• No results found

Information Governance Policy

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Information Governance Policy"

Copied!
9
0
0

Loading.... (view fulltext now)

Download now ( 9 Page )

Full text

(1)

Information Governance Policy

Version: Revised:

1.0

Consultation: Information Governance Committee

Ratified by: Governance Committee

Date ratified: 19 March 2008

Name of originator/author: David McGrath

Date issued: April 2008

Review date: April 2010

(2)

1.Introduction ... 3 1.1 Key Principles ... 3 2. Purpose ... 3 3. Duties ... 4 3.1 Chief Executive ... 4 3.2 Caldicott Guardian ... 4 3.3 Responsible Director ... 4

3.4 Information Governance Manager ... 4

3.5 Managers ... 4

3.6 Records Manager ... 4

3.7 All Staff ... 4

4. Definitions ... 5

5. Context ... 5

6. Legal and Regulatory Framework... 5

7. Information Governance Assessment for the Trust ... 6

8. Training ... 6

9. Information Security ... 6

10. Monitoring and Review ... 6

(3)

1.Introduction

1.1 Key Principles

The Trust regards all personal identifiable information relating to patients and their relatives as confidential. Compliance with legal and regulatory framework will be achieved, monitored and maintained. To support this, the Trust will:

establish mechanisms that allow the integrity of information to be monitored and maintained to ensure that it is appropriate and fit for its intended purpose.

establish a consistent approach by which the Trust manages all the aspects of how information is managed, whether internally or externally generated and in regard to all formats and media types. This will involve all steps of processing; from the generation of documents, to its retention, and then its final disposal

ensure that the availability of information for operational purposes will be maintained within set parameters, via appropriate procedures and computer system resilience. establish and maintain policies and procedures to ensure compliance with the

appropriate legal framework, to include the Data Protection Act, the Human Rights Act, the common law duty of confidentiality and the Freedom of Information Act.

2. Purpose

The purpose of this policy is to set out the responsibilities for Information Governance within the Trust, and the relevant levels of accountability.

This policy will apply to all areas where information is held within, or on behalf of, the Trust. This policy relates to all types of information within the Trust. These include:

Patient/Client/Service User information Personnel information

Organisational information.

This policy covers all aspects of handling information, including (but is not limited to): Structured record systems - paper and electronic

Transmission of information – e-mail, post, telephone and fax Monitoring of use of information systems

This policy refers to:

all information systems purchased, developed and managed by, or on behalf of, the Trust

All Trust employees and contractors.

All systems provided by Third Party contractors, where the service has been negotiated on the Trusts behalf i.e. by Department of Health.

(4)

3. Duties

3.1 Chief Executive

The Chief Executive has overall responsibility for Information Governance at the Trust. As the Accountable Officer he/she is responsible for the management of the organisation and for ensuring appropriate mechanisms are in place to support service delivery and continuity.

3.2 Caldicott Guardian

The Trust’s Caldicott Guardian (Medical Director) has a specific responsibility for reflecting patients’ interests regarding the use of patient identifiable information. The Caldicott Guardian is responsible for ensuring that patient identifiable information is shared in an appropriate and secure manner.

3.3 Responsible Director

The Director of Corporate Affairs has overall responsibility for the development and maintenance of Information Governance practices throughout the Trust.

3.4 Information Governance Manager

Responsible for the operational day to day management of all issues relating to Information Governance, including drafting policy documents, procedural guidance, training, audit and dealing with all IG queries. The provision of reports to the Trust Board and various external agencies on issues relating to IG.

3.5 Managers

The responsibility for overseeing information governance practice in teams is devolved to the relevant directors, managers and team managers. Managers have overall responsibility for IG within their areas

3.6 Records Manager

The Records Manager will ensure staff are provided with training for their responsibilities for record keeping and management.

3.7 All Staff

All Trust staff, whether clinical or administrative, have responsibility for the safety and proper management of the information they process. Information governance incidents must be recorded on an IR1 form and reported to the Information Governance Manager.

(5)

4.

Definitions

Information Governance (IG) -

A framework for the handling of electronic and manual information within NHS organisations

Sets out the standards for the organisation on how to handle information about patients and employees

Ensures the correct handling of information to comply with both legal requirements, and those of the Department of Health Standards.

5. Context

The information Governance framework assists the Trust to fulfil its statutory duties in respect of the legislation and guidelines outlined below.

6.

Legal and Regulatory Framework

There are various legal obligations placed on the Trust regarding the use and security of personally identifiable information including:

Data Protection Act (1998) Human Rights Act (1998)

Freedom of Information Act (2000)

Access to Health Records Act 1990 (where not superseded by the Data Protection Act 1998)

Computer Misuse Act (1990)

Copyright, designs and patents Act 1988 (as amended by the Copyright Computer programs regulations 1992)

Crime and Disorder Act (1998)

Electronic Communications Act (2000)

Environmental Information Regulations (2000) Public Interest Disclosure Act (1998)

Health and Social Care Act (2001) National Health Service Act (1977) In addition to this there:

is an NHS regulatory and performance framework for the management. are NHS Codes of Conduct for the use of information.

are operating procedures and codes of practice are adopted by the NHS

There are requirements to disclose or share information when required to do so for either legislated or operational purposes.

