that any FOI request

must receive a response within 20 days

Direct Freedom of Information requests to the Lead in your Organisation

Dear FOI Lead, I have recently undergone an operation on my hip at your Trust and would like to see all the notes in my health record regarding this period of care. Please give me an indication of when this information can be provided to me. Yours sincerely Mrs A Smith

Can you recognise a Freedom of Information (FOI) Request?

Dear Sir/Madam, I would like to know how much the Trust is spending on the new A&E unit due to be completed in March 2014.I would like a list of the new medical and non medical equipment being purchased for this unit. Yours sincerely Daniel Radcliffe MP

Slide 17 of 21

Duty of Confidence

You have a legal duty to protect and maintain confidentiality

There’s a confidentiality clause in your contract of employment

You have a professional duty of confidence It’s in your Code of Professional Conduct

Duty of Confidence

Be careful and cautious when answering the telephone: Callers request information under false pretences Requests for information need to be verified If possible, always obtain requests in writing

Are you unsure? Don’t discloseAsk your manager or the Caldicott Guardian who’s responsible for ensuring confidentiality

Slide 19 of 21

Good Quality Record Keeping

Does a record already exist? Records must be clear, factual, accurate & complete Can everybody else read them? Complete them quickly! Make sure they dated, timed and signed Keep information up-to-date Store them safely

Read them, check them, then check again!

Good Quality Record Keeping

Check the minimum period records have to be retained

Are you deleting records? If so check the organisation’s Disposal of Records Policy and Procedures

Information security is about ensuring information is: Protected and secure Reliable Available to authorised

users only

Your responsibilities are to ensure: Records are correctly stored Passwords are kept secure Report inappropriate

disclosures Safe Haven processes when

faxing are used Delete spam mail without

opening You don’t download

unauthorised software You use IT equipment correctly

Information Security

Any breaches of data security, no matter how small must be reported

Information Security – A serious matter

Organisations have systems in place to monitor the access, use of systems and information by staff

Failure to comply with legal obligations or organisational policy & guidelines could mean disciplinary and legal action being taken

Your Responsibilities

DO Protect an individual’s information Be aware of national & local

information, Policy & Procedures Inform patients how information

is used and when it may be disclosed

Help to improve the way organisation protects information

Report any suspected or actual breaches of information security

Seek advice from the appropriate leads if you have any Information Governance concerns

DON’T Send confidential, person-

identifiable data without applying the required encryption/security measures

Store Personal/Sensitive information on unencrypted and unauthorised portable devices

Disclose confidential information with unauthorised people

Leave person-identifiable data (PID) unattended or in vehicles

Access inappropriate websites Use an organisation's equipment or

information to promote private business or for financial gain

Useful sources of Information and links

Further adviceContact your local Information Governance Manager or Lead

Useful Links Information Commissioners Office

www.ico.org.uk/

Connecting for Health Toolkit www.igt.hscic.gov.uk/

• Any questions?• Please take some time to complete the course

evaluation - Thank you…• patrickdoyle@traininginnovations.co.uk• Twitter: @Traininnovate• Facebook:

https://facebook.com/pages/Training-Innovations-Ltd

• http://www.slideshare.net/TInnovations