Trust Board Meeting: Wednesday 12 November 2014 TB
|
|
- Clement Wiggins
- 7 years ago
- Views:
Transcription
1 Trust Board Meeting: Wednesday 12 November 2014 Title Update on Information Governance: Mid-Year Selfassessment against Information Governance Toolkit Status History For discussion Bi-annual Update Board Lead(s) Andrew Stevens, Director of Planning and Information Key purpose Strategy Assurance Policy Performance Update Information Governance Mid-Year Review Page 1 of 13
2 Executive Summary 1. A self-assessment of the Information Governance toolkit was undertaken in October 2014 and it is anticipated that the Trust will score level 3 in 43 out of 45 toolkit standards. 2. A cyber security audit was undertaken in August The Trust is developing an action plan in response to the audit findings freedom of information requests were made to the Trust in the first half of this financial year. The percentage of requests responded to within 20 working days was on average 69%. 4. A new standard operating procedure to manage freedom of information requests has been developed. The Trust publication scheme has been developed to now be fully compliant with the Information Commissioner s Office standards. 5. Recommendation The Trust Board is asked to note this paper. Update Information Governance Mid-Year Review Page 2 of 13
3 Information Governance (IG) Mid-year Update 1. Introduction 1.1. This paper sets out the work which that been undertaken within the Information Governance Department over the first six months of financial year 2014/ Information Governance Toolkit 2.1. The Information Governance Toolkit is a set of information governance requirements drawn from central guidance and Department of Health Policy. Organizations that process patient data are required to carry out selfassessments of their compliance which are grouped under the following headings: Management structures and responsibilities (e.g. assigning responsibility for carrying out the IG assessment, providing staff training, etc) Confidentiality and data protection Information security The purpose of the assessment is to enable organisations to measure their compliance to see whether information is handled correctly and protected from unauthorised access, loss, damage and destruction The toolkit requires three assessments to be undertaken during the course of a financial year. An initial baseline score which is submitted at the end of July, a mid-year update score at the end of October and a final published score at the end of March. More detailed information concerning baseline scoring against set parameters can be found in appendix one. The Trust toolkit self assessment scores for the past 5 years are presented below. 120 Toolkit Self Assessment Scores % Baseline Target Published / /1012/ / / The table demonstrates that assessed compliance has been increasing year on year with target scores mirroring closely actual year end scores. It is anticipated that by year end 2014/15, 43 out of 45 toolkit standards will be scored at level In order to ensure accurate self-assessment the toolkit is externally audited annually by KPMG. The next audit is due to commence on the 20 October 2014 prior to the submission of the Trust s mid-year toolkit assessment. Update Information Governance Mid-Year Review Page 3 of 13
4 3. Information Governance Data Quality Group 3.1. It is the role of the Information Governance Data Quality group to oversee the work of the information governance department. The overall board lead is the Senior Information Risk Officer with Information Governance section of the meeting being Chaired by the Trust Caldicott Guardian. Meetings are held six weekly and so far in 2014/15 the group have met five times. The group is comprised of representatives from all Divisions and its remit is to ensure the Trust complies with statutory responsibilities, fulfils its legal obligations in terms of confidentiality and data protection, and manages high quality information efficiently within a robust governance structure A work programme has been developed to ensure that important objectives are met during the financial year. Progress against this workplan to date is presented in appendix two. Work undertaken this year includes the revision and development of policies, management and assessment of risks such as the use of fax machines, audit of corporate records, review of Trust intranet and internet IG pages and the development of staff and patient feedback surveys Examples of work still to be undertaken include completion of a database for documenting information assets and flows, further development of the Trust FOI publication scheme, review of the use of fax machines and the transfer of personal data domestically and overseas, and the development of a new interactive learning and development tool. 4. Information Governance Risks 4.1. Currently the risk register comprises of three global information governance risks The Trust not having the resources, systems and/or processes to achieve and maintain level 2 on all requirements of the IG toolkit Data unavailability or loss via poor records management, inappropriate transmission, loss of portable media, laptop/desktop/device theft, unsecured waste disposal, incompliant transcription services, and/or incorrect or excessive disclosure OUH served with an improvement or decision notice, or financial penalty by the ICO due to breaches in confidentiality/non-compliance with the Data Protection Act A further two risk assessments have been undertaken concerning the use of fax machines and portable devices. The group decided to review all risks, scoring their constituent parts, to gain a better understanding of where the highest risks are located Spot checks of information governance arrangements in departments began in October The completion of these should assist Divisions to identify their information governance risks and provide valuable intelligence to the Trust SIRO. The results of spot checks will be reported to the Information Governance Data Quality Group. Update Information Governance Mid-Year Review Page 4 of 13
