Information Governance Strategic Management Framework
|
|
- Irma Baldwin
- 8 years ago
- Views:
Transcription
1 Document Summary Information Governance Strategic Management Framework This framework sets out the Cumbria Partnership NHS Foundation Trust (the organisation) Strategic Management Framework and is therefore a working document. The purpose of this framework is to provide clear and effective management and accountability structures, governance processes, documented policies and procedures, a comprehensive IG training programme and adequate resources to manage and embed Information Governance throughout the organisation. It pulls together all the requirements for information governance to ensure that personal information is processed legally, securely, efficiently and effectively in order to deliver the best possible care to patients. Please complete the table below and use the prescribed form of words underneath POLICY NUMBER POL/002/096 DATE RATIFIED 6 August DATE IMPLEMENTED 13 August NEXT REVIEW DATE April 2017 ACCOUNTABLE DIRECTOR POLICY AUTHOR Director of Strategy and Support Services (Michael Smillie) Head of Information Governance (Yvonne Salkeld) Important Note: The Intranet version of this document is the only version that is maintained. Any printed copies should therefore be viewed as uncontrolled and, as such, may not necessarily contain the latest updates and amendments.
2 Contents Introduction to this document Scope Statement of Intent Definitions Duties Key Responsibilities Trust Board Chief Executive Caldicott Guardian Senior Information Risk Owner Information Asset Owners (IAO) Senior Heads / Senior Managers Information Asset Administrators (IAA) Information Governance Lead Information Security All Trust Employees Information Governance Team Resources Information Governance Key Project Areas Asset Management Audit and Spot Check Compliance Communication Contracts Corporate Records Fairwarning Health Records Human Resources Information Rights Information Security Management Information Sharing Gateway Performance Policies
3 5.14 Projects Registration Authority Service Risk Assessment and Incident Management Process Training and Development Information Governance Governance Arrangements National Requirements (i.e. Operating Framework, Monitor, HSCIC) IG Toolkit IG Arrangements Training Monitoring compliance with this policy References/ Bibliography Related Trust Policy/Procedures Appendix A IG Board Terms of Reference
4 Introduction to this document Information plays a key part in the clinical and corporate governance of Cumbria Partnership NHS Foundation Trust (referred to from herein as the organisation ) and the quality in the provision of patient services, planning, performance measurement, assurance, and financial management relies upon accurate and available information. The organisation provides an Information Governance Service to Cumbria Clinical Commissioning Group via a SLA (Service Level Agreement). The aim is to provide high quality IG support services which broadly consist of IG services, IT Security and Access to Information specialist advice and support. The Information Governance Assurance Framework (IGAF) is the national framework of standards that brings together all statutory, mandatory, and best practice requirements concerning information management. The standards are set out in the Information Governance Toolkit as a road map enabling organisations to plan and implement standards of best practice and to measure and report compliance on an annual basis. Performance against these standards is mandated by and reported to the Department of Health (DoH) via the CQC (Care Quality Commission) and forms part of the assurance processes associated with Risk Management Standards. Compliance is also required for the Quality Framework for Monitor. Robust Information Governance requires clear and effective management and accountability structures, governance processes, documented policies and procedures, trained staff and adequate resources. The way that an organisation chooses to deliver against these requirements is referred to within the Information Governance Toolkit as the organisation s Information Governance Management Framework (IGMF). The Information Governance Management Framework brings together all the requirements, standards and best practice that apply to the processing of personal information to ensure: Compliance with the law; Implementation of DoH guidelines; Planned year on year improvement; IG Toolkit requirements. This framework sets out the approach the organisation is taking to provide a robust approach to IG standards. This document provides a summary / overview and sets out an overarching framework for the strategic Information Governance agenda within this organisation (CPFT) and those organisations (CCG) to which we provide an IG service (i.e. Cumbria Clinical Commissioning Group). 3
5 1. Scope This framework applies to: - All staff of the organisation, including temporary staff and contractors, sub-contractors; - All information used by the organisation; - All information systems managed by or used by the organisation; - Any individual using information owned by the organisation; - Any individual requiring access to information owned by the organisation. - Any organisation that through a Service Level Agreement purchases IG advice and support. 2. Statement of Intent The statement of intent for the IG Management Framework is to ensure the primary objectives of IG below are achieved: Complete the annual information governance assessment and gain sign off within set timescale, with the aspiration to attain level 3 compliance within three years. Provide innovative solutions to IG issues with a view to streamlining business processes. Promote the Information Governance agenda ensuring that it is embedded throughout the Trust to Care Level. Develop an effective team dedicated to the promotion and implementation of the Information Governance agenda. Build a positive reputation with internal clients by providing sound advice and an efficient reliable service regarding all IG matters. Build a positive reputation with external clients by providing sound advice and an efficient reliable service regarding all IG matters. Evidencing lessons learnt through internal, external sources and new initiatives by proactively ensuring policies and procedures reflect the latest requirements and by directing Trust wide cultural change. The Statement of Intent and IG objectives as a team is to: - To support the provision of high quality care by promoting the ethical, legal, effective and appropriate use of information. - To encourage responsible staff to work closely together, preventing duplication of effort and enabling more efficient use of resources. - To develop support arrangements and provide staff with appropriate tools and support to enable them to discharge their responsibilities to consistently high standards. - To enable the organisation to understand their own performance and manage improvement in a systematic and efficient way. - To hold information securely and confidentially - To obtain information ethically, legally and efficiently, i.e. in line with Data Protection Act 1998 and relevant codes of practice including those issued by the Department of Health and Professional Regulatory bodies - To record information accurately and reliably and with the consent of the individual concerned (staff and / or patient) - To use information effectively, legally and ethically. 4
6 - To disclose information ethically, lawfully and as minimally as possible within those two requirements. - To achieve safe care and the maximising of respect for patient privacy and dignity. There are a number of legal and ethical obligations placed upon the Trust for: - The use and security of personal identifiable information - Appropriate disclosure of information when required - Regulatory frameworks for the management of information via the HSCIC IG Toolkit - NHS and professional Codes of Conduct for consent to the recording, sharing and uses of information. - Operating procedures and codes of practice adopted by the NHS. 3. Definitions Information Governance is an umbrella term that forms the elements of law and policy from which applicable information governance standards are derived. It encompasses legal requirements, ethical considerations, national guidance and best practice in information handling, including: - The common law duty of confidentiality - Data Protection Act Information Security - Information Quality - Records Management - Freedom of Information Act 2000 Whilst a key focus of information governance is the use of information about service users, it applies to information recording and information processing in its broadest sense and underpins both clinical and corporate governance. Accordingly, it should be afforded appropriate priority and is increasingly having a higher profile following national incidents where information about members of the public have been mislaid. Asset management the types of attributes that we record to ensure we manage assets appropriately are: Ownership: the organisation owning the asset, asset owners, asset administrators etc Documentation: information governance accreditation documentation details and status Technical: hosting information, servers, access methods etc Suppliers: supplier (including supply chain), contracts, licenses etc Relationships: relationships between other organisations (sharing agreements etc). 4. Duties Key Responsibilities Senior roles within the organisation supporting the Information Governance agenda are held by the Organisation s Senior Information Risk Owner (SIRO), the Caldicott Guardian, the Head of Information Governance and supported by the IG Team. 5
