Information Assurance Strategy. NHS Lanarkshire
|
|
- Anastasia Washington
- 7 years ago
- Views:
Transcription
1 Information Assurance Strategy NHS Lanarkshire Issue 4 Issue 4 Page 1 of 15
2 Document History Date Author Change Version No. 2/1/13 James Cardwell- Initial draft 0.1 5/1/13 James Cardwell- Incorporating some comments from Dave 0.2 Philpott. Further detail added into section 8. 7/1/13 James Cardwell- Further detail added into section 9. Further comments from Dave Philpott. Then distributed to Dr Harpreet Kohli, Dr Philip McMenemy, Craig Tannahill and John Duncan on 8 th January /1/13 James Cardwell- 25/1/13 James Cardwell- 30/1/13 James Cardwell- 19/2/13 James Cardwell- for review and comment. Document updated following input and comments from Dr Harpreet Kohli, Dr Philip McMenemy, Craig Tannahill and John Duncan. Distributed to IG Committee members on 18 th January. Document updated following further input from John Duncan, Craig Tannahill and members of the IG Committee. This version to be presented to IG Committee on 29 th January for approval. Inclusion of comment from Gavin Cox. IG Committee final review and endorsement at IG meeting on 29 th January. Issue 1 document prepared ready to go to CMT on 14 th February. Inclusion of comments from CMT. Issue 2 document prepared to go to NHSL Board 27 th February. 27/2/13 James Cardwell- Endorsed and approved by the NHS Lanarkshire Board. 14/5/13 Craig Tannahill Review date added, comment received from Internal Audit 25/02/2013 Craig Tannahill Reviewed Sections 3, 8.4, 9, 10 and new section 11 addded Issue 1 Issue 2 Issue 2 Issue 3 Issue 4 Contributing Author / Authors CONSULTATION AND DISTRIBUTION RECORD Information Assurance Project Team Consultation Process / Approval: Information Governance Committee CMT Issue 4 Page 2 of 15
3 NHSL Board Distribution: DMT s Issue 4 Page 3 of 15
4 Table of Contents 1. Introduction Purpose Context and Background Threats and Vulnerabilities Aims and Scope Aims of Strategy Scope of Strategy Vision and Strategic Principles Benefits Strategic Focus and Action Leadership and Governance Information Risk Management Policy and Operations Monitoring and Compliance Implementation Next Steps Issue 4 Page 4 of 15
5 1. Introduction NHS Lanarkshire (hereafter NHSL) believes that the effective collection, storage, security, dissemination and use of information are fundamental to the safe treatment and care of patients. NHSL recognises its duty of care, at both an individual and corporate level, to ensure that personal and business information is used wisely and well as well as responsibly and with care. NHSL has, under its ehealth Strategy and Delivery Plan, made significant investment and progress in recent years to transform and improve the availability, integrity and confidentiality of information. NHSL s current structures and processes enable considerable sharing of information. However the information sharing landscape is changing quickly. The Scottish Government and the general public are demanding greater openness and transparency all at a time when the public are more anxious about the ubiquitous use of their data. The Board understands this changing environment and the need to provide confidence that information is held securely, appropriately, maintained accurately and is available when necessary. Therefore NHSL will now build on this position and fully develop and implement an Information Assurance Strategy. In essence, the term information assurance is used to describe confidence in the processes, systems and management to ensure the appropriate levels of availability, integrity and confidentiality of information assets. This is further defined as; Availability - to ensure that the right information is available to the right people at the right time; Integrity - to ensure that the data held is correct, current, and can only be modified by authorised users with clear audit trails; Confidentiality - the protection of information from unauthorised disclosure and ensuring that information is adequate, relevant and not excessive in relation to the purpose for which it is required and not kept longer than is necessary than the period that it is required. This also reflects the sensitivity of much of the information that NHSL requires to deliver its services safely, efficiently and diligently. 2. Purpose The purpose of this strategy is to formally set out the strategic direction and guiding principles for establishing and embedding an information assurance capability and culture across NHSL. This document includes an outline of the key areas of strategic focus and action. These areas are expressed at a high level however they will be supported in due course by an implementation plan and measurement framework. Together these documents set out NHSL s intent and plans around leadership, governance, risk management, policy, operations, monitoring and compliance of effective information assurance. Issue 4 Page 5 of 15