5 5. Information Governance Incidents 5.1. Serious Incidents Requiring Investigation No information governance serious incidents requiring investigation have been reported in the first half of 2014/ Incidents All incidents reported under the categories of consent, confidentiality, communications and information governance, documentation and records (including EPR) are reported to the department leads as well as the information governance team. The responsibility for investigating these incidents remains with the departmental manager. However, where incidents are believed to be serious or require additional input the information governance team will assist with the investigation The tables presented below shows the ratio of incidents reported and their harm rate for these two categories. IG Incidents by Category First 6 Months 2014/15 Documentation and Records (including EPR), 71, 41% Consent, Confidentiality, Communications & Information Governance, 103, 59% IG Incidents Harm Rate First 6 Months 2014/ No harm Minor Moderate The majority of incidents that were reported resulted in no harm. Those with minor harm mainly related to loss of portable written information. Update Information Governance Mid-Year Review Page 5 of 13
6 Work has been undertaken to promote the safe handling of written information through the purchasing of confidential waste bins and posters at all exits to Trust sites as well as ticker tape messages to staff to remind them of their responsibility to safely dispose of information The moderate incidents reported relate to the security of information and are still under investigation. 6. Cyber Security 6.1. In August 2014 KPMG undertook a Cyber Security Audit of the Trust. The purpose of the audit was to assess the maturity of cyber controls against government standards in combination with internationally accepted maturity models. The domains examined were leadership and governance, human elements, information risk management, business continuity, operations and technology and legal and compliance The audit report identified some key recommendations for implementation which include: Assigning a specific cyber risk owner at board level Implementation of a security awareness programme Development of assurance and board sign off regarding EPR disaster recovery plan testing Development of user access management assurance for departmental systems 6.3. A meeting has been held with KPMG to discuss the audit findings with a further meeting being scheduled in the near future to develop an action plan. 7. Cases Involving the Information Commissioner s Office (ICO) 7.1. Two complaints were made to the ICO in the first half of 2014/15. No formal action has been taken by the ICO other than referring the complaints back to the Trust to be addressed. The complaints related to the security of medical records received in July 2014 and disclosure of information to clinicians received in August Freedom of Information 8.1. A full time FOI Officer was appointed and began work at the Trust in early May Since their appointment the FOI Officer has reviewed the FOI process, a new standard operating procedure has been written and the Trust publication scheme has been developed to now be compliant with ICO requirements. Update Information Governance Mid-Year Review Page 6 of 13
7 8.2. Detail concerning FOI performance is presented below. Performance 2014/15 April May June July August Sept Total # FOI Requests Received Clarified and Remain Outstanding % Sent within 20 days 74% 59% 68% 80% 67% 76% 69% Reasons for breaching 20 day response target Complex Request Internal Delay Final Revision Administrative Delay The numbers of FOI requests received by the Trust is broadly the same as this time period during the last financial year. In the first half of 2014/ requests were received in the first half of the year up to end of September as compared to 299 requests received in 2013/14 up to mid October The average compliance rate for the completion of FOI requests within 20 working days in the first half of 2014/15 is 69%. The process for acknowledgement and requesting information has been reviewed and the timescale for initial work by the FOI Officer has been shortened. It is hoped that this will increase the average compliance rate allowing more time for the request to be checked and signed off. One third of requests that did not meet the timescale were due to the complexity and nature of the request. Additionally, these requests often involved a number of services making the drawing together of data sources more difficult. Andre Stevens, Director of Planning and Information Report prepared by Nuala Buchan-Brodie, Information Governance and Records Manager Update Information Governance Mid-Year Review Page 7 of 13