7 4.1 Trust Board In his communications with NHS Trusts Chief Executives, the NHS Chief Executive has made it clear that ultimate responsibility for IG in the NHS rests with the Board of each organisation, who should note that: The major NHS organisations must update the Toolkit assessment at three intervals during the year (end of July, October and March) to enable performance and actions to be tracked by commissioners and other monitoring bodies. The NHS Operating Framework requires organisations to achieve level 2 performance against all key requirements identified in the Information Governance Toolkit. Organisations must provide assurance that they are meeting these key requirements and must have robust improvement plans to address any shortfalls against other requirements. Details of serious incidents involving actual or potential loss of personal data or breach of confidentiality must be published in annual reports and reported via HSCIC and to the Information Commissioner. 4.2 Chief Executive The Trust s Accountable Officer is the Chief Executive who has overall responsibility for ensuring that information risks are assessed and mitigated to an acceptable level. Information risk are handled in a similar manner to other risks such as financial, legal and reputational risks. Reference to the management of information risks and associated information governance practice is now required in the Statement of Internal Control which the Accounting Officer is required to sign annually. 4.3 Caldicott Guardian The Caldicott Guardian also holds the position as Medical Director (Dr Andrew Brittlebank, Medical Director). The Caldicott Guardian role: Is advisory Is the conscience of the organisation Provides a focal point for patient confidentiality and information sharing issues Is concerned with the management of patient information. The Caldicott Guardian is the person with overall responsibility for protecting the confidentiality of person identifiable data (PID). The Caldicott Guardian plays a key role in ensuring that the organisation and partner organisations abide by the highest level for standards for handling PID and adherence to the Caldicott Principles. It is the responsibility of the Caldicott Guardian to feedback any IG issues to the Senior Management Team. The Caldicott Guardian (or designated individual) is a member of the Information Governance Board. For Cumbria Clinical Commissioning Group the Caldicott Guardian is David Rodgers. 6
8 4.4 Senior Information Risk Owner The SIRO is the Director of Strategy and Support Services (Michael Smillie). The role: Is accountable; Fosters a culture for protecting and using data; Provides a focal point for managing information risk and incidents Is concerned with the management of all information assets. The SIRO is an Executive Board member with allocated lead responsibility for the Trust s information risks and provides a focus for the management of information risk at Board level. The SIRO chairs the Information Governance Board. For Cumbria Clinical Commissioning Group the SIRO is Charles Welbourn. 4.5 Information Asset Owners (IAO) Senior Heads / Senior Managers IAOs are senior / responsible individuals working in a relevant business area. Their role is to understand what information is held, what is added and what is removed, how information is moved, who has access and why. As a result they are able to understand and address risks to the information and ensure that information is fully used within the Law for the public good, and provider written input to the SRIO annually on the security and use of their assets. The Trust when identifying an IAO, will consider the risks of the information asset rather than the size of the asset. The IAO need not be the creator or even the primary user of the asset, but they must have a good understanding of what the business needs from the asset and how it is used. For assets that have significant risks associated with them, consideration should be given to have a senior IAO assigned in certain circumstances. For example, RIO (senior IAO will be the Director of Nursing with the IAO using the management structure in place will be the General Manager, with IAA (information asset administrator) being the management lead. See example hierarchy below: (Senior) IAO RIO (Director of Nursing) IAO RIO (children Services) - General Manager IAO RIO (Mental Health - General Manager IAA - Universal Clinical Services Manager (Sue Harper) IAA - Specialist Clinical Services (Gill Ireland) For other specific information assets (i.e. SOEL dental system) the Clinical Director responsible for the service will be the IAO. 7
9 An IAO will be responsible for an information asset in terms of: Identifying risks associated with the information asset; Managing and operating the asset in compliance with policies and standards; and Ensuring controls manage all risks appropriately. The role is flexible and will undoubtedly be performed in addition to existing duties and for some responsibilities may be shared between many individuals. 4.6 Information Asset Administrators (IAA) IAA s work on a day to day basis with information contained in an information asset (see definition above). They have day to day responsibility, ensure that policies and procedures are followed by staff and recognise actual or potential security incidents, and consult their IAO on incident management. The IAAs are senior individuals are are usually head of department or with ultimate responsibility for the information asset Information Governance Lead The Information Governance (IG) Lead is the Head of Information Governance (Yvonne Salkeld). The Head of Information Governance is responsible for ensuring the organisation meets is statutory and corporate responsibilities and engender trust from the public in the management of their personal information. The Head of IG is accountable for ensuring effective management, accountability, compliance and assurance for all aspects of IG. The key tasks include: Responsibility for delivering a high quality specialist Information Governance Service to the Trust and its customers (i.e. Cumbria Clinical Commissioning Group); To provide strategic direction, planning and guidance to ensure compliance with information governance legislation and the national agenda Ensure work practices are evaluated and supported through the development of appropriate policy and procedures across the organisation. Acts as Data Controller for the Trust. 4.8 Information Security The Head of IT (Ian Waterhouse) with delegated responsibility to the Information Security Manager (Steve Jarvis) is responsible for the provision and management of a high quality, customer focussed, Information Technology Security Advisory Service using expertise to manage security issues, identifying best practice and making recommendations for local implementation. These individuals work closely with the Information Governance team. 4.9 All Trust Employees All Trust employees and anyone else working for the organisation (eg. Agency staff, honorary contracts, management consultants etc) who use and has access to Trust information must understand their personal responsibilities for information governance and comply with UK Law. All staff must comply with Trust policies, procedures and guidance and attend relevant education and training events in relation to IG. 8
10 4.10 Information Governance Team Resources Staff roles which support the Information Governance agenda are identified in the organisation chart. IG Performance Management Officer IG Performance Manager IG Performance Officer IG Performance Assistant IG Data Officer Head of IG IG Asset Management Officer RA Manager RA Agent X3 Information Rights Coordinator Information Rights Officers X3 Vacant Post The E-Health Department (under the Strategy and Support Services Directorate) holds the dedicated budget for delivering the Information Governance agenda. Other lead roles to support the IG agenda are as follows: Risk management IT for technical security advice Business Continuity Manager RA Team: smartcard, access controls and ID card services. IG Performance Team and Information Rights Team supporting IG in their divisions. Key focus on IG Performance Management with designated IG Performance Management Officer. Senior Information Risk Owner Caldicott Guardian 5. Information Governance Key Project Areas Information Governance is based on a series of best practice guidance and adherence to a legal and regulatory framework. Detailed below are the main areas that the Information 9
