INFORMATION GOVERNANCE
POLICY
POLICY NO IM&T 011 DATE RATIFIED January 2012 NEXT REVIEW DATE January 2015
POLICY STATEMENT/KEY OBJECTIVE:
To provide an overarching framework through which Information Governance requirements will be met
ACCOUNTABLE DIRECTOR:
Dave Tomlinson - Senior Information Risk Officer (SIRO)Subject
Information Governance
Policy
Applicable to
Staff, colleagues, Service
Users and Carers and families
and applicable for all Trust
business i.e. with contractors,
agencies and partners
Key Policy Issues
Responsibilities , strategy and
framework
Date Issued
January 2012
Dates Policy Reviewed
January 2012
Next Review Due Date
January 2015
Policy Written By
Information Governance Lead
Consultation
Clinical Records and IG
Group, SIRO Advisory Group,
IG Specialists
Policy Reviewed By
SIRO, SIRO Advisory Group IG
Assurance Lead, IG Specialist
Lead Responsible for Policy
IG Assurance Lead
Monitoring Arrangements
By SIRO Advisory Group and
IG Lead on annual basis
Approved by
SIRO/Director of Finance
Authorised by
SIRO/Director of Finance
CONTENTS
Executive Summary 2 Content Page 3 1.0 Introduction 4 1.1 Rationale... 4 2.1 Scope ... 4 2.2 Principles ... 4 2.0 Responsibilities 2.1 Management Responsibilities ... 5 3.0 Legal Compliance 7 4.0 Policy 4.1 Information Governance management ... 84.2 Openness ... 8
4.3 Information Security ... 9
4.4 Confidentiality ... 9
4.5 Information Quality Assurance ... 10
4.6 Improvement Plan and assessment ... 10
5.0 Implementation 11 6.0 Policy Links 11 7.0 National Context 11 8.0 Training 11 9.0 Audit 12 Appendices Information Governance Requirements (IGT) 13
Information Governance Strategy 16
Information Governance IG e-Learning Matrix 20
Information Governance Framework 21
Policy Equality and Diversity Assessment
22
1.0 INTRODUCTION
1.1 Information is a vital organisational asset, both in terms of the clinical management of individual patients and the efficient management of services and resources. It plays a key part in clinical governance, service planning and performance management.
It is therefore of paramount importance to ensure that information is efficiently managed and that appropriate policies, procedures, management accountability and structures provide a robust governance framework for the continual improvement of information management.
The Trust will establish and maintain policies and procedures to ensure compliance with requirements contained in the Information Governance Toolkit (IGT), and NHS Litigation Authority (NHSLA.)
1.2 Rationale
The aim of the policy is to provide the employees of Lancashire Care NHS Foundation Trust with a simple framework through which the elements of Information Governance will be met.
1.3 Scope
This policy applies to the governance of information produced, handled, used and transferred by the Trust including:
Patient information – paper and electronic Human resources information
Finance information Governance information
Organisational administrative information
This policy covers all information systems purchased, developed and managed by or on behalf of the Trust, any individual directly employed or otherwise by the Trust and its partner organisations.
1.4 Principles
The Trust recognises the need for an appropriate balance between openness and confidentiality in the management and use of its information. The Trust fully supports the principles of corporate governance and recognises its public accountability, but equally places importance on the confidentiality of, and the security arrangements to safeguard, both personal information about patients and staff and commercially sensitive information. The Trust also recognises the need to share patient information with other health organisations and other agencies in a controlled manner consistent with the interests of the patient and, in some circumstances, the public
interest. These transfers of information are governed by a tiered Information Sharing Agreement signed either by the Chief Executive Officer (CEO), Senior Information Risk Officer (SIRO) or Caldicott Guardian.
The Trust believes that accurate, timely and relevant information is essential to deliver the highest quality health care. As such it is the responsibility of all staff; administrative, clinical and management, to ensure and promote the quality of information and to actively use it in decision making processes.
There are four key interlinked strands to the Information Governance Policy: Openness
Legal Compliance Information Security Quality Assurance
2.0 RESPONSIBILITIES and ROLES
2.1 This policy, applies to all staff working within the Trust including any individual directly employed or otherwise by the organisation for example, third party contracting staff, temporary staff, locum or bank staff.
Managers within the Trust are responsible for ensuring that the policy and its supporting standards and guidelines are built into local processes and that there is ongoing compliance.