8 Appendix 1 IG Toolkit Status Up-date following Submission of Baseline Score Legend: Requirement has not been answered Requirement has not been reviewed Requirement is not scored at the required level Requirement is scored at or above the required level Requirement 101 There is an adequate Information Governance Management Framework to support the current and evolving Information Governance agenda 105 There are approved and comprehensive Information Governance Policies with associated strategies and/or improvement plans 110 Formal contractual arrangements that include compliance with information governance requirements, are in place with all contractors and support organisations 111 Employment contracts which include compliance with information governance standards are in place for all individuals carrying out work on behalf of the organisation 112 Information Governance awareness and mandatory training procedures are in place and all staff are appropriately trained 200 The Information Governance agenda is supported by adequate confidentiality and data protection skills, knowledge and experience which meet the organisation s assessed needs 201 Staff are provided with clear guidance on keeping personal information secure, on respecting the confidentiality of service users, and on the duty to share information for care purposes 202 Personal information is shared for care but is only used in ways that do not directly contribute to the delivery of care services where there is a lawful basis to do so and objections to the disclosure of confidential personal information are appropriately respected 203 Individuals are informed about the proposed uses of their personal information Baseline Latest 2 3 Update Information Governance Mid-Year Review Page 8 of 13
9 Requirement 205 There are appropriate procedures for recognising and responding to individuals requests for access to their personal data 206 There are appropriate confidentiality audit procedures to monitor access to confidential personal information 207 Where required, protocols governing the routine sharing of personal information have been agreed with other organisations 209 All person identifiable data processed outside of the UK complies with the Data Protection Act 1998 and Department of Health guidelines 210 All new processes, services, information systems, and other relevant information assets are developed and implemented in a secure and structured manner, and comply with IG security accreditation, information quality and confidentiality and data protection requirements 300 The Information Governance agenda is supported by adequate information security skills, knowledge and experience which meet the organisation s assessed needs 301 A formal information security risk assessment and management programme for key Information Assets has been documented, implemented and reviewed 302 There are documented information security incident / event reporting and management procedures that are accessible to all staff 303 There are established business processes and procedures that satisfy the organisation s obligations as a Registration Authority 304 Monitoring and enforcement processes are in place to ensure NHS national application Smartcard users comply with the terms and conditions of use 305 Operating and application information systems (under the organisation s control) support appropriate access control functionality and documented and managed access rights are in place for all users of these systems 307 An effectively supported Senior Information Risk Owner takes ownership of the organisation s information risk policy and information risk management strategy Baseline Latest 1 2 Update Information Governance Mid-Year Review Page 9 of 13
10 Requirement 308 All transfers of hardcopy and digital person identifiable and sensitive information have been identified, mapped and risk assessed; technical and organisational measures adequately secure these transfers 309 Business continuity plans are up to date and tested for all critical information assets (data processing facilities, communications services and data) and service - specific measures are in place 310 Procedures are in place to prevent information processing being interrupted or disrupted through equipment failure, environmental hazard or human error 311 Information Assets with computer components are capable of the rapid detection, isolation and removal of malicious code and unauthorised mobile code 313 Policy and procedures are in place to ensure that Information Communication Technology (ICT) networks operate securely 314 Policy and procedures ensure that mobile computing and teleworking are secure 323 All information assets that hold, or are, personal data are protected by appropriate organisational and technical measures 324 The confidentiality of service user information is protected through use of pseudonymisation and anonymisation techniques where appropriate 400 The Information Governance agenda is supported by adequate information quality and records management skills, knowledge and experience 401 There is consistent and comprehensive use of the NHS Number in line with National Patient Safety Agency requirements 402 Procedures are in place to ensure the accuracy of service user information on all systems and /or records that support the provision of care 404 A multi-professional audit of clinical records across all specialties has been undertaken 406 Procedures are in place for monitoring the availability of paper health/care records and tracing missing records 501 National data definitions, standards, values and validation programmes are incorporated within key Baseline Latest Update Information Governance Mid-Year Review Page 10 of 13