11 Governance cover which forms our services as part of the IG team s offering as part of a Service Catalogue: 5.1 Asset Management In order to appropriately scope and prioritise risk management efforts, it is necessary to ensure that a complete and accurate information asset register exists. As part of the identification process, it is imperative that all instances of information assets be located. In addition, information assets need to be classified in terms of sensitivity and criticality to the Trust. This information is recorded on the Information Asset Register (Alloy system) which is linked to a sharepoint library where all supporting documentation is stored. It is also essential to ensure that all information assets have an identified owner. Information Asset Owners are senior individuals involved in running the relevant business. Their role is to understand and address risks to the information assets they own and to provide assurance to the SIRO on the security and use of those assets. Identified key risks (those rated medium or high), once assessed by the SIRO, supported by the IG Board, will be considered for inclusion on the Corporate Risk Register. In addition any policies related to information asset ownership should reflect the need for succession planning consistent with any BCP (Business continuity plans) drawn up. This will help promote accountability for complying with policy compliance and risk management and PIA requirements throughout the organisation. System level security policies requiring information asset ownership should be in place, as well as processes established to assign ownership as information assets are acquired, transferred or created. A designated post has been put in the structure in to facilitate this framework for information asset management which is a key task for improvement in due to the introduction of new systems and processes (i.e. EPR) and to ensure legacy systems are archived appropriately. 5.2 Audit and Spot Check Compliance Using the ICO Guide to Data Protection Audits as a guide, the IG Team have developed an audit and spot check compliance document. This pulls together the tools required to complete audits in various areas (i.e. 360 degree audits on subject access requests, health records audit, spot check visits checklists). The aim of this approach is to: - Help to raise awareness of Data Protection and the legal framework of which Information Governance is based; - Showing the organisation s (i.e. care groups, corporate services) commitment to and recognition of the importance of data protection in day to day working practices; - Provide some self-assessment on our compliance to support the trajectory of level 3 compliance; - Identification of data protection risks to enable practical, pragmatic and operational specific recommendations - Another vehicle in which to share knowledge with trained IG staff; 10
12 - Details in a central place the audit methodology for the spot checks undertaken by the dept. The focus of the audit approach will be to determine whether the organisation policies and procedures are being followed operationally with staff in order to reinforce and educate, regulate the processing of personal data; also to ensure that processing is carried out in accordance with such policies and procedures. When an organisation complies with its requirements, it is effectively identifying and controlling risks to prevent breaching the DPA. An audit will typically assess the organisation s procedures, systems, records and activities in order to: ensure the appropriate policies and procedures are in place; verify that those policies and procedures are being followed; test the adequacy controls in place; detect breaches or potential breaches of compliance; and recommend any indicated changes in control, policy and procedure. 5.3 Communication The E-Health Dept has a separate communication strategy. The Head of IG has developed a communication plan that feeds into this strategy indicating the tasks that they are responsible for, namely: - Publication Scheme (FOI) - Updating of Intranet and Internet Sites relating to IG - Targeted communication in terms of specific projects (i.e. clear desk policy) - Production of leaflets - Fair Processing Notices (or Privacy Notices) - Development of IG Code of Conduct This list is not exhaustive but represents a sample of communication materials that are available. See detailed plan. 5.4 Contracts The Information Governance Team has a work stream plan to ensure that contractors meet the required IG standards in order to meet the IG Toolkit requirement 110. Initially this will focus upon a systematic process of identifying all contracts in place throughout the trust (this includes new contracts and those already in place) and evaluating the supplier s level of compliance with IG standards as detailed in the Information Governance Standards for Contractors Policy. The aim for the IG Performance Team for the updated year to ensure progression is made in the compliance standards for CPFT contractors and ensure a robust escalation procedure is in place for those who do not meet the required standard and pose a risk to the Trust s information. 11
13 5.5 Corporate Records The aim is to make significant progress in ensuring the trust is managing Corporate Records effectively in line with the IG Toolkit requirements and the standards that need to be achieved to reach level three (3) compliance. The team is working to ensure an effective document set is in place to ascertain what is a corporate record and also to ensure it is clear the scope of the work required by IG in line with Toolkit requirements. The focus for the IG Team will be to ensure the documentation and communication set that is produced assists the wider corporate services in effectively managing their records. This will start with the identification of corporate records within scope; ensuring appropriate responsibility is assigned for the management of those records; leading to a qualitative audit later in the year to ensure that the identified records are being effectively managed throughout their lifecycle. 5.6 Data mapping The IG Team are responsible for ensuring that all transfers of hard copy and digital person identifiable and sensitive information have been identified, data mapped and risk assessed. It is a legal responsibility of an organisation to ensure that transfers of personal information for which they are responsible (Data Controller) are secure at all stages and therefore as an outcome of this process technical and organisational measures can be put in place to secure these transfers. This is completed by engaging with operational services through a workshop, mapping the flows and risk assessing through the Information Sharing Gateway. The Head of IG with relevant escalation of SIRO / Caldicott Guardian will authorise these flows within the Trust. The aim is that in the coming two years these flows form part of the care stream IG dashboard so that the IAO (information asset owner) for the relevant clinical / corporate system has visibility of the flows of information from their information asset and the IAO will assist the IG team in putting in appropriate technical and organisations measures against unauthorised or unlawful processing of and accidental loss or destruction of or damage to personal data. 5.7 Fairwarning Cumbria Partnership NHS Foundation Trust has implemented a patient privacy monitoring system to further ensure that patient information is protected and secure. The new patient privacy system called Fair Warning will identify any patterns of breaches of inappropriate and illegitimate access to a patient s health record and will alert managers. It gives patients the confidence that subject to their consent only people involved in their care can access their records. The system will identify any patterns of breaches of inappropriate and illegitimate access to a patient s health record, for example employees accessing: Records of patients who may be neighbours Records of family members 12
