INFORMATION GOVERNANCE POLICY

Transcription

1 INFORMATION GOVERNANCE POLICY NWAS Information Governance Policy Page: Page 1 of 10 Date of Issue: January 2014 Date of Review February 2015

2 Recommended by Approved by Information Governance Management Group Quality Committee Approval date 8 th January 2014 Version number 1.3 Review date February 2015 Responsible Director Responsible Manager (Sponsor) For use by Director of IM&T informatics All Trust employees NWAS Information Governance Policy Page: Page 2 of 10 Date of Issue: January 2014 Date of Review February 2015

3 CHANGE RECORD: Version Date of change Date of release Changed by Reason for change /11/ /12/2007 C Gresty Document creation /02/ /02/2008 P Graham Trust Board Approval /02/ /03/2011 K Cushion Annual Review and Trust Board Approval /09/ /11/2012 C Gresty Annual Review /07/ /01/2014 C Gresty Annual Review Information Governance Policy Page: Page 3 of 10

4 Foreword The objectives of this policy are as follows: To ensure that all staff are aware of and understand the standards that NWAS expects and requires in relation to Information Governance and to clarify the Trust s position with regard to this environment; To define responsibilities relating to Information Governance; To clarify applicable legal requirements; To ensure consistent working practises throughout the Trust; This policy will form part of the working practice of staff in order to promote awareness and good practice. It is the intention that this policy and associated documents will be reviewed and updated following any major changes to legislation and/or applicable policy or every 12 months, whichever is sooner. The policy has been produced in consultation with relevant groups and approved by the Trust Board. Staff wishing to discuss or having any questions about this policy should contact the Assistant Director of Health through the IM&T Service Desk or write to / Trust Headquarters Ladybridge Hall Chorley New Road Bolton BL1 5DD Information Governance Policy Page: Page 4 of 10

5 Contents Page 1. Background 6 2. Summary 6 3. Policy Statement Patients Healthcare Professionals Policy makers and manager The Public 7 4. Legislation and NHS Guidance 7 5. Principles Openness Legal Compliance Information Security Information Quality Assurance 9 6. Responsibilities and Accountabilities 9 Information Governance Policy Page: Page 5 of 10

6 1. BACKGROUND Equity and excellence: Liberating the NHS sets out a vision of patients at the heart of the NHS through an information revolution, which depends on transforming the way information is accessed, collected, analysed and used. It is part of the Government s agenda to create a revolution for patients - putting patients first - giving people more information and control and greater choice about their care Compliance with the Data Protection Act 1998 and requirements of the Caldicott report, For the Record HSC 199/053 and the regulations and guidelines inherent within the above documents must be undertaken by all NHS Trusts. 2. SUMMARY Information is a vital asset, both in terms of the clinical management of individual patients and the efficient management of services and resources. It plays a key part in clinical governance, service planning and performance management. Information Governance is concerned with the way NHS organisations handles information about patients/clients and employees, in particular personal and sensitive information. It allows organisations and individuals to ensure that personal information is dealt with legally, securely, efficiently and effectively in order to deliver the best possible care. Information Governance is a framework that brings together all of the requirements, standards and best practice that apply to the handling of personal information. It is therefore of paramount importance to ensure that information is efficiently managed, and that appropriate policies, procedures and management accountability and structures provide a robust governance framework for information management. 3. POLICY STATEMENT The North West Ambulance Service NHS Trust is committed to meeting the information needs of: 3.1 Patients Patients and their carers have a right to know more about their condition, the treatments they are undergoing and the likely outcomes. It is the responsibility of the ambulance trust to ensure this information is accurate and reliable and easily available to patients upon request. Information Governance Policy Page: Page 6 of 10

7 3.2 Healthcare Professionals Fast, reliable and accurate information about the individual patient within their care, the information should be available to support them in the evaluation of the care they give, underpinning clinical governance, planning and research and helping within their continual professional development. 3.3 Policy makers and managers Good quality information should be available to them to help them better target and use the resources deployed in the ambulance trust and to improve the quality of life of patients and local communities. 3.4 The public Information available to the residents of the North West region should be as accurate and up to date as possible. 4. LEGISLATION AND NHS GUIDANCE Recent legislation is having a significant effect on Information Governance in NHS organizations. The ambulance trust must ensure that all policies and procedures are fully compliant with legislation and NHS guidance on the management of information, including: Public Records Act 1958 and 1967; Access to Health Records Act 1990; Data Protection Act 1998; Freedom of Information Act 2000; HSC 1999/053: For the Record: Managing Records in NHS Trusts and Health Authorities; Caldicott Review of Patient Identifiable Information 1997; HSC 1999/012: Caldicott Guardians; NHS Litigation Authority Risk Management Standards ; NHS Information Authority Information Governance Toolkit 2003; and BS ISO/IEC 27002:2005 Care Quality Commission 5. PRINCIPLES The North West Ambulance Service recognizes the need for an appropriate balance between openness and confidentiality in the management and use of information. The ambulance trust fully supports the principles of corporate governance and recognizes its public accountability, but equally places importance on the confidentiality of, and the security arrangements to safeguard, both personal information about patients and staff and commercially sensitive information. Information Governance Policy Page: Page 7 of 10

