Upload
patrick-doyle
View
400
Download
1
Embed Size (px)
Citation preview
Information Governance
Tutor:
© Training Innovations Ltd 2015 Last updated: 21.08.15
What you will learn in this session?
1. Principles of Information Governance and their application to health and social care organisations
2. Accessing Information Governance resources including national legislation, guidance and local policies & procedures
3. Health and social care organisations’ responsibilities4. Protection of an individual’s confidentiality
and the Caldicott Principles5. How to practice and promote a confidential service6. Principles of ensuring and maintaining good client records7. Recognising / responding to Freedom of Information requests8. Keeping Information Secure
What is Information Governance?
Information Governance is about how health and social care organisations and their employees must handle sensitive information IG is to do
with how NHS/Social Care organisations
and individuals handle information
Slide 4 of 21
A framework of legal and ethical principles that apply when sensitive information is collected, processed and shared
What is Information Governance?
ExcellentCare is built on a
Foundation ofconfidence
& trust
Howorganisations
& individuals handlepersonal & sensitive
information
Principlesof Law
andbest practice
Different Data Sets: • Personal & Sensitive (Healthcare records) • Person based & anonymous (Research data) • Corporate (Trust Financial Accounts)
What is Information?
Personal
Sensitive
Corporate
Examples Name, Address,
Date of Birth,Next of Kin
Ethnicity, Diagnosis, Illness & Disorders, Sexual Orientation
Minutes of Meetings, Employee Details, Financial Information
Why is Information Governance so important?
For patients and service users
Information is critical for safe, timely and effective care
Information is sensitive Excellent healthcare
is built on a foundation of confidence & trust
Why is Information Governance so important?
For an employee
Sensitive information Ethical and legal
responsibility of every employee
Information must be: accessed, used & shared appropriately
Why is Information Governance so important?
For a health or social careorganisation
Ethical and legal responsibility of every organisation
Breaches of confidentiality costs money and reputation
Information Governance requirements for health & social care organisations
; Trust policies, guidelines and proceduresAll information must be:
– H eld securely and confidentially– O btained fairly and efficiently– R ecorded accurately and reliably – U sed effectively and ethically – S hared appropriately and lawfully
Common Law Duty of Confidentiality
Computer Misuse Act 1990
Data Protection Act 1998
The Human Rights Act 1998
The Freedom of Information Act 2000
People have legal rights through common law to confidentiality
It is an offence to access / attempt to access computer systems without appropriate authorisation
States legal obligations for the collection, use, sharing and disclosure of personal information
Enshrines a basic human right for all to have the right to privacy
Allows the public to request information held by Public Authorities
The Law and Information Governance
Information Security Standards – ISO/IEC 17799: 2005 and IS Management NHS Code of Practice
The NHS Confidentiality Code of Practice
The Records Management NHS Code of Practice
Information Quality Assurance
Standards, Policies &Codes of Practice
Slide 12 of 21
The Caldicott principles must be used when accessing and using Patient Identifiable Information (PID) or confidential information and which must be maintained by all healthcare organisations. Justify the purpose of using confidential information Only use it when absolutely necessary Use the minimum information required Allow access on a strict need-to-know basis Always understand your responsibility Understand and comply with the law The duty to share information can be as important as the duty to protect
patient confidentiality
Always follow the Caldicott Principles
• Q. Who is a Caldicott Guardian?• A. A senior person in the organisation responsible for • ensuring the Caldicott principles are applied and
maintained
• Q. Are you unsure whether to disclose? • A. Don’t disclose
• Ask your manager or the Caldicott Guardian•
Caldicott Guardians
Individuals have the right to access sensitive information including paper, computer records and other related information
Patients can request access to their medical record
Employees can request access to their personal records
Subject Access Requests
What is a Freedom of Information (FOI) Request?
A request for official information held by Public Bodies such as hospital trusts
Public have a right to access/view all non-personal, public authority information
Purpose is to promote openness & accountability Requests must be made in writing There are Exemptions Law requires that any FOI request
must receive a response within 20 days
Direct Freedom of Information requests to the Lead in your Organisation
Dear FOI Lead, I have recently undergone an operation on my hip at your Trust and would like to see all the notes in my health record regarding this period of care. Please give me an indication of when this information can be provided to me. Yours sincerely Mrs A Smith
Can you recognise a Freedom of Information (FOI) Request?
Dear Sir/Madam, I would like to know how much the Trust is spending on the new A&E unit due to be completed in March 2014.I would like a list of the new medical and non medical equipment being purchased for this unit. Yours sincerely Daniel Radcliffe MP
Slide 17 of 21
Duty of Confidence
You have a legal duty to protect and maintain confidentiality
There’s a confidentiality clause in your contract of employment
You have a professional duty of confidence It’s in your Code of Professional Conduct
Duty of Confidence
Be careful and cautious when answering the telephone: Callers request information under false pretences Requests for information need to be verified If possible, always obtain requests in writing
Are you unsure? Don’t discloseAsk your manager or the Caldicott Guardian who’s responsible for ensuring confidentiality
Slide 19 of 21
Good Quality Record Keeping
Does a record already exist? Records must be clear, factual, accurate & complete Can everybody else read them? Complete them quickly! Make sure they dated, timed and signed Keep information up-to-date Store them safely
Read them, check them, then check again!
Good Quality Record Keeping
Check the minimum period records have to be retained
Are you deleting records? If so check the organisation’s Disposal of Records Policy and Procedures
Information security is about ensuring information is: Protected and secure Reliable Available to authorised
users only
Your responsibilities are to ensure: Records are correctly stored Passwords are kept secure Report inappropriate
disclosures Safe Haven processes when
faxing are used Delete spam mail without
opening You don’t download
unauthorised software You use IT equipment correctly
Information Security
Any breaches of data security, no matter how small must be reported
Information Security – A serious matter
Organisations have systems in place to monitor the access, use of systems and information by staff
Failure to comply with legal obligations or organisational policy & guidelines could mean disciplinary and legal action being taken
Your Responsibilities
DO Protect an individual’s information Be aware of national & local
information, Policy & Procedures Inform patients how information
is used and when it may be disclosed
Help to improve the way organisation protects information
Report any suspected or actual breaches of information security
Seek advice from the appropriate leads if you have any Information Governance concerns
DON’T Send confidential, person-
identifiable data without applying the required encryption/security measures
Store Personal/Sensitive information on unencrypted and unauthorised portable devices
Disclose confidential information with unauthorised people
Leave person-identifiable data (PID) unattended or in vehicles
Access inappropriate websites Use an organisation's equipment or
information to promote private business or for financial gain
Useful sources of Information and links
Further adviceContact your local Information Governance Manager or Lead
Useful Links Information Commissioners Office
www.ico.org.uk/
Connecting for Health Toolkit www.igt.hscic.gov.uk/
• Any questions?• Please take some time to complete the course
evaluation - Thank you…• [email protected]• Twitter: @Traininnovate• Facebook:
https://facebook.com/pages/Training-Innovations-Ltd
• http://www.slideshare.net/TInnovations