14 Their own records (self-examination) Celebrity patient records The Head of IG is the information asset owner of the Fairwarning system and works with operational services in terms of verifying information in order that appropriate action can be taken (i.e. education and awareness, disciplinary etc). 5.8 Health Records The Health Records function is managed via the Head of Information (Farouq Din). In order to ensure impartiality on the Information Governance Team conduct an annual audit on Health Records trustwide. This is to ensure the Trust is complying with record keeping standards and can demonstrate that patient information is being handled in a way that complies with legislative and regulatory requirements. The audit will run from September December each year and each clinical team will be contacted to take part. A final report is produced to show the status trustwide. The results are presented to the Health Records / Data Quality Manager to ensure that an appropriate action plan is in place to manage on-going improvement who in turn gives feedback to clinical teams to help facilitate improvement through targeted training. 5.9 Human Resources The IG Team has the aim to work effectively with the HR department to ensure all the required evidence is supplied for use within the IG Toolkit to maintain level three compliance In addition to this, through active engagement with HR and the progression by the Information Commissioner s Office becoming more involved in organisational audits it has been agreed that IG will monitor HR s performance against defined objectives detailed within the ICO s Employment Practices Code. The detail of this will be confirmed with HR but seeks to provide evidence that the Trust is ensuring compliance with legislative and regulatory requirements across the board Information Rights The Information Governance Team has a designated Information Rights Arm that deals purely with the copious amount of Freedom of Information Act requests and Subject Access Requests (under the Data Protection Act). They respond to all requests received by acknowledging, finding the relevant information within the Trust, co-ordinating into a suitable response, ensure that necessary exemptions are applied whilst meeting the various legislative requirements in terms of timescales etc. This team are also responsible for providing the advice and support to services in terms of disclosure decisions and where 13
15 necessary apply other Laws (i.e. Access to Health Records for deceased patients, Section 29(3) requests for the Police Information Security Management Information Security and its management deals with all aspects of information, whether spoken, written, printed, electronic or relegated to any other medium, regardless of whether it is being created, viewed, transported, stored or destroyed. This is contrasted with IT security, which is concerned with security of information within the boundaries of the technology domain, usually in a custodial capacity. Following good practice there are six basic outcomes of effective information security governance: Strategic alignment aligning information security management to the Trusts strategy and in support of its organisational objectives. Risk management executing appropriate measures to mitigate risk and reduce potential impacts on information resources to an acceptable level. Value delivery optimising security investments in support of the Trusts business objects. Resource optimisation using information security knowledge and infrastructure efficiently and effectively. Performance measurement monitoring and reporting on information security processes to ensure that objectives are achieved. Integration integrating all relevant assurance factors to ensure that processes operate as intended from end to end. There is a designated IT security arm managed under the Head of IT who works closely with the IG department to ensure standards are met. The Security Manager feeds into the IG toolkit requirements by ensuring relevant assurance is in place Information Sharing Gateway The Head of IG has been instrumental in the development of an Information Sharing Gateway via a sub group of the Lancashire and Cumbria IG leads meeting. Funding has been provided via the LPRES initiative and the North West Coast Academic Health Science Network. The solution known as the information sharing gateway provides a tool for IG professionals to work electronically with the ability to register recipient organisations and provides a level of assurance against their compliance (i.e. IG Toolkit, PSN etc). It also signs these organisations up to a common information sharing agreement framework (Tier 1). The solution then allows data mapping to take place capturing the frequency of data transfer, how its being transferred, when its being transferred, why its being transferred etc. This enables a risk assessment rating so that as Data Controller we can confirm that flows are lawfully and fairly processed. This information sharing gateway provides details on where flows of data are coming from 14
16 (i.e. which information asset) and complements the work being done on information asset management Performance We are committed to the principle that Performance Management is not solely concerned with the monitoring of key performance indicators (KPIs) but is a tool to drive improvement on performance across the organisation. It is a process which contributes to the effective management of individuals and teams in order to achieve high levels of performance. As such, it establishes shared understanding about what is to be achieved and an approach to leading and developing people which will ensure success. The Information Governance performance model has been developed to provide a consistent approach to the way IG performance and quality is managed, monitored, reviewed and reported. This model is based on 5 key stages: Strategic Planning Development of a plan/strategy with clear objectives these have been designed to follow the golden thread principle that is that they should link from the highest level (CE objectives) right down to the team member objectives set at appraisal. Seven (7) Information Governance Objectives have been developed and a series of tasks identified that will ensure these objectives will be achieved. These tasks have been allocated to individuals ensuring that everyone understands what is required from them and how they contribute to the overall performance of the team, department and organisation. Performance measurement and monitoring Design of key performance indicators (KPIs) and tasks to measure and monitor how well we are delivering on the strategic objectives set out in stage 1. Most important is to ensure the metrics are relevant, meaningful, and SMART (Specific, Measurable, Achievable, Realistic and Timely). A full work plan has been developed containing tasks and KPI s each of which has been allotted milestones and or targets to ensure that progress can be measures and monitored on a monthly basis. Business Intelligence (BI), Analytics and Modelling - use the performance data and metrics to analyse performance. This step is all about creating a solid evidence-base to inform decision making. Performance updates will be collated on a monthly basis and tools developed with which to analyse the data. Reporting and reviewing Performance - Translating the insights gained from performance information into management reports and dashboards and put the review processes in place to act on the data. Once the data has been analysed the results will be presented to senior managers, and stakeholders using a suite of reports and dashboards currently under development. Aligning People and culture - Ensuring the people, culture and leadership approaches are focused on performance improvement. This means closing the knowing/doing gap and acting on the insights gained and decisions made in order to generate real performance improvements. 15
17 Why is performance management important? if you don t measure results, you can t tell success from failure if you can t see success, you can t learn from it if you can t recognise failure, you can t correct it what gets measured gets done 5.14 Policies Following the demise of the Policy Monitoring Group (April 2015), all information governance policies are approved by the IG Board. This mechanism is in accordance with the Organisation s policy and resource pack. All policies are made available to staff via the Intranet / Internet site and are communicated via the communication plan (see Communication). Existing policies are updated and new policies introduced in line with current information governance agenda. These policies provide the organisation s Staff Code of Conduct and must be read in conjunction with the Organisation s Staff Handbook and Staff employment contracts. Policies outline scope and intent and provide staff with a robust IG framework whilst setting out their responsibilities as employees of the Trust. The Trust is committed to ensuring that all staff and those working with the Trust are familiar with the organisation s objectives and what is expected of staff in order to achieve these objectives. Policies and procedures are one of the key means the Trusts uses to communicate these expectations to staff Projects The Information Governance Team is part of the E-Health Department which holds the Programme Management Office. When projects are justified and a business case developed, the IG team receive a work package (in line with agreed template) and we complete the relevant checks from cradle to grave (i.e. pre procurement, contractor compliance checks (DPA / IG Toolkit compliant), ensuring accreditation documentation in place for services to use in terms of standard operating procedures, training etc Registration Authority Service The Registration Authority Service Team currently provide the RA service within CPFT and aim to deliver a quality and efficient service to Trust employees. The Team provide RA services also to primary care and CCG. The team are responsible for the registration process by which users of Smartcard-enabled IT applications are authenticated (proven who they say they are beyond reasonable doubt) and authorised (enabled to have particular levels of access to particular patient data). The Registration Authority is the governance framework within which the Trust can register individuals as users to access the NHS Smartcard enabled system(s) - maintaining the confidentiality and security of patient information at all times. Having a common and rigorous approach to how users are registered and are given access to the national services, and other services, is an integral part of protecting the confidentiality and security of every 16