It is the role of the Trust board, or delegated sub-group or SIRO, to ratify Trust policy in respect of Information Governance, taking into account legal and NHS requirements. The board is also responsible for ensuring that sufficient resources are provided to support requirements of this policy. 2.2 Lancashire Care NHS Foundation (LCFT) Trust Board
It is the role of the LCFT Board to define the Trust’s Policy in respect of Information Governance, taking into account both legal and NHS requirements. The Board is also responsible for ensuring that sufficient resources are provided to support the requirements of the Policy.
2.3 Chief Executive Officer (CEO)
The CEO as accountable officer of LCFT has overall accountability for Information Governance and will provide assurance through the Statement of Internal Control, that all information risks are effectively managed and mitigated.
2.4 Senior Information Risk Officer (SIRO)
The Executive Director of Finance is the director responsible for Information Risk Assurance and is delegated as the Trust Senior Information Risk Officer (SIRO.) The SIRO takes ownership of Information Risk Policy , acts as an advocate for information risk on the Trust board and provides written
advice to the Chief Executive Officer (CEO) on the content of the Statement of Internal Control in regard to information risk.
2.5 The SIRO is required to undertake strategic information risk management training as a minimum annually.
2.6 Key responsibilities of the SIRO are:
To oversee the development of an Information Risk Policy and a strategy for implementing the policy within the existing Information Governance Framework
To take ownership of the risk assessment process for information risk, including review of the annual information risk assessment to support and inform the Statement of Internal Control
To ensure each network and services undertake risk assessments to form the basis of the network and Trust Enterprise Assurance Management register, identifying controls and assurance against the risks
To review and agree action/s in respect of identified information risks To ensure that the Trust approach to information risk is effective in terms of resource, commitment and execution and that this is communicated to all staff
To provide a focal point for the resolution and/or discussion of information risk issues
To ensure the Board is regularly adequately briefed on information risk issues
2.7 The Caldicott Guardian is responsible for ensuring that LCFT processes satisfy the highest practical standards for handling patient information.
The Caldicott Guardian for LCFT will be responsible for ensuring the safe recording, storing and retention of all personal data and ensuring all information flows are mapped to exclude any leaks of information. The Caldicott Guardian will ensure that investigations resulting from issues raised by the Information Governance Lead or Health Records Manager are arranged and overseen and all information sharing agreements are negotiated and signed on behalf of the Trust.
2.8 Information Governance Lead
The Information Governance (IG) Lead is responsible for overseeing the day to day Information Governance issues, providing guidance to the organisation, developing and maintaining related policies, protocols, strategies and procedures within the Information Governance framework
and agenda and raising awareness on an on- going basis to staff of all levels across the Trust.
The IG lead is responsible for co-ordinating the Information Governance Toolkit annual submission and periodic returns, providing regulatory progress reports for Monitor and support internal and external audit assurance processes.
The IG Lead will fully support and assist the SIRO and Caldicott Guardian and carry out any investigations relating to breaches of confidentiality, suspected or confirmed,
2.9 All Managers
All Managers are responsible for ensuring that the Policy and it’s supporting standards and guidance are built into local processes and that there is on-going compliance on a day to day basis. Any breaches or suspected breaches of confidentiality or information security must be referred for immediate investigation.
2.10 All staff includes permanent, temporary, contractors, locums, bank staff and any individual who has been given access to Trust network or systems. Individuals are responsible for ensuring that they familiarise themselves with relevant policies and guidance and that they understand the responsibilities set out in them. If individuals are unsure about any aspect of a Policy or guidance they must seek clarification from their line manager or the Information Governance team. Staff must ensure that they are compliant with legislative and regulatory requirements on a day to day basis.
2.11 Information Governance training is mandatory for all staff and forms part of the Trust Mandatory Training Policy. Therefore all staff are required to undertake annual IG e-learning training. Completion of this training is monitored to ensure compliance with the Information Governance Toolkit standard.
3.0 LEGAL COMPLIANCE
3.1 The Trust will undertake or commission assessments and audits of its compliance with legal requirements and will establish and maintain policy to ensure compliance with the governing legislation.
3.2 The Trust regards all identifiable personal information relating to patients and staff as confidential except where legislation on accountability and openness requires otherwise.
3.3 The Trust will establish and maintain policies and procedures for the controlled and appropriate sharing of patient information with other agencies e.g. Social care, Third Sector, taking account of relevant legislation, for example the Health and Social Care Act, Crime and Disorder Act and the Protection of Children Act.