(6)

7.

Information Governance Assessment for the Trust

An assessment of compliance will take place on an annual basis. This will take the form of the Information Governance Toolkit (IGT), which is sponsored by Connecting for Health. The requirements within the IGT are grouped into the following initiatives:

Information Governance Management

Confidentiality and Data Protection Assurance Information Security Assurance

Clinical Information Assurances Secondary User Assurance Corporate Information Assurance

Annual reports and proposed action/development plans, arising from the IG toolkit, will be documented and submitted by the Information Governance Committee for approval prior to submission. The Trust Board or its delegated body will give final approval to the report and its recommendations, prior to its final submission to Connecting for Health.

8.

Training

All staff will receive, as part of their mandatory induction package, a training session covering basic issues of Information Governance.

Refresher training will be made available as required. Where necessary this training must be completed before access to Trust IT systems will be granted. The Information Governance Committee will adopt and monitor an annual training plan.

9.

Information Security

The Trust will establish and maintain policies for the effective and secure management of its information assets and resources.

Audits will be undertaken or commissioned to assess information and IT security arrangements. The Trust’s Incident Reporting system will be used to report, monitor and investigate all

breaches of confidentiality and security.

10. Monitoring and Review

The Information Governance Committee is responsible for this policy and will ensure the necessary reviews and updates take place in accordance with changes in national policy of legislation. The policy will be reviewed annually.

(7)

11. Trust Related Policies

Data Protection Policy

Information Quality Assurance: All related policies and procedures Data Quality Policy

Records Management Policy

HR related Confidentiality code of practice

Professional codes of conduct from the BMA, GMC and NMC and others including Allied Health Professionals, Finance Professionals and NHS Managers

(8)

EQUALITY IMPACT ASSESSMENT

Policy under review: Date of assessment: 11 March 2008

Names of assessors: David McGrath

Consider: Assessment: Please

see guidance on page 8

Action to be taken: What are the aims of the policy? This policy sets out the

main duties and responsibilities for information governance

Publicise to staff

Is there any evidence that some groups could be adversely affected? If there is which groups are affected?

Is there any evidence of higher or lower participation or uptake by different groups?

Is there any evidence that different groups have different needs, experiences, issues and priorities?

No

No

No

What would be the likely impact of the policy?

Improved information governance

arrangements

Should the policy under review be altered so as to provide an opportunity to

promote equality of opportunity or good race relations?

No

What consultation is necessary? None Should the policy be adopted?

Keep a record of the conclusions at each stage of the decision-making process, so that they can be brought together in the equality impact assessment report. The report should contain reasons for decisions made and recommendations as to how the policy will be put into practice,

Yes. This policy supports legal requirements

(9)

including suggestions for training and monitoring

The report should also clearly show the relative weight given to each type of evidence:

 Monitoring data  research findings  other statistics

 the results of consultations (formal and informal).

What monitoring arrangements are necessary?

Compliance with the policy

.

Monitor effectiveness of training and

information to staff through audit and incident reports. Report to Information Governance

Committee How will the results of consultations and

assessments be published?

The specific duty to produce and publish a Race Equality Scheme requires that the results of assessments and consultations carried out in respect of any policy is relevant to the race equality duty must be published

Internet

References

Download now ( PDF - 9 Page - 173.06 KB )

Related documents

Information Governance Policy

The post holder will ensure the establishment of corporate standards and a consistent CCG wide approach to Information Governance & Information Security and will be

Merthyr Tydfil County Borough Council. Information Security Policy

The Information Governance Forum are authorised to update and amend the Information Security Policy and the supporting operational policies following consultation with the

WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER

IT Governance Framework “IT Charter” Internal Audit IT Risk Assessment (RiskIT) IT Controls Maturity Assessment (CobiT 5) Information Security Policy Day-to-day

INFORMATION GOVERNANCE POLICY

5.2 The Information Governance Working Group supports the Audit Committee, Board and EMT in monitoring and improving SCRA’s regulatory and statutory compliance for the

RESPONSIBLE LOCAL COMMUNITIES RELATIONS POLICY

For more information on these issues, please see the General Environmental Management Policy and all its Operational Policies, the Supplier Code of Conduct and the Responsible

Information Governance Strategy

This group is responsible to oversee and advise on all issues relating to corporate records within the Trust to support Information Governance which aims to ensure that

Information Governance Policy

• Working with Transformation & Corporate Operations Directorate Information Governance team to ensure there is consistency of Information Governance across the organisation

INFORMATION GOVERNANCE POLICY

7.1 Information Governance training including awareness and understanding of Caldicott principles and confidentiality, information security, records management and data