18 patient's personal and health care details. In light of the work of introducing a new EPR an access control strategy will be compiled with the identified positions for staff within the Trust detailed for Caldicott ratification Risk Assessment and Incident Management Process Potential losses arising from breaches of IT and information security include physical destruction or damage to the organisation s computer systems, loss of system availability and the theft, disclosure or modification of information due to intentional or accidental unauthorised actions. In addition, healthcare organisations process person identifiable data of particular sensitivity, which needs to be protected from loss or inappropriate disclosure. Clear guidance has been documented and issued to staff and all should be made aware of the organisation s incident reporting and management procedures (currently via Ulysses). This process is supported by the Trust s IG policies and procedures regarding information risk management. The process for the investigation of Serious Untoward Incidents are in line with the HSCIC Information Governance SUI Checklist published in February The Head of IG is responsible for ensuring that adequate arrangements are in place for: Reporting IG events or incidents; Managing IG risks; Analysing, investigating and upward reporting of events/ incidents and recommendations in collaboration with STEIS and Information Commissioner s Office reporting. IG work plans progress recommendations and learn the lessons (identified as a separate IG objective) Communicating IG developments and standards to staff Ensuring completion of improvement plans as a result of a SUI investigation. In addition, when business cases are development the IG team have a checklist to follow in terms of ensuring that all privacy risks are identified at the start of the project and considered for inclusion; effectively putting privacy by design into the system Training and Development Information Governance Training and Development is essential for the development and improvement of staff knowledge and skills relating to IG not only within the IG Team but across the Trust. The development of the IG Team is listed as a specific IG objective because of its importance. IG training must extend beyond basic confidentiality and security awareness in order to develop and follow best practice. Staff must understand the value of information and their responsibility for it, which includes data quality, information security, records management, confidentiality, legal duty, information law and rights of access, and patient s rights in terms of a right of privacy and choice. To ensure that different learning styles are catered for, each year a different focus in terms of delivering training is found. Previously the Trust has had a series of face to face trainings ( ), e-learning and IG Code of Conduct Workbook ( ), e-learning tools (with video podcasts) ( ) with an updated IG Code of Conduct. This 17
19 training will be translated onto a video for use in induction sessions and to ensure that this is open to all staff this will be transferred onto a pod cast based on the Trust s website that can be used in team meetings to cater for staff (i.e. domestics, porters etc) who don t necessarily have open access to PCs. Information Governance training is a mandatory requirement for all staff and is included on induction and on annual refresher. The Trust has been successful for four years running in achieving over 95% compliance with mandatory training and to support this KPI on an ongoing basis, methodology has been developed to monitor this closely. The organisation also utilises the following additional methods to ensure staff are trained in Information Governance: E-Learning and Video As explained above (preferred method) IG Code of Conduct This was issued to all staff in and is being updated, with printed copies being hand delivered to all staff as part of the induction process and their recruitment into the organisation. Communication Plan monthly targeted communication that is issued via the Trust s Partnership News system and other routes (i.e. screen savers) so that assurance that provided to every member of staff. Policies, Procedures and Guidelines staff have clear guidelines on expected working practices and on the consequences of failing to follow policies and procedures. IG awareness and mandatory training procedures are in place (IGTT) and all staff receive training appropriate to their role. Confidentiality staff are provided with clear guidance on keeping information secure and on respecting the confidentiality of service users. Consent is appropriately sought before personal information is used in ways that do not directly contribute to the delivery of care services and objections to the use of such information are appropriately respected. Fair processing individuals are informed about the proposed use of personal information. Specialist Training for senior roles (SIRO/ Caldicott Guardian) on an individual and ad hoc basis. 18
20 6. Information Governance Governance Arrangements 6.1 National Requirements (i.e. Operating Framework, Monitor, HSCIC) The NHS Operating Framework for the NHS in England sets out the key priority areas for systematically improving quality across the NHS. The IG element details the legal framework governing the use of personal confidential data in health care is complex. It includes the NHS Act 2006, the Health and Social Care Act 2012, the Data Protection Act 1998, and the Human Rights Act The Law allows personal data to be shared between those offering care directly to patients but it protects patients confidentiality when data about them are used for other purposes. These secondary uses of data are essential if organisations are to run a safe, efficient, and equitable health service. It also includes the requirement for all NHS organisations to achieve a minimum of level 2 performance against all key requirements in the IG Toolkit as set out by the Department of Health (DoH). The Trust is ambitious and wishing to be high performing in this regard with the ambition to get to Level 3 compliance. 6.2 IG Toolkit The annual information governance assessment is measured via a self-assessment process of compliance against the standards set out in the IG Toolkit and verified by Internal Audit Review (Audit North). The standards are ordered into the following initiatives: Information Governance Management Information Security Assurance Confidentiality and Data Protection Assurance Clinical Information Assurance 19
21 Secondary Use Assurance Corporate Information Assurance. NHS organisation are required to submit online IG performance reports to the Department of Health which can be tracked by monitoring bodies (i.e. CQC, Monitor). There are three submissions: 30 July baseline assessment for organisations; 31 October self assessment or improvement report; 31 March final annual self-assessment report. The final performance assessment is submitted by 31 March each year and shared with the Care Quality Commission, and the Audit Commission. The results are reported on the DoH website and made available to the general public. The Trust also provides its own internal End of Year Report. 6.3 IG Arrangements The ultimate responsibility for Information Governance in the organisation lies with the Trust Board. The Board discharges its function through to the Clinical Governance Group. The IG Board is a sub-committee of the Trust s Clinical Governance Group. The IG Board will through the development and routine reporting of agreed key performance indicators, identify risks, measure progress, oversee any necessary remedial action is taken and effective and provide a report to the Trust s Clinical Governance Committee on a regular basis through the Head of Information Governance who is a member of the group. The IG Board has overall responsibility for overseeing the development and implementation of this framework, the IG policy and IG work plan / performance framework. This will be subject to periodic review and progress reports and any identified risks highlighted. The e-health department also has a monthly heads of service meeting with the Director of Strategy and Support Services and any items affecting the e-health department only will be raised through this Forum. Key representatives meet on an monthly basis as the IG Performance Group to act as focal point for the monitoring and performance management of business plan objectives. 20
