INFORMATION GOVERNANCE POLICY

(1)

NWAS Information Governance Policy Page: Page 1 of 10 Author: Assistant Director of Health

Informatics Version: 1.3

Date of Approval: 8th January 2014 Status: Final

Date of Issue: January 2014 Date of Review February 2015

INFORMATION GOVERNANCE

POLICY

(2)

NWAS Information Governance Policy Page: Page 2 of 10 Author: Assistant Director of Health

Date of Approval: 8th January 2014 Status: Final

Date of Issue: January 2014 Date of Review February 2015

Recommended by Information Governance Management

Group

Approved by Quality Committee

Approval date 8th January 2014

Version number 1.3

Review date February 2015

Responsible Director Director of IM&T

Responsible Manager (Sponsor) Assistant Director of Health informatics

(3)

Information Governance Policy Page: Page 3 of 10 Author: Assistant Director of Health

Date of Approval: 8th January 2014 Status: Final Date of Issue: 8th_{January 2014} _{Date of Review} _{February 2015}

CHANGE RECORD:

Version Date of change Date of release Changed by Reason for change

1.0 22/11/2007 17/12/2007 C Gresty Document creation

1.0 06/02/2008 30/02/2008 P Graham Trust Board Approval

1.1 24/02/2011 03/03/2011 K Cushion Annual Review and Trust Board Approval

1.2 13/09/2012 14/11/2012 C Gresty Annual Review

(4)

Foreword

The objectives of this policy are as follows:

 To ensure that all staff are aware of and understand the standards that NWAS expects and

requires in relation to Information Governance and to clarify the Trust’s position with regard to this environment;

 To define responsibilities relating to Information Governance;

 To clarify applicable legal requirements;

 To ensure consistent working practises throughout the Trust;

This policy will form part of the working practice of staff in order to promote awareness and good practice.

It is the intention that this policy and associated documents will be reviewed and updated following any major changes to legislation and/or applicable policy or every 12 months, whichever is sooner.

The policy has been produced in consultation with relevant groups and approved by the Trust Board.

Staff wishing to discuss or having any questions about this policy should contact the Assistant Director of Health Informatics through the IM&T Service Desk or write to / email:

Assistant Director of Health Informatics Trust Headquarters

Ladybridge Hall Chorley New Road Bolton

(5)

Contents Page 1. Background 6 2. Summary 6 3. Policy Statement 6 3.1 Patients 6 3.2 Healthcare Professionals 7

3.3 Policy makers and manager 7

3.4 The Public 7

4. Legislation and NHS Guidance 7

5. Principles 7

5.1 Openness 8

5.2 Legal Compliance 8

5.3 Information Security 9

5.4 Information Quality Assurance 9

(6)

1. BACKGROUND

Equity and excellence: Liberating the NHS sets out a vision of patients at the heart of the NHS through an information revolution, which depends on transforming the way information is accessed, collected, analysed and used. It is part of the Government’s agenda to create a revolution for patients - “putting patients first” - giving people more information and control and greater choice about their care

Compliance with the Data Protection Act 1998 and requirements of the Caldicott report, ‘For the Record’ HSC 199/053 and the regulations and guidelines inherent within the above documents must be undertaken by all NHS Trusts.

2. SUMMARY

Information is a vital asset, both in terms of the clinical management of individual patients and the efficient management of services and resources. It plays a key part in clinical governance, service planning and performance management.

Information Governance is concerned with the way NHS organisations handles information about patients/clients and employees, in particular personal and sensitive information. It allows organisations and individuals to ensure that personal information is dealt with legally, securely, efficiently and effectively in order to deliver the best possible care.

Information Governance is a framework that brings together all of the requirements, standards and best practice that apply to the handling of personal information. It is therefore of paramount importance to ensure that information is efficiently managed, and that appropriate policies, procedures and management accountability and structures provide a robust governance framework for information management.

3. POLICY STATEMENT

The North West Ambulance Service NHS Trust is committed to meeting the information needs of:

3.1 Patients

Patients and their carers have a right to know more about their condition, the treatments they are undergoing and the likely outcomes. It is the responsibility of the ambulance trust to ensure this information is accurate and reliable and easily available to patients upon request.

(7)

3.2 Healthcare Professionals

Fast, reliable and accurate information about the individual patient within their care, the information should be available to support them in the evaluation of the care they give, underpinning clinical governance, planning and research and helping within their continual professional development.

3.3 Policy makers and managers

Good quality information should be available to them to help them better target and use the resources deployed in the ambulance trust and to improve the quality of life of patients and local communities.

3.4 The public

Information available to the residents of the North West region should be as accurate and up to date as possible.