11 Requirement systems and local documentation is updated as standards develop 502 External data quality reports are used for monitoring and improving data quality 504 Documented procedures are in place for using both local and national benchmarking to identify data quality issues and analyse trends in information over time, ensuring that large changes are investigated and explained 505 An audit of clinical coding, based on national standards, has been undertaken by a Clinical Classifications Service (CCS) approved clinical coding auditor within the last 12 months 506 A documented procedure and a regular audit cycle for accuracy checks on service user data is in place 507 The Completeness and Validity check for data has been completed and passed 508 Clinical/care staff are involved in validating information derived from the recording of clinical/care activity 510 Training programmes for clinical coding staff entering coded clinical data are comprehensive and conform to national clinical coding standards 601 Documented and implemented procedures are in place for the effective management of corporate records 603 Documented and publicly available procedures are in place to ensure compliance with the Freedom of Information Act As part of the information lifecycle management strategy, an audit of corporate records has been undertaken Baseline Latest Total (%) 80% 81% Update Information Governance Mid-Year Review Page 11 of 13
12 Appendix 2 Information Governance Workplan 2014/15 October 2014 Information Governance Work Programme 2014/15 (October update) Task Toolkit Date Lead Status Ref Approve work programme April NB-B Complete Review IG Risks and update Health Assure April, July, Oct, NB-B In progress Jan. Review of IGTK V11 results April MH Complete Review and update contents of the IG Intranet site April onwards NB-B Complete Review IG suite of policies and procedures, approve at IGDQG 101 April onwards NB-B In progress Create comprehensive list of contractors and third parties that have 110, 302 April onwards and NB-B In progress access to information and/or information assets. Ensure contracts reviewed annually. by Review IG Training Needs Assessment and Develop Training Plan 111, 112 April onwards and NB-B Complete by Complete Trust-wide information mapping exercise 308 April onwards and NB-B In progress Assessment of transfers of personally identifiable information to countries outside the UK. Transfers should be fully documented, reviewed and tested to ensure compliance with the DPA and the IG tool kit. Update Information Governance Mid-Year Review Page 12 of 13 by Plan audit of corporate records (in at least 4 corporate areas) 604 December NB-B Complete Update Trust privacy statement CB Complete Review and update Publication Scheme and FOI intranet pages 603 By NB-B In progress Review of use of fax machines within the Trust (from IGDQ minute NB-B In progress 13-14/009) IGTK V12 baseline submission score All July NB-B Complete IGTK V12 update submission score All October NB-B Planned SIRO report and IGTK v12 final submission report All April 2015 RH Planned Carry out spot checks to confirm staff understanding of IG responsibilities 111, 112 By NB-B In progress
13 Task Carry out service user satisfaction survey to record whether SU s trust OUH to hold information securely (previously deemed to be done via annual survey but consider more targeted questions) Toolkit Date Lead Status Ref 201 By NB-B In progress Approval of IGTK V12 final submission score All NB-B Planned IGTK v12 Updates to IGDQ All After each NB-B In progress submission EPR Implementation Updates to IGDQ 6 weekly PA In progress RA Updates to IGDQ (to include annual audit to cover smartcards, RA hardware (computers, scanners and smartcard readers) and consumables. 303, weekly HJ IG Incidents/Confidentiality Breaches Updates to IGDQ 6 weekly NB-B Ongoing Review of IG Key Documents Programme 2013/14 6 weekly NB-B Ongoing ICO News Releases Update to IGDQ 6 weekly NB-B Ongoing FOI performance update to IGDQ Annual FOI performance update to the Health Informatics Committee IG bi-annual report to the Health Informatics Committee Quarterly (June, NB-B Ongoing Sept, Dec, Mar) March NB-B Planned Bi-annually (Sept, Mar) Annual Subject Access Request Report 205 End of March 2015 for April 2015 Review and update evidence for all level 3 toolkit requirements All not listed below NB-B BW Ongoing Planned 31 March 2015 NB-B In progress Update Information Governance Mid-Year Review Page 13 of 13
Information Governance Toolkit Report 2013/14
TAUNTON AND SOMERSET NHS FOUNDATION TRUST Information Governance Toolkit Report 2013/14 Report to: Trust Board on: 28 May 2014 Purpose of the Report: This report is presented to the Trust Board for information
More informationInformation Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.
Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments
More informationInformation Governance Plan
Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.
More informationNHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT
NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT 9.7 Date of the meeting 15/07/2015 Author Sponsoring Clinician Purpose of Report Recommendation J Green - Head
More informationInformation Governance Toolkit Assessment 2009/10
Information Governance Toolkit Assessment 2009/10 Document Reference: Version: Ratified by: Date ratified: Name of originator/author: Name of responsible committee/individual: Document owner: Document
More informationInformation Governance Strategy
Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationInformation Governance Policy (incorporating IM&T Security)
(incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationShropshire Community Health Service NHS Trust Policies, Procedures, Guidelines and Protocols
Shropshire Community Health Service NHS Trust Policies, Procedures, Guidelines and Protocols Title Trust Ref No 1340-29497 Local Ref (optional) Main points the document covers Who is the document aimed
More informationINFORMATION GOVERNANCE POLICY
Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):
More informationA Question of Balance
A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What
More informationINFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER
INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE
More informationInformation Governance Strategy. Version No 2.1
Livewell Southwest Information Governance Strategy Version No 2.1 Notice to staff using a paper copy of this guidance. The policies and procedures page of LSW Intranet holds the most recent version of
More informationInformation Governance Strategy. Version No 2.0
Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY POLICY NO IM&T 011 DATE RATIFIED January 2012 NEXT REVIEW DATE January 2015 POLICY STATEMENT/KEY OBJECTIVE: To provide an overarching framework through which Information Governance
More informationFurther to reports to EAG in February and March 2014, the purpose of this report is to;
Report to: Trust Board of Directors Date of Meeting: 29 May 2014 Report Title: Annual Information Governance Report 13/14 Status: Mark relevant box with X Prepared by: Executive Sponsor (presenting): Appendices
More informationInformation Governance Strategy :
Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update
More informationInformation Governance Policy
Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date
More informationINFORMATION GOVERNANCE STRATEGY
INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying
More informationINFORMATION GOVERNANCE POLICY & FRAMEWORK
INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger
More informationInformation Governance Policy
Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route
More informationINFORMATION GOVERNANCE AND DATA PROTECTION POLICY
INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy
More informationInformation Governance Management Framework
Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):
More informationData Protection Breach Reporting Procedure
Central Bedfordshire Council www.centralbedfordshire.gov.uk Data Protection Breach Reporting Procedure October 2015 Security Classification: Not Protected 1 Approval History Version No Approved by Approval
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Version Version 1 Ratified By Date Ratified PROPOSED FOR APPROVAL 15/11/12 Author(s) Responsible Committee / Officers Date Issue November 2012 Review Date November 2013 Intended
More informationInformation Governance Strategy
Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching
More informationInformation Governance Policy
Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact
More informationInformation Governance Standards in Relation to Third Party Suppliers and Contractors
Information Governance Standards in Relation to Third Party Suppliers and Contractors Document Summary Ensure staff members are aware of the standards that should be in place when considering engaging
More informationInformation Governance and Data Protection Policy
Information Governance and Data Protection Policy Page 1 of 21 Document Control Sheet Name of document: Version: Owner: File location / Filename: Information Governance and Data Protection Policy Final
More informationRECORDS MANAGEMENT POLICY
RECORDS MANAGEMENT POLICY Version 8.0 Purpose: For use by: This document is compliant with /supports compliance with: To outline the lifecycle of a record and to provide guidance on retention and disposal
More informationBarnsley Clinical Commissioning Group. Information Governance Policy and Management Framework
Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of
More informationInformation Governance Strategy
Policy No: IG01 Version: 3.0 Name of Policy: Information Governance Strategy Effective From: 02/06/2015 Date Ratified 06/05/2015 Ratified Health Informatics Assurance Group (HIAG) Review Date 01/05/2017
More informationInformation Governance Strategy
Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version
More informationInformation Governance Policy
BEXLEY CARE TRUST MANAGEMENT MANUAL Title: INFORMATION GOVERNANCE POLICY Originating Department: IT DEPARTMENT Authorised by: Risk Management Committee June 2008 Reference no: CA12 Date of Issue: JANUARY
More information1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.