22 The terms of reference and key responsibility of each Group is as detailed below: Overall responsibility Trust Board Functions of the Committee Clinical Governance Group IG Board E-Health Heads of Service meeting chaired by Michael Act as a focal point for the monitoring and performance management of the improvement plan for information governance standards and to provide assurance to the IG Board / Clinical Governance Groups (as appropriate) on progress against the standards Approve and sign off on behalf of the Board of Directors the standards for each element of the Information Governance Toolkit prior to submission to HSCIC Ensure that there is robust evidence (assurance) in place to support compliance against information governance standards. Ensure that the Trust has the key evidence to demonstrate the Trust is maintaining all standards at a minimum of level 2 used to measure IG assurance with a stretched target to achieve level 3 compliance in line with agreed trajectories. Provide an assessment of risk against information governance standards and the action being taken to manage and mitigate against the risks to the Clinical Safety Committee every six months. Ensure the national policy, strategy and guidance relating to information governance is implemented and evaluated appropriately. The IG Board will determine the level of assurance to be given to projects, processes through reviewing and signing off the Information Governance Project check lists. Monitor and performance manage the development and maintenance of information sharing agreements with partners and other third parties to ensure the safe and secure sharing of personal identifiable information for both primary and secondary care purposes. Monitoring the development and implementation of registration authority 21 Smillie. IG Performan ce Group
23 procedures to ensure that access to systems through smartcards are undertaken in a way that is safe and secure. To provide linkages to the relevant registration requirements with the Care Quality Commission and other regulatory bodies, i.e. Monitor To assist the SIRO (Senior Information Risk Owner) in his responsibilities and develop information risk policies, advise of information risk issues as appropriate. Similarly for the Caldicott Guardian in terms of protecting personal identifiable information Monitoring IG training that is available to staff and its completion in line with requirements detailed in the Informatics Planning component of the NHS operating framework Review all information security and confidentiality incidents that are reported in line with HSCIC guidance To monitor compliance with the information governance service level agreement with Cumbria Clinical Commissioning Group To provide a focal point for the resolution and / or discussion of information governance issues Approval of IG strategies and policies Ensure completion of all project areas as detailed in this framework which forms part of the Service Catalogue: - Asset management - Audit and spot check compliance - Communication - Contracts - Corporate records - Fairwarning - Health records audit - Human resources - Information rights - Information security management - Information sharing - Performance - Policies - Projects - Registration authority services - Risk management and incident management process - Training and development = escalation route as appropriate 22
24 = key function of group 7. Training Information Governance is a mandatory training requirement set by the Department of Health and contained within the NHS Operating Framework Informatics Planning where it states that all staff should receive annual basic IG training appropriate to their role. This is delivered as indicated above. Key individuals within the IG team and wider (SIRO, Caldicott Guardian, Information Asset Owners) need more in depth IG training dependent on their role and this forms part of a separate training needs analysis held by the Information Governance department (for IG staff) following appraisal and identification of development needs. The training for SIRO Caldicott Guardian and Information Asset Owners are in line with HSCIC IG Toolkit standards. The IG department monitor compliance in terms of ensuring that staff have attended which is via the Trust s agreed Trust process. 8. Monitoring compliance with this policy The audit and spot check document outlines the Trusts monitoring arrangements for the IG framework arrangements within the Trust. The Trust reserves the right to commission additional work or change the monitoring arrangements to meet organisational needs. In addition, the Information Governance toolkit requirements are reviewed each year by Audit North (approved Trust auditors). The monitoring arrangements for the various areas of IG are detailed in the separate document using the ICO guide to Data Protection Audits Aspect of compliance or effectiveness being monitored Monitoring method Individual responsible for the monitoring Frequency of the monitoring activity Group / committee which will receive the findings / monitoring report Group / committee / individual responsible for ensuring that the actions are completed Monitored via the arrangements in the document Audit and Spot Check Compliance Various (see document) Head of Information Governance Various (see separate document See governance arrangements (i.e. IG Board, Clinical Governance group etc) Director of Strategy and Support Services 23
Information Governance Standards in Relation to Third Party Suppliers and Contractors
Information Governance Standards in Relation to Third Party Suppliers and Contractors Document Summary Ensure staff members are aware of the standards that should be in place when considering engaging
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):
More informationINFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK
INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire
More informationINFORMATION GOVERNANCE AND DATA PROTECTION POLICY
INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy
More informationInformation Governance Framework and Strategy. November 2014
November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date
More informationInformation Governance Strategy
Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationPolicy: D9 Data Quality Policy
Policy: D9 Data Quality Policy Version: D9/02 Ratified by: Trust Management Team Date ratified: 16 th October 2013 Title of Author: Head of Knowledge Management Title of responsible Director Director of
More informationInformation Governance and Data Protection Policy
Information Governance and Data Protection Policy Page 1 of 21 Document Control Sheet Name of document: Version: Owner: File location / Filename: Information Governance and Data Protection Policy Final
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying
More informationInformation Governance Strategy :
Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update
More informationINFORMATION GOVERNANCE POLICY & FRAMEWORK
INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger
More informationInformation Governance Framework
Information Governance Framework Authorship: Chris Wallace, Information Governance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date: March
More informationInformation Governance Strategy
Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:
More informationA Question of Balance
A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What
More informationAll CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.
Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,
More informationINFORMATION GOVERNANCE STRATEGY
INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying
More informationInformation Governance Strategy. Version No 2.0
Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent
More informationINFORMATION RISK MANAGEMENT POLICY
INFORMATION RISK MANAGEMENT POLICY DOCUMENT CONTROL: Version: 1 Ratified by: Steering Group / Risk Management Sub Group Date ratified: 21 November 2012 Name of originator/author: Manager Name of responsible
More informationInformation Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.