8 The ambulance trust also recognises the need to share patient information with other health organisations and other agencies in a controlled manner consistent with the interests of the patient and in some circumstances, the public interest. The ambulance trust believes that accurate, timely and relevant information is essential to deliver the highest quality health care. As such, it is the responsibility of all clinicians and managers to ensure and promote the quality of information and to actively use information in decision-making processes. There are 4 key interlinked strands to the Information Governance Policy: Openness Legal compliance Information security Quality assurance 5.1 Openness Non-confidential information on the ambulance trusts and its services should be available to the public through a variety of media. The ambulance trust will establish and maintain policies to ensure compliance with the Freedom of Information Act. The ambulance trust will undertake or commission annual assessments and audits of its policies and arrangements for openness. Patients should have ready access to information relating to their own healthcare, their options for treatment and their rights as patients. The ambulance trust will have clear procedures and arrangements for liaison with the press and broadcasting media. The ambulance trust will have clear procedures and arrangements for handling queries from patients and the public. 5.2 Legal Compliance The ambulance trust regards all identifiable personal information relating to patients as confidential. The ambulance trust will undertake or commission annual assessments and audits of its compliance with legal requirements. The ambulance trust regards all identifiable personal information relating to staff as confidential except where national policy on accountability and openness requires otherwise. The ambulance trust will establish and maintain policies to ensure compliance with the Data Protection Act, Human Rights Act and the common law duty of confidentiality. Information Governance Policy Page: Page 8 of 10

9 The ambulance trust will establish and maintain policies for the controlled and appropriate sharing of patient information with other agencies, taking account of relevant legislation (e.g. Health and Social Care Act, Crime and Disorder Act, Protection of Children Act). 5.3 Information Security The ambulance trust will establish and maintain policies for the effective and secure management of its information assets and resources. The ambulance trust will undertake or commission annual assessments and audits of its information and IT security arrangements. The ambulance trust will promote effective confidentiality and security practice to its staff through policies, procedures and training. The ambulance trust will establish and maintain incident reporting procedures and will monitor and investigate all reported instances of actual or potential breaches of confidentiality and security. 5.4 Information Quality Assurance The ambulance trust will establish and maintain policies and procedures for information quality assurance and the effective management of records. The ambulance trust will undertake or commission annual assessments and audits of its information quality and records management arrangements. Managers are expected to take ownership of, and seek to improve, the quality of information within their services. Wherever possible, information quality should be assured at the point of collection. Data standards will be set through clear and consistent definition of data items, in accordance with national standards. The ambulance trust will promote information quality and effective records management through policies, procedures/user manuals and training. 6. RESPONSIBILITIES AND ACCOUNTABILITIES It is the role of the Trust Board to define the ambulance trust policy in respect of information governance, taking into account legal and NHS requirements. The Board is also responsible for ensuring that sufficient resources are provided to support the requirements of the policy. The Director of Information Management and Technology has responsibility for all Information Governance protocols and communication within the ambulance trust, and for ensuring that they are managed responsibly. The Information Governance Management Group, supported by the Assistant Director of Health, is responsible for overseeing day-to-day Information Governance issues, including developing and maintaining policies, standards, procedures and Information Governance Policy Page: Page 9 of 10

10 guidance, coordinating Information Governance in the ambulance trust and raising awareness of Information Governance. Managers within the ambulance trust are responsible for ensuring that the policy and its supporting standards and guidelines are built into local processes and that there is ongoing compliance. All staff, whether permanent, temporary or contracted, and contractors are responsible for ensuring that they are aware of the requirements incumbent upon them and for ensuring that they comply with them on a day to day basis. Some NHS records are public records under the terms of the Public Records Act 1958 and are legal documents. The Chief Executive and senior managers are personally accountable for the records in their care and quality of records management within their organization. All line managers and supervisors also have a duty to ensure that their staff are adequately trained and apply the appropriate guidelines. Information Governance Policy Page: Page 10 of 10