Title: Reference No: NHSNYYIG - 007 Owner: Author: INFORMATION GOVERNANCE POLICY Director of Standards First Issued On: September 2010 Latest Issue Date: February 2012 Operational Date: February 2012 Review
More informationInformation Governance Strategy Includes Information risk & incident management methodology
Version 2.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality & Governance Committee Ratification date: May 2014 Review date: May
More informationInformation Governance Policy
Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading
More informationCaedmon College Whitby
Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be
More informationRECORDS MANAGEMENT POLICY
[Type text] RECORDS MANAGEMENT POLICY POLICY TITLE Academic Year: 2013/14 onwards Target Audience: Governing Body All Staff and Students Stakeholders Final approval by: CMT - 1 October 2014 Governing Body
More informationRECORDS MANAGEMENT FRAMEWORK
RECORDS MANAGEMENT FRAMEWORK Policy Number: 253 Supersedes: Standards For Healthcare Services No/s 1, 19, 20 Version No: Date Of Review: Reviewer Name: 1.1 Nov 2011 Alison Gittins 1.2 Mar 2015 Alison Gittins
More informationINFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK
INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic
More informationInformation Governance Strategy Includes Information risk & incident management methodology
Version 3.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality Assurance Group Ratification date: March 2015 Review date: March 2016
More informationInformation Management Policy CCG Policy Reference: IG 2 v4.1
Information Management Policy CCG Policy Reference: IG 2 v4.1 Document Title: Policy Information Management Document Status: Final Page 1 of 15 Issue date: Nov-2015 Review date: Nov-2016 Document control
More informationInformation Governance Strategy
Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:
More informationJOB DESCRIPTION. Information Governance Manager
JOB DESCRIPTION POST TITLE: Information Governance Manager DIRECTORATE: ACCOUNTABLE TO: BAND: LOCATION: CSS Head of Information Governance 8a CSS Job Purpose The Information Governance Manager will ensure
More informationNHS Waltham Forest Clinical Commissioning Group Information Governance Policy
NHS Waltham Forest Clinical Commissioning Group Information Governance Policy Author: Zeb Alam & David Pearce Version 3.0 Amendments to Version 2.1 Updates made in line with National Guidance and Legislation
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying
More informationBEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE
GUIDANCE 1 TITLE: INFORMATION GOVERNANCE FRAMEWORK 2 POLICY AREA: INFORMATION GOVERNANCE 3 ACCOUNTABLE DIRECTOR FOR POLICY AREA: DIRECTOR OF QUALITY AND GOVERNANCE 4 GUIDANCE DRAFTED BY: INTEGRATED GOVERNANCE
More informationInformation Governance Framework
Information Governance Framework March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aim 2 3 Purpose, Values and Principles 2 4 Scope 3 5 Roles and Responsibilities 3 6 Review 5 Appendix 1 - Information
More informationLancashire County Council Information Governance Framework
Appendix 'A' Lancashire County Council Information Governance Framework Introduction Information Governance provides a framework for bringing together all of the requirements, standards and best practice
More informationNHS Commissioning Board: Information governance policy
NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION
More informationNHS Information Governance: 2010/11 UPDATE
NHS Information Governance: 2010/11 UPDATE JANUARY 2011 Contents Outline of the Changes Quick reference to additional evidence requirements Guide to using the online Toolkit Frequently asked questions
More informationINFORMATION GOVERNANCE POLICY
ENFIELD CLINICAL COMMISSIONING GROUP INFORMATION GOVERNANCE POLICY PLEASE DESTROY ALL PREVIOUS VERSIONS OF THIS DOCUMENT Enfield CCG Information Governance Policy Information Governance Policy (Policy
More informationInformation Governance Policy
Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:
More informationInformation Governance Strategy & Policy
Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval
More informationJob Description. Information Assurance Manager Band 8A TBC Associate Director of Technology Parklands and other sites as required
Job Description Job Title: Grade: Accountable to: Base: 1. JOB PURPOSE Information Assurance Manager Band 8A TBC Associate Director of Technology Parklands and other sites as required The purpose of the
More informationINFORMATION GOVERNANCE STRATEGY NO.CG02
INFORMATION GOVERNANCE STRATEGY NO.CG02 Applies to: All NHS LA employees, Non-Executive Directors, secondees and consultants, and/or any other parties who will carry out duties on behalf of the NHS LA.