Information Governance Policy 1 SUMMARY This policy is intended to ensure that staff are fully aware of their Information Governance (IG) responsibilities, so that they can effectively manage and best
More informationSOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager
SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY Report to the Trust Board 22 September 2015 Sponsoring Director: Author: Purpose of the report: Key Issues and Recommendations: Director
More informationInformation Governance Policy
Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date
More informationInformation Governance Policy
Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title
More informationNHS Commissioning Board: Information governance policy
NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION
More informationNHS Waltham Forest Clinical Commissioning Group Information Governance Policy
NHS Waltham Forest Clinical Commissioning Group Information Governance Policy Author: Zeb Alam & David Pearce Version 3.0 Amendments to Version 2.1 Updates made in line with National Guidance and Legislation
More informationInformation Governance Strategy 2015/16
Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal
More informationInformation Governance Policy (incorporating IM&T Security)
(incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationInformation Governance Management Framework
Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date
More informationInformation Governance Strategy
Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version
More informationInformation Governance Plan
Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.
More informationINFORMATION GOVERNANCE POLICY
ENFIELD CLINICAL COMMISSIONING GROUP INFORMATION GOVERNANCE POLICY PLEASE DESTROY ALL PREVIOUS VERSIONS OF THIS DOCUMENT Enfield CCG Information Governance Policy Information Governance Policy (Policy
More informationLancashire County Council Information Governance Framework
Appendix 'A' Lancashire County Council Information Governance Framework Introduction Information Governance provides a framework for bringing together all of the requirements, standards and best practice
More informationInformation Governance Strategy & Policy
Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information
More informationVersion Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation
Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South
More informationInformation Governance Policy
Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval
More informationInformation Governance Policy
Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route
More informationInformation Governance Strategy
Policy No: IG01 Version: 3.0 Name of Policy: Information Governance Strategy Effective From: 02/06/2015 Date Ratified 06/05/2015 Ratified Health Informatics Assurance Group (HIAG) Review Date 01/05/2017
More informationINFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK
INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic
More informationNHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety
More informationBarnsley Clinical Commissioning Group. Information Governance Policy and Management Framework
Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of
More informationInformation Governance Policy
Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact
More informationJOB DESCRIPTION. Information Governance Manager
JOB DESCRIPTION POST TITLE: Information Governance Manager DIRECTORATE: ACCOUNTABLE TO: BAND: LOCATION: CSS Head of Information Governance 8a CSS Job Purpose The Information Governance Manager will ensure
More informationInformation Governance Strategy. Version No 2.1
Livewell Southwest Information Governance Strategy Version No 2.1 Notice to staff using a paper copy of this guidance. The policies and procedures page of LSW Intranet holds the most recent version of
More informationNHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing
More informationNHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Final No impact Document Ratified/Approved By Hartlepool
More information1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.
Title: Reference No: NHSNYYIG - 007 Owner: Author: INFORMATION GOVERNANCE POLICY Director of Standards First Issued On: September 2010 Latest Issue Date: February 2012 Operational Date: February 2012 Review
More informationINFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER
INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE
More informationInformation Governance Policy
Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting
More informationInformation Governance Strategy
Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Name of Policy Author: Name of Review/Development Body: Ratification Body: Ruth Drewett Information Governance Steering Group Committee Trust Board : April 2015 Review date:
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY POLICY NO IM&T 011 DATE RATIFIED January 2012 NEXT REVIEW DATE January 2015 POLICY STATEMENT/KEY OBJECTIVE: To provide an overarching framework through which Information Governance
More informationInformation Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs
Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs NOTE: This is a CONTROLLED Document. Any documents appearing in paper
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:
More informationInformation Governance Policy
Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version
More informationNHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT
NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT 9.7 Date of the meeting 15/07/2015 Author Sponsoring Clinician Purpose of Report Recommendation J Green - Head
More informationINFORMATION GOVERNANCE POLICY
Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):
More informationNHS Waltham Forest Clinical Commissioning Group Information Governance Strategy
NHS Waltham Forest Clinical Commissioning Group Governance Strategy Author: Zeb Alam, CCG IG Lead, (NELCSU) David Pearce, Head of Governance, WFCCG Version 3.0 Amendments to Version 2.1 Annual Review Reference
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy
More informationInformation governance strategy 2014-16
Information Commissioner s Office Information governance strategy 2014-16 Page 1 of 16 Contents 1.0 Executive summary 2.0 Introduction 3.0 ICO s corporate plan 2014-17 4.0 Regulatory environment 5.0 Scope
More informationInformation Governance Policy
Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY
More informationInformation Governance Policy
Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September
More informationInformation Governance Policy
Information Governance Policy REFERENCE NUMBER IG 101 / 0v3 May 2012 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive 4.9.12 REVIEW DUE DATE May 2015 West Lancashire CCG is committed to ensuring
More informationPolicy Checklist. Head of Information Governance
Policy Checklist Name of Policy: Information Governance Policy Purpose of Policy: To provide guidance to all staff on their responsibilities regarding information governance and to ensure that the Trust
More informationInformation Incident Management and Reporting Procedures
Information Incident Management and Reporting Procedures Compliance with all policies, procedures, protocols, guidelines, guidance and standards is a condition of employment. Breach of policy may result
More informationInformation Governance Policy
Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups
More informationINFORMATION GOVERNANCE POLICY (INCORPORATING INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK)
Ref No: IN-101 INFORMATION GOVERNANCE POLICY (INCORPORATING INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK) AREA: POLICY SPONSOR: Trust Wide Director of Finance IMPLEMENTED: October 2009 REVISED: June 2011
More informationBEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE
GUIDANCE 1 TITLE: INFORMATION GOVERNANCE FRAMEWORK 2 POLICY AREA: INFORMATION GOVERNANCE 3 ACCOUNTABLE DIRECTOR FOR POLICY AREA: DIRECTOR OF QUALITY AND GOVERNANCE 4 GUIDANCE DRAFTED BY: INTEGRATED GOVERNANCE
More informationRISK MANAGEMENT STRATEGY 2014-17
RISK MANAGEMENT STRATEGY 2014-17 DOCUMENT NO: Lead author/initiator(s): Contact email address: Developed by: Approved by: DN128 Head of Quality Performance Julia.sirett@ccs.nhs.uk Quality Performance Team
More informationJob Description. Line Management of a small team of staff administrating and managing patient and professional feedback and incidents.
Job Description Job Title Pay Band Base Dept./Team Responsible to Accountable to Responsible for Complaints, Incidents and Governance Manager New Alderley House, Macclesfield Eastern Cheshire Clinical
More informationInformation Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.
Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments
More informationInformation Governance Strategy Includes Information risk & incident management methodology
Version 2.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality & Governance Committee Ratification date: May 2014 Review date: May
More informationTrust Informatics Policy. Information Governance. Information Governance Policy
Trust Informatics Policy Information Governance Policy Reference: TIP/IG/IGP I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/ - 1 Document Control Policy Title Author/Contact Document Reference
More informationInformation Incident Management and Reporting Procedures
` Information Incident Management and Reporting Procedures Compliance with all CCG policies, procedures, protocols, guidelines, guidance and standards is a condition of employment. Breach of policy may
More informationWe then give an overall assurance rating (as described below) indicating the extent to which controls are in place and are effective.