4. LEGISLATION AND NHS GUIDANCE

Recent legislation is having a significant effect on Information Governance in NHS organizations. The ambulance trust must ensure that all policies and procedures are fully compliant with legislation and NHS guidance on the management of information, including:

 Public Records Act 1958 and 1967;

 Access to Health Records Act 1990;

 Data Protection Act 1998;

 Freedom of Information Act 2000;

 HSC 1999/053: For the Record: Managing Records in NHS Trusts and Health Authorities;

 Caldicott Review of Patient Identifiable Information 1997;

 HSC 1999/012: Caldicott Guardians;

 NHS Litigation Authority Risk Management Standards 2012-2013;

 NHS Information Authority Information Governance Toolkit 2003; and

BS ISO/IEC 27002:2005

 Care Quality Commission

5. PRINCIPLES

The North West Ambulance Service recognizes the need for an appropriate balance between openness and confidentiality in the management and use of information. The ambulance trust fully supports the principles of corporate governance and recognizes its public accountability, but equally places importance on the confidentiality of, and the security arrangements to safeguard, both personal information about patients and staff and commercially sensitive information.

(8)

The ambulance trust also recognises the need to share patient information with other health organisations and other agencies in a controlled manner consistent with the interests of the patient and in some circumstances, the public interest.

The ambulance trust believes that accurate, timely and relevant information is essential to deliver the highest quality health care. As such, it is the responsibility of all clinicians and managers to ensure and promote the quality of information and to actively use information in decision-making processes.

There are 4 key interlinked strands to the Information Governance Policy:

• Openness

• Legal compliance

• Information security

• Quality assurance

5.1 Openness

• Non-confidential information on the ambulance trusts and its services should be

available to the public through a variety of media.

• The ambulance trust will establish and maintain policies to ensure compliance

with the Freedom of Information Act.

• The ambulance trust will undertake or commission annual assessments and audits

of its policies and arrangements for openness.

• Patients should have ready access to information relating to their own

healthcare, their options for treatment and their rights as patients.

• The ambulance trust will have clear procedures and arrangements for liaison with

the press and broadcasting media.

• The ambulance trust will have clear procedures and arrangements for handling

queries from patients and the public.

5.2 Legal Compliance

• The ambulance trust regards all identifiable personal information relating to

patients as confidential.

of its compliance with legal requirements.

• The ambulance trust regards all identifiable personal information relating to staff

as confidential except where national policy on accountability and openness requires otherwise.

• The ambulance trust will establish and maintain policies to ensure compliance

with the Data Protection Act, Human Rights Act and the common law duty of confidentiality.

(9)

• The ambulance trust will establish and maintain policies for the controlled and

appropriate sharing of patient information with other agencies, taking account of relevant legislation (e.g. Health and Social Care Act, Crime and Disorder Act, Protection of Children Act).

5.3 Information Security

• The ambulance trust will establish and maintain policies for the effective and

secure management of its information assets and resources.

of its information and IT security arrangements.

• The ambulance trust will promote effective confidentiality and security practice to

its staff through policies, procedures and training.

• The ambulance trust will establish and maintain incident reporting procedures and

will monitor and investigate all reported instances of actual or potential breaches of confidentiality and security.

5.4 Information Quality Assurance

• The ambulance trust will establish and maintain policies and procedures for

information quality assurance and the effective management of records.

of its information quality and records management arrangements.

• Managers are expected to take ownership of, and seek to improve, the quality of

information within their services.

• Wherever possible, information quality should be assured at the point of

collection.

• Data standards will be set through clear and consistent definition of data items, in

accordance with national standards.

• The ambulance trust will promote information quality and effective records

management through policies, procedures/user manuals and training.

6. RESPONSIBILITIES AND ACCOUNTABILITIES

It is the role of the Trust Board to define the ambulance trust policy in respect of information governance, taking into account legal and NHS requirements. The Board is also responsible for ensuring that sufficient resources are provided to support the requirements of the policy.

The Director of Information Management and Technology has responsibility for all Information Governance protocols and communication within the ambulance trust, and for ensuring that they are managed responsibly.

The Information Governance Management Group, supported by the Assistant Director of Health Informatics, is responsible for overseeing day-to-day Information Governance issues, including developing and maintaining policies, standards, procedures and

(10)

guidance, coordinating Information Governance in the ambulance trust and raising awareness of Information Governance.

Managers within the ambulance trust are responsible for ensuring that the policy and its supporting standards and guidelines are built into local processes and that there is on-going compliance.

All staff, whether permanent, temporary or contracted, and contractors are responsible for ensuring that they are aware of the requirements incumbent upon them and for ensuring that they comply with them on a day to day basis. Some NHS records are public records under the terms of the Public Records Act 1958 and are legal documents.

The Chief Executive and senior managers are personally accountable for the records in their care and quality of records management within their organization. All line managers and supervisors also have a duty to ensure that their staff are adequately trained and apply the appropriate guidelines.