4.0 POLICY
4.1 Information Governance Management
Information Governance management across the Trust will be co-ordinated by the Clinical Records and Information Governance Group and they will co-ordinate liaison with appropriate organisational departments and sub committees as work streams require. Outcomes from this group will be reported to the SIRO and Executive Management Team and the Caldiott Guardian.
4.1.1 The membership of the Clinical Records and Information Governance Group comprises of:
Deputy Caldicott Guardian Health Records Manager Information Governance Lead Clinical Governance and Risk Pharmacy Lead
Associate DIr of IM&T
Operational Service Managers
Clinical Representation e.g. Secure Services and Psychology 4.1.2 The responsibilities of the group include but are not limited to:
To develop and implement a systematic and planned strategy for the management of clinical records from the moment the need for a record to be created is identified, through its creation and maintenance to its ultimate disposal.
To ensure that the Trust has timely access to reliable information. To ensure that clinical records are managed in compliance with the NHS Code of Practice on Records Management and ensure professional standards.
To ensure that clinical record management procedures meet the requirements set out under the Data Protection Act 1998, the Freedom of Information Act 2000 and the NHS Patient Guarantee. To ensure compliance with all aspects of the NHS Information Governance Toolkit standards
4.2 Openness
4.2.1 Service users should have ready access to information relating to their own health care, their options for treatment and their rights as patients. There are clear procedures and arrangements for handling queries from patients and the public. See Access to Health Records Policy.
4.2.2 Non-confidential information on the Trust and its services should be available to the public through a variety of media, in line with the principle of openness. The Trust will establish and maintain policy to ensure
compliance with the Freedom of Information Act 2000, Data Protection Act 1998, Caldicott principles and will undertake or commission an annual review of its policies and arrangements of openness.
4.2.3 Availability of information for operational purposes will be maintained within set parameters relating to its importance via appropriate procedures and computer system security.
4.2.4 The Trust will have clear procedures and arrangements for liaison with the press and broadcasting media and for handling queries from service users and the public.
4.2.5 The Trust will ensure that the exchange / sharing of any information is only carried out when necessary, within the arena in which the Trust has registered and within strict guidelines under which the information was obtained and outlined at the time or with the person’s consent.
4.3 Information Security
4.3.1 Lancashire Care will establish, develop and maintain policies and procedures for the effective and secure management of its information assets and resources. It will continually assess and improve its information and IT security arrangements.
4.3.2 The Trust will promote effective confidentiality and security practice to its staff through policies, procedures and training and establish and maintain incident reporting procedures. It will monitor and investigate all reported instances of actual or potential breaches of confidentiality and security. The Trust incident reporting system Datix must be used to report, monitor and investigate breaches or potential breaches of security.
4.3.3 The Trust requires all its staff to ensure that all measures are taken to protect personal identifiable information (PID) both manual and electronic e.g. locking away information, using passwords to logon on to systems, only storing information on secure networks.
4.4 Confidentiality
4.4.1 The Trust regards all identifiable personal information relating to service users and staff as confidential.
4.4.2 Individuals will be made aware of their responsibilities at local induction and through policy and training.
4.4.3 Staff non compliance with legal and regulatory frameworks will be monitored and managed through the Trust disciplinary procedure.
4.4.4 Risk assessment, in conjunction with overall priority planning of organisational activity will be undertaken to determine appropriate effective
and affordable information governance controls are in place with respect to new service developments.
4.5 Information Quality Assurance
4.5.1 The Trust will establish and maintain policies and procedures for information quality assurance and the effective management of records.
4.5.2 Managers are expected to take ownership of, and seek to improve, the quality of information within their services.
4.5.3 Wherever possible, information quality should be assured at the point of collection.
4.5.4. Data standards will be set through clear and consistent definition of data items, in accordance with National standards
4.5.5 Internal and external audit, and compliance with regulatory agencies and other quality assurance processes such as Monitor, CQC and NHS LA will support this policy
4.6 Assessment and Improvement Plans
4.6.1 A regulatory self- assessment is required annually for NHS organisations to ensure compliance with requirements of the Information Governance Toolkit (IGT). The organisation will identify staff to undertake Administration, Reviewer and User roles as described in the Information Governance Toolkit (IGT) as appropriate to the Trust. These responsibilities will sit within the Information department.