More informationGeneral Register Office for Scotland information about Scotland s people. Paper NHSCR GB 5/07. NHSCR s quality assurance procedures
General Register Office for Scotland information about Scotland s people Paper NHSCR GB 5/07 NHSCR s quality assurance procedures November 2007 NHSCR SCOTLAND INFORMATION GOVERNANCE STANDARDS Author: Muriel
More informationHSCIC Audit of Data Sharing Activities:
Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 20/04/2016 HSCIC Audit of Data Sharing
More informationINFORMATION GOVERNANCE HANDBOOK
INFORMATION GOVERNANCE HANDBOOK SECTION ONE Author Tracey Burrows Role Information Governance Manager (CSCSU) Date / Version February 2015 Version FINAL V1.0 Approved by IM&T Board Date 27 February 2015
More informationINFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK
INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire
More informationInformation Governance Policy
Information Governance Policy REFERENCE NUMBER IG 101 / 0v3 May 2012 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive 4.9.12 REVIEW DUE DATE May 2015 West Lancashire CCG is committed to ensuring
More informationInformation Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.
Information Governance Policy 1 SUMMARY This policy is intended to ensure that staff are fully aware of their Information Governance (IG) responsibilities, so that they can effectively manage and best
More informationTrust Informatics Policy. Information Governance. Information Governance Policy
Trust Informatics Policy Information Governance Policy Reference: TIP/IG/IGP I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/ - 1 Document Control Policy Title Author/Contact Document Reference
More informationBest Value toolkit: Information management
Best Value toolkit: Information management Prepared by Audit Scotland July 2010 Contents Introduction 2 The Audit of Best Value 2 The Best Value toolkits 4 Using the toolkits 4 Auditors evaluations 5 Best
More informationNHS Business Services Authority Records Management Audit Framework
NHS Business Services Authority Records Management Audit Framework NHS Business Services Authority Corporate Secretariat NHSBSARM019 Issue Sheet Document Reference Document Location Title Author Issued
More informationAn Approach to Records Management Audit
An Approach to Records Management Audit DOCUMENT CONTROL Reference Number Version 1.0 Amendments Document objectives: Guidance to help establish Records Management audits Date of Issue 7 May 2007 INTRODUCTION
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title
More informationInformation Governance Policy
Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September
More informationDate: 30 th May 2013. Agenda Item: 5.5. Ian Mackenzie Director of Information and Estates REPORT AUTHOR:
TRUST BOARD IN PUBLIC Date: 30 th May 2013 Agenda Item: 5.5 REPORT TITLE: Information Governance Annual Report EXECUTIVE SPONSOR: Ian Mackenzie Director of Information and Estates REPORT AUTHOR: Sarah
More informationInformation Governance Framework and Strategy. November 2014
November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date
More informationSOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager
SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY Report to the Trust Board 22 September 2015 Sponsoring Director: Author: Purpose of the report: Key Issues and Recommendations: Director
More informationInformation Management Strategy. July 2012
Information Management Strategy July 2012 Contents Executive summary 6 Introduction 9 Corporate context 10 Objective one: An appropriate IM structure 11 Objective two: An effective policy framework 13
More informationInformation Security Assurance Plan 2015/16
Information Security Assurance Plan 2015/16 Policy number: N/A Version 2.0 Approved by Name of author/originator Owner (Exec Director) Date of approval August 2015 Date of last review July 2015 Next due
More informationInformation Governance Policy
Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups
More informationPolicy Checklist. Head of Information Governance
Policy Checklist Name of Policy: Information Governance Policy Purpose of Policy: To provide guidance to all staff on their responsibilities regarding information governance and to ensure that the Trust
More informationNHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety
More informationAll CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.
Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,
More informationWhat NHS staff need to know
St George s Healthcare NHS NHS Trust Surrey Health Informatics Service Sussex Health Informatics Service Records Management Explained What NHS staff need to know A guide to Records Management Contents
More informationCorporate Policy and Strategy Committee
Corporate Policy and Strategy Committee 10am, Tuesday, 30 September 2014 Information Governance Policies Item number Report number Executive/routine Wards All Executive summary Information is a key asset
More informationHighland Council Information Security Policy
Highland Council Information Security Policy Document Owner: Vicki Nairn, Head of Digital Transformation Page 1 of 16 Contents 1. Document Control... 4 Version History... 4 Document Authors... 4 Distribution...
More informationInformation Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs
Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs NOTE: This is a CONTROLLED Document. Any documents appearing in paper
More informationComplaints Policy. Complaints Policy. Page 1
Complaints Policy Page 1 Complaints Policy Policy ref no: CCG 006/14 Author (inc job Kat Tucker Complaints & FOI Manager title) Date Approved 25 November 2014 Approved by CCG Governing Body Date of next
More informationData Protection Policy
Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages
More informationDATA PROTECTION ACT 1998 COUNCIL POLICY
DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations
More informationINFORMATION GOVERNANCE
This document is uncontrolled once printed. Please refer to the Trusts Intranet site (Procedural Documents) for the most up to date version INFORMATION GOVERNANCE NGH-PO-233 Ratified By: Procedural Document
More informationRecords Management Policy
Once printed off, this is an uncontrolled document. Please check the Intranet for the most up to date copy Author Freedom of Information Lead Version 5.0 Issue Issue Date October 2011 Review Date October
More informationIssue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager
Document Reference Number Date Title Author Owning Department Version Approval Date Review Date Approving Body UoG/ILS/IS 001 January 2016 Information Security and Assurance Policy Information Security
More informationMONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY
MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency
More informationInformation Governance Policy
Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting
More informationInformation Governance Framework
Information Governance Framework Authorship: Chris Wallace, Information Governance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date: March
More informationInformation Sharing Protocol
Information Sharing Protocol South Central PCTs, General Practices and Tribal Consulting Limited Commissioning Enablement Service (Analytics) Document Control Date Version Author Comment 08/02/10 0.1 A.
More informationAuditing data protection a guide to ICO data protection audits
Auditing data protection a guide to ICO data protection audits Contents Executive summary 3 1. Audit programme development 5 Audit planning and risk assessment 2. Audit approach 6 Gathering evidence Audit
More informationInformation Governance Training Plan v13
Information Governance Training Plan To meet requirements of IGT v13 Lincolnshire East Clinical Commissioning Group Page 1 of 17 Contents Introduction Page 3 Training Provision Page 4 Staff Induction Awareness
More informationINFORMATION RISK MANAGEMENT POLICY
INFORMATION RISK MANAGEMENT POLICY DOCUMENT CONTROL: Version: 1 Ratified by: Steering Group / Risk Management Sub Group Date ratified: 21 November 2012 Name of originator/author: Manager Name of responsible
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Name of Policy Author: Name of Review/Development Body: Ratification Body: Ruth Drewett Information Governance Steering Group Committee Trust Board : April 2015 Review date:
More informationPolicy Information Management
Policy Information Management Document Title: Policy Information Management Issue date: October 2013 Document Status: Approved IGC 23 Oct 2013 Review date: October 2014 Page 1 of 17 Document control Document
More informationINFORMATION GOVERNANCE POLICY (INCORPORATING INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK)
Ref No: IN-101 INFORMATION GOVERNANCE POLICY (INCORPORATING INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK) AREA: POLICY SPONSOR: Trust Wide Director of Finance IMPLEMENTED: October 2009 REVISED: June 2011
More information