Good Practice Audit outcomes analysis Police Forces April 2013 to April 2014 This report is based on the final audit reports the ICO completed in the Criminal Justice sector, specifically of Police forces,
More informationDate: 30 th May 2013. Agenda Item: 5.5. Ian Mackenzie Director of Information and Estates REPORT AUTHOR:
TRUST BOARD IN PUBLIC Date: 30 th May 2013 Agenda Item: 5.5 REPORT TITLE: Information Governance Annual Report EXECUTIVE SPONSOR: Ian Mackenzie Director of Information and Estates REPORT AUTHOR: Sarah
More informationINFORMATION GOVERNANCE HANDBOOK
INFORMATION GOVERNANCE HANDBOOK SECTION ONE Author Tracey Burrows Role Information Governance Manager (CSCSU) Date / Version February 2015 Version FINAL V1.0 Approved by IM&T Board Date 27 February 2015
More informationRECORDS MANAGEMENT POLICY
RECORDS MANAGEMENT POLICY Version 8.0 Purpose: For use by: This document is compliant with /supports compliance with: To outline the lifecycle of a record and to provide guidance on retention and disposal
More informationInformation Governance Training Plan v13
Information Governance Training Plan To meet requirements of IGT v13 Lincolnshire East Clinical Commissioning Group Page 1 of 17 Contents Introduction Page 3 Training Provision Page 4 Staff Induction Awareness
More informationRecords Management and Information Lifecycle Strategy
LINCOLNSHIRE PARTNERSHIP NHS FOUNDATION TRUST Records Management and Information Lifecycle Strategy DOCUMENT VERSION CONTROL Document Type and Title: Strategy New or Replacing: Revised/Updated Version
More informationNHS Information Risk Management
NHS Information Risk Management Digital Information Policy NHS Connecting for Health January 2009 Contents Introduction Roles and Responsibilities Information Assets Information Risk Policies Links with
More informationStandard Operating Procedure for the Management of Information Governance Serious Incidents Requiring Investigation (IG SIRI)
Standard Operating Procedure for the Management of Information Governance Serious Incidents Requiring Investigation (IG SIRI) DOCUMENT CONTROL: Version: V1 Ratified by: Risk Management Sub Group Date ratified:
More informationPerformance Management Strategy & Framework. Debbie Kadum, Chief Operating Officer. Debbie Kadum, Chief Operating Officer
Reporting to: Trust Board Tuesday 25th July 2013 Enclosure 5 Title Sponsoring Director Author(s) Performance Management Strategy & Framework Debbie Kadum, Chief Operating Officer Debbie Kadum, Chief Operating
More informationInformation Management Strategy. July 2012
Information Management Strategy July 2012 Contents Executive summary 6 Introduction 9 Corporate context 10 Objective one: An appropriate IM structure 11 Objective two: An effective policy framework 13
More informationAuditing data protection a guide to ICO data protection audits
Auditing data protection a guide to ICO data protection audits Contents Executive summary 3 1. Audit programme development 5 Audit planning and risk assessment 2. Audit approach 6 Gathering evidence Audit
More informationInformation Governance Policy
Information Governance Policy Implementation date: 30 September 2014 Control schedule Approved by Corporate Policy and Strategy Committee Approval date 30 September 2014 Senior Responsible Officer Kirsty-Louise
More informationCCG: IG06: Records Management Policy and Strategy
Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of
More informationFurther to reports to EAG in February and March 2014, the purpose of this report is to;
Report to: Trust Board of Directors Date of Meeting: 29 May 2014 Report Title: Annual Information Governance Report 13/14 Status: Mark relevant box with X Prepared by: Executive Sponsor (presenting): Appendices
More informationCorporate Policy and Strategy Committee
Corporate Policy and Strategy Committee 10am, Tuesday, 30 September 2014 Information Governance Policies Item number Report number Executive/routine Wards All Executive summary Information is a key asset
More informationInformation Governance Management Framework
Information Governance Management Framework Document Status: Approved Version: v 1.3 DOCUMENT CHANGE HISTORY Version Date Comments (i.e. viewed, or reviewed, amended, approved by person or committee v1.0
More informationSubject Access Request (SAR) Procedure
Subject Access Request (SAR) Procedure East and North Hertfordshire Clinical Commissioning Group Page 1 of 16 DOCUMENT CONTROL SHEET Document Owner: Chief Finance Officer Document Author(s): Anne Ephgrave
More informationCaedmon College Whitby
Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be
More informationInformation Security and Governance Policy
Information Security and Governance Policy Version: 1.0 Ratified by: Information Governance Group Date ratified: 19 th October 2012 Name of organisation / author: Derek Wilkinson Name of responsible Information
More informationINFORMATION GOVERNANCE STAFF HANDBOOK
INFORMATION GOVERNANCE STAFF HANDBOOK Contents Why do YOU need to know about Information Governance (IG)?... 2 Keeping Information Safe... 2 Confidentiality... 2 Deciding to Communicate Important Information...
More informationJob Description. Information Assurance Manager Band 8A TBC Associate Director of Technology Parklands and other sites as required
Job Description Job Title: Grade: Accountable to: Base: 1. JOB PURPOSE Information Assurance Manager Band 8A TBC Associate Director of Technology Parklands and other sites as required The purpose of the
More informationINFORMATION GOVERNANCE STRATEGY NO.CG02
INFORMATION GOVERNANCE STRATEGY NO.CG02 Applies to: All NHS LA employees, Non-Executive Directors, secondees and consultants, and/or any other parties who will carry out duties on behalf of the NHS LA.
More informationInformation Governance and Management Standards for the Health Identifiers Operator in Ireland
Information Governance and Management Standards for the Health Identifiers Operator in Ireland 30 July 2015 About the The (the Authority or HIQA) is the independent Authority established to drive high
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Version Version 1 Ratified By Date Ratified PROPOSED FOR APPROVAL 15/11/12 Author(s) Responsible Committee / Officers Date Issue November 2012 Review Date November 2013 Intended
More informationPolicy Information Management
Policy Information Management Document Title: Policy Information Management Issue date: October 2013 Document Status: Approved IGC 23 Oct 2013 Review date: October 2014 Page 1 of 17 Document control Document
More informationSecurity Incident Management Policy
Security Incident Management Policy January 2015 Document Version 2.4 Document Status Owner Name Owner Job Title Published Martyn Ward Head of ICT Business Delivery Document ref. Approval Date 27/01/2015
More information