4.6.2 Annual reports and proposed action and development plans will be presented to the Trust board, SIRO or nominated group for approval prior to submission to Connecting for Health and thereafter Monitor and CQC.
4.6.3 The requirements are grouped in the following initiatives: Information Governance Management
Confidentiality and Data Protection Assurance Information Security Assurance
Clinical Information Assurance Secondary Uses Assurance Corporate Information Assurance
5.0 POLICY IMPLEMENTATION
The policy will be advised via E-bulletin, the Trust Intranet and if deemed appropriate by the policy administration office, Chief Executive Team Brief. Copies of the policy will be disseminated to nominated policy file holders.
6.0 TRUST POLICY AND PROCEDURE LINKS
Access to Health Records Policy(Including Subject Access) Data Quality Policy
Communications Policy Staff Code of Conduct
Control and Use of Mobile Devices Electronic Communications Policy Freedom of Information Policy IT Security Policy
Procedure for Communicating Personal Identifiable Information Information Sharing Agreement/s Tier 0, Tier 1 and Tier 2 Professional records Keeping Policy
Health Records Confidentiality and Security Policy Registration Authority Policy (NCRS Security) Research Governance Policy
Safehaven Procedure
7.0 NATIONAL CONTEXT
Connecting for Health Information Governance Toolkit
Professional codes of conduct from the BMA, GMC and NMC and others including Allied Health professionals, Finance Professionals and NHS Managers
NHS Code of Confidentiality
NHS Code of Practice for Information Security NCRS Guarantee
8.0 TRAINING
8.1.1 All staff attend a mandatory training programme as part of their induction that includes Information Governance. Staff must also undertake annual mandatory e-learning IG training. Further sessions can be scheduled and delivered as necessary upon request and will be tailored to the demands of various staff groups.
8.1.2 Additional modules are available and are both optional and
recommended for specific roles which will support and enhance their knowledge aligned with their responsibilities e.g. SIRO, Information Asset Owners.
8.1.3 Completion of mandatory e-learning IG Training modules are regularly monitored and reports provided to senior management and SIRO.
8.1.4 Background information on information governance is available on the NHS Connecting for Health website www.connectingforhealth.nhs.uk
9.0 AUDIT
Staff knowledge of Information Governance including Policy, procedure and practices will be monitored and assessed each year via a staff survey. This meets part of the IG training requirement of the Information Governance Toolkit.
APPENDIX ONE Information Governance Requirements
Current at 2011 Requirement
101 There is an adequate Information Governance Management Framework to support the current and evolving Information Governance agenda
105 There are approved and comprehensive Information Governance Policies with associated strategies and/or improvement plans
110 Formal contractual arrangements that include compliance with information governance requirements, are in place with all contractors and support organisations
111 Employment contracts which include compliance with information governance standards are in place for all individuals carrying out work on behalf of the organisation
112 Information Governance awareness and mandatory training procedures are in place and all staff are appropriately trained
200 The Information Governance agenda is supported by adequate confidentiality and data protection skills, knowledge and experience which meet the organisation’s assessed needs
201 Staff are provided with clear guidance on keeping personal information secure and on respecting the confidentiality of service users
202 Personal information is only used in ways that do not directly contribute to the delivery of care services where there is a lawful basis to do so and objections to the disclosure of confidential personal information are appropriately respected
203 Individuals are informed about the proposed uses of their personal information
205 There are appropriate procedures for recognising and responding to individuals’ requests for access to their personal data
206 There are appropriate confidentiality audit procedures to monitor access to confidential personal information
207 Where required, protocols governing the routine sharing of personal information have been agreed with other organisations
209 All person identifiable data processed outside of the UK complies with the Data Protection Act 1998 and Department of Health guidelines
210 All new processes, services, information systems, and other relevant information assets are developed and implemented in a secure and structured manner, and comply with IG security accreditation, information quality and confidentiality and data protection
requirements
300 The Information Governance agenda is supported by adequate information security skills, knowledge and experience which meet the organisation’s assessed needs
301 A formal information security risk assessment and management programme for key Information Assets has been documented, implemented and reviewed
302 There are documented information security incident / event reporting and management procedures that are accessible to all staff
303 There are established business processes and procedures that satisfy the organisation’s obligations as a Registration Authority
304 Monitoring and enforcement processes are in place to ensure NHS national application Smartcard users comply with the terms and conditions of use
305 Operating and application information systems (under the organisation’s control) support appropriate access control functionality and documented and managed access rights are in place for all users of these systems
307 An effectively supported Senior Information Risk Owner takes ownership of the organisation’s information risk policy and information risk management strategy 308 All transfers of hardcopy and digital person identifiable and sensitive information have
been identified, mapped and risk assessed; technical and organisational measures adequately secure these transfers
309 Business continuity plans are up to date and tested for all critical information assets (data processing facilities, communications services and data) and service - specific measures are in place
310 Procedures are in place to prevent information processing being interrupted or disrupted through equipment failure, environmental hazard or human error
311 Information Assets with computer components are capable of the rapid detection, isolation and removal of malicious code and unauthorised mobile code
313 Policy and procedures are in place to ensure that Information Communication Technology (ICT) networks operate securely
314 Policy and procedures ensure that mobile computing and teleworking are secure 323 All information assets that hold, or are, personal data are protected by appropriate
organisational and technical measures
324 The confidentiality of service user information is protected through use of pseudonymisation and anonymisation techniques where appropriate
400 The Information Governance agenda is supported by adequate information quality and records management skills, knowledge and experience
401 There is consistent and comprehensive use of the NHS Number in line with National Patient Safety Agency requirements
402 Procedures are in place to ensure the accuracy of service user information on all systems and /or records that support the provision of care
404 A multi-professional audit of clinical records across all specialties has been undertaken 406 Procedures are in place for monitoring the availability of paper health/care records and
tracing missing records
501 National data definitions, standards, values and validation programmes are incorporated within key systems and local documentation is updated as standards develop
502 External data quality reports are used for monitoring and improving data quality 504 Documented procedures are in place for using both local and national benchmarking to
identify data quality issues and analyse trends in information over time, ensuring that large changes are investigated and explained
506 A documented procedure and a regular audit cycle for accuracy checks on service user data is in place
507 The Completeness and Validity check for data has been completed and passed 508 Clinical/care staff are involved in validating information derived from the recording of
clinical/care activity
514 An audit of clinical coding, based on national standards, has been undertaken by a member of staff from the NHS Connecting for Health list of registered clinical coding auditors within the last 12 months
516 Training programmes for clinical coding staff entering coded clinical data are comprehensive and conform to national standards
601 Documented and implemented procedures are in place for the effective management of corporate records
603 Documented and publicly available procedures are in place to ensure compliance with the Freedom of Information Act 2000
604 As part of the information lifecycle management strategy, an audit of corporate records has been undertaken
APPENDIX NO.2
INFORMATION GOVERNANCE STRATEGY 2011- 2014
This strategy sets out the approach to be taken within the Trust to provide a robust Information Governance Framework for the future management of information.
1.0 The Scope of the Strategy
1.1 Information Governance currently encompasses the following: Information Governance Management
Confidentiality and Data Protection Assurance Information Security Assurance
Clinical Information Assurance Secondary User Assurance Corporate Information Assurance
1.2 Information Governance has the following fundamental aims:
To support the provision of high quality care by promoting the effective and appropriate use of information
To encourage responsible staff to work closely together, preventing duplication of effort and enabling more efficient use of resources
To develop support arrangements and provide staff with appropriate tools and support to enable them to discharge their responsibilities to consistently high standards
To enable organisations to understand their own performance and manage improvement in a systematic and effective way
1.3 The Trust has a statutory responsibility to patients and the public to ensure that the services it provides has effective processes, policies and people in place to deliver its objectives in relation to holding and using confidential and personal information.
1.4 This strategy outlines the approach the Trust will take to ensure that it develops effective information governance processes throughout the organisation, which will enable the Trust to deliver its objectives and meet its statutory and regulatory requirements.
2.0 Key Components of the Strategy
2.1 There are 2 key components underpinning this strategy which are:
The Trust Information Governance Policy which outlines the objectives for Information Governance and Strategy
An annual Action / Improvement Plan arising from a baseline assessment against the standards set out in the Connecting for Health Information Governance Toolkit.
2.2 The Clinical Records and Information Governance Group has overall
responsibility for overseeing the implementation of this strategy, the Information Governance Policy and the Information Governance Improvement Plan. All will be subject to periodic review and progress reported to the SIRO and Trust Board. There is sufficient representation at the Clinical Records and Information
Governance Group to ensure that Information Governance is embedded within organisational structure.
2.3 A key function of the Clinical Records and Information Governance Group is to monitor and review untoward incidents and occurrences relating to Information Governance. Such incidents should be recorded on the Caldicott Log and reviewed for appropriate action, progress and timely closure.
2.4 An Information Governance Action Plan identifying responsible leads will be agreed each year to ensure compliance against each of the requirements. This Improvement Plan forms part of the overall Board or SIRO endorsed Information Governance Strategy and includes established links to the Board Assurance Framework.
3.0 Role and Responsibilities
3.1 The Executive Director of Finance, Estates & Facilities and IM&T is the named individual on the Trust Board with overall accountability for Information
Governance and the Trust Senior Information Risk Officer (SIRO.)
3.2 The Medical Director is the Caldicott Guardian. This role is supported by a deputy Caldicott Guardian and the Health Records Manager is a delegated Authority.
3.3 The Information Governance Lead is the senior manager with responsibility for the Information Governance Agenda and reports to the Associate Director of IM&T. 3.4 This Strategy cannot be seen in isolation as information plays an integral part in Governance, Strategic Risk, Clinical Governance and Performance and Service Planning. The strategy therefore links into all of these aspects of the organisation and is reflected in the Governance strategy. In addition, the Trust board has identified Information Governance as a risk within the Board Assurance
Framework. The implementation of this strategy will reduce the level of this risk. 3.5 The Information Governance Lead will identify associated resource implications incurred by the implementation and maintenance of the Information Governance Policy Improvement Action Plan and expansion of services. Approval will be agreed by either the Clinical Records and Information Governance Group and /or the Trust SIRO. Business cases may be prepared as appropriate.
3.6 Performance will be monitored by the Clinical Records and Information Governance Group and submitted via the Information Governance Toolkit as a minimum annually.
3.7 Fundamental to the success of delivering the Information Governance Strategy is developing an Information Governance culture within the Trust. This will be embedded into day to day work practices. This will be assessed using an annual staff survey to gauge individuals Information Governance knowledge and
compliance.
3.8 Awareness and training will be provided to all Trust staff. Staff will be directed to use the mandatory IG training modules currently hosted by CfH (Connecting for Health.) This training forms part of the Trust Mandatory Training Policy. Additional training modules are (as optional and recommended) available for staff to complete particular to their work role and outlined in a training matrix as attached. Additional training modules should be discussed as part of the PDP process.
4.0 Conclusion
4.1 The implementation of the Information Governance Strategy, Policy and Action Plan will ensure that information is more effectively managed in the organisation. A revised action plan will be developed annually against the Information
Appendix No.3 INFORMATION GOVERNANCE IG E-LEARNING MATRIX
De sign at ion In tr o to IG or Re fr esh er T rain in g (as ap p li cab le) IG for M ed ical S ec re ta ries B egin n er s Gi d e t o IG Passwor d M an age m en t Cald icot t Gua rd ian in t h e NHS & Soc ial Car e NHS In for m at ion Risk for S
IROs & IAOs
S ec u re T ran sfe rs of P er son al Dat a In for m at ion S ec u rity Gu id eli n es In for m at ion S ec u rity M an age m en t Pat ient C on fiden tiality Re cor d s M an age m en t & the NHS Code of Pr ac ti ce Clin ical In for m at ion S y ste m s B u sin ess Con ti n u ity M an age em n t Ac ce ss to He alth Re co rd s Caldicott Guardian M R M R M
Clinical Governance staff M R
Clinical Systems Trainers M R R R R M
Clinicians/Social Care staff M R R M R
Community Admin M R R R R
Facilities staff M R
Finance staff M R
Health Records staff M R R R M M
HR staff M R R
Informatics staff M R R R
Information Asset Owners M R M R R
Information Governance staff M R R R M M R M M M M M Information Security staff M R M R M M R
IT staff M R R R R
Medical Secretaries M R R R M R
Non Executive Directors M R R
Payroll staff M R
Planning & Performance staff M R R R
SAR Handlers M R R R M SIRO M R M R R Volunteers M R R M – denote Mandatory modules R- denotes Recommended Modules
TRUST BOARD
SIRO ADVISORY GROUP EMT GOVERNANCE
including Corporate, Clinical and Information Caldicott Guardian (Max Marshall) Information Asset Owners (IAO’s) IM&T Dept Including Information Governance function Corporate Records Management Group Clinical Records & IG Management Group
Receives reports via PCUI SLA
Health Records Management including health
records stores
Network Gov Groups Including Adult MH,
Adult comm Secure and Children &
Families
Operational service groups
Trustboard Member Trustboard Member
SIRO attends EMT Governance Caldicott Guardian attends EMT Governance
AUDIT COMMITTEE (Inc Internal Audits)
MONITOR CfH via IGT
NHSLA Stds CQC Stds / External Audit
Legislation e.g. DPA
External Standards INFORMATION GOVERNANCE FRAMEWORK
Appendix no.4
External reporting
Information Quality & Records Mgmt
Lancashire Care NHS Foundation Trust
Initial Equality Impact Assessment
Department/Function IM&T – Information Governance
Lead person Michelle J Brammah Contact details 01772 695387 [email protected] Name of policy/procedure/service to be assessed
Information Governance Policy
Date of assessment 29-12-11
Is this a new or existing
policy/procedure/service? Existing Policy
1. Briefly describe the aims, objectives and purpose of the policy/procedure/service?
Information is a vital organisational asset. It supports both clinical management and Corporate management. It plays a key role in patient care, service and performance management and governance.
The Trust recognises the need for an appropriate balance between openness and confidentiality in the management and use of information.
The aim of the Policy is to provide a simple framework for all Trust staff through which elements of Information Governance will be met.
2. Who is intended to benefit? Policy implementation will benefit staff working within the Trust including any person directly employed or indirectly employed e.g. 3rd party contract staff , temporary staff, locums or temporary staff
3. What outcomes are wanted? There are several outcomes:
can be presented
2. To ensure that all staff from senior level through to service level understand their responsibilities in terms of confidentiality and security of Trust information including patient, staff and
corporate.
3. To set out expectations for Information Quality Assurance
4. To detail the use of Improvement plans in order to meet the requirement for regulatory annual self- assessment.
5. To outline the requirement of Mandatory Information Governance training for all Trust staff
4. Who are the main stakeholders?
The main stakeholders are all staff working within the Trust including any person directly employed or indirectly employed e.g. 3rd party contract staff , temporary staff, locums or temporary staff
5. Who is responsible for implementation?
Section 2 of the Policy outlines all the key roles who should be involved with the application of the Policy from the Trust Board to the individual member of staff. Specifically the IG Lead is responsible for ensuring that the Policy is widely communicated through a variety of methods e.g. Trust weekly e-Bulletin, Insight Magazine, Trust Intranet, Corporate Induction,
Network Governance meetings. As part of the
Monitoring and Compliance of the Policy, the IG Lead will include an awareness check in the annual IG Staff Survey. Line Management should ensure that staff comply with this policy and individuals are responsible for familiarising themselves with the procedure and associated guidance.
6. Are there concerns that there could be differential impact on the following groups and what existing evidence do you have for this?
please explain and also include local demographics,
monitoring of E and D (e.g. % of BME communities in East Lancashire – is this % reflected in recruitment and/or service use?)
People from a Black or minority ethnic
background
Y N No. The application of this policy has equal relevance to
all and makes no distinction to any particular group
Women or men Y N No. Declaration of gender has no bearing on this Policy
and applies to all groups
People with disabilities or long term health conditions
Y N No. This Policy applies equally to all staff and does not
discriminate against people with disabilities or long term health conditions.
People with a particular religion or beliefs
Y N No. There is nothing intended or stated in the Policy that
identifies or distinguishes a particular belief or religion
Lesbian, gay ,bisexual, trans people
Y N No. Sexuality has no bearing on the adherence of the
Policy
Older or younger people Y N No. Regardless of age group the Policy is relevant based
on the objectives stated above.
Carers Y N No. There is no differential on this group. Assurance
should be given by the principles set out in the Policy for the protection of information
7. Could any differential impact identified above be potentially adverse?
Y N No.
8. Can any adverse impact be justified on the grounds of
promoting equality of opportunity?
(e.g. single sex group, BME group)
Y N No
9. Have you consulted with those who are likely to be affected?
Y N The Policy has been presented to the Clinical Records and
Information Governance Group December 2011. Members were asked to provide comment and suggest any amendments or feedback to the IG Lead so that they could be reflected in the final version.
policy/procedure/service proceed to full impact assessment?
N implementation and therefore it does not warrant greater scrutiny
I understand the impact assessment of this policy/procedure/service is a statutory obligation and take responsibility for the completion of this process.
Names of assessors Michelle J Brammah IG Lead Sue Stone – IG Specialist
Date of assessment 29-12-11