6 3. Context and Background In November 2011, the Scottish Government communicated to all NHS Board Chief Executives, its strategic direction for the development and embedding of an Information Assurance culture across NHS Scotland. This national strategy and approach supports the Scottish Government s ehealth Strategy and is pivotal in enabling NHS Scotland s Quality Strategy and its desired outcomes. NHS Board s are required to deliver against the principles and commitments set out in the national strategy and approach. This policy agenda has been determined against a background of transformational change across government departments, agencies and the voluntary sector. Advances in technology and the requirement that public services are designed and delivered around citizens are driving greater joining up of systems and the information they hold. This context means that on an unprecedented scale highly sensitive information must be shared and used with trust and confidence whilst ensuring its confidentiality and accuracy. Whilst ensuring safeguards and security, NHSL wishes to exploit the information assurance opportunities that integrated and more collaborative public (and private sector) services should provide. Such opportunities will notably avail themselves through the planned Scottish Government policy of much greater integration of health and social care adult services. NHSL information assurance strategy builds upon and aligns with; NHS Scotland Information Assurance Strategy; NHS Scotland ehealth Strategy ( ); NHS Scotland Quality Strategy; Records Management Code of Practice; Health Rights Information Scotland; Public Records Scotland Act 2011; NHSL Healthier Future Strategy ( ) NHSL ehealth Delivery Plan ( ) (part of NHSL LDP) The local NHSL IA strategy also aligns with relevant notable guidance and legislation including; 4. Threats and Vulnerabilities Data Protection Act 1998; Freedom of Information Act (Scotland) 2002; Caldicott Guidance; Information Commissioners Office. The pace of change in the ICT environment over the last twenty years has been phenomenal. This unprecedented development in ICT has opened up new frontiers and opportunities in healthcare but also it has brought significant threats and vulnerabilities to NHS organisations. New approaches to the sharing of information, including the increasing use of wireless devices and equipment combining different types of media, presents significant new threats to information and information systems. Issue 4 Page 6 of 15
7 The ability to invade (i.e. obtain access to data without changing it) attack and disrupt from distance coupled with malicious activity and intent is a serious concern. NHS organisations information and systems have become more vulnerable as increasing sharing of information across organisational and physical boundaries takes place. Any such incidents of attack or misuse of information quickly harm public confidence. It s for these reasons that a new approach to information governance and assurance is required that will be sufficiently flexible to anticipate changes to the way in which organisations and people use ICT to deliver patient and administrative benefits. The NHSL strategy places information assurance at the very centre of the organisation and its day to day operations. 5. Aims and Scope 5.1 Aims of Strategy This strategy aims to; Guide improvement in three broad areas: availability, integrity and confidentiality of information so that the management of information is an integral and effective part of normal robust business processes and day-to day operations; Build and develop an information assurance framework across the organisation; Ensure the trust and confidence of the public, patients and NHSL employees; Ensure that NHSL gets the best out if its information and develops its use, confident that the risks associated with collecting, holding, using and sharing information are well managed; Strike a balance between principles of corporate governance and public accountability, placing importance on confidentiality and security arrangements to safeguard both personal and business information. This Information Assurance strategy reflects the increasing value and importance of information to NHSL and the collaborative way in which it is now and will in the future be used and shared. 5.2 Scope of Strategy The strategy covers a wide range of different parties, functions and bodies including; All staff that collect, use and handle person identifiable or commercially sensitive information in the course of their day to day duties. NHSL Staff groups include clinical, non clinical, property and support services (including PFI staff); Electronic and paper records held by NHSL; Involvement with other partner agencies, independent contractors and external agencies. Issue 4 Page 7 of 15
8 6. Vision and Strategic Principles NHSL aligns to and shares the same vision of information assurance as the wider NHS Scotland. Its vision is stated; That NHS Lanarkshire gets the best out of its information; moves forward and develops its use, confident that the risks associated with collecting, holding, using and sharing information are well managed. NHSL s arrangements carry the trust and confidence of both patients and employees. NHSL will continue to move towards an Electronic Patient Record across all care settings. The EPR will be a virtual record and will be delivered through a clinical portal as the means of viewing agreed clinical summaries from a variety of systems. The guiding strategic principles for information assurance by NHSL are; That it believes that accurate, timely and relevant information is essential to deliver the highest quality healthcare. As such, it is the responsibility of all NHS Lanarkshire s employees to ensure and promote the quality of information and to actively use information in decision making processes; That it recognises the need to share patient information internally, with other NHS Boards and with key partners, in a controlled manner consistent with the interests of the individual and, in some circumstances, the public interest; That data will be shared based on the Data Protection and Caldicott principles; To work with other Boards as required to ensure consistency and best practice across all NHS Boards and to ensure joint working with partner organisations locally and nationally; Work collaboratively locally and nationally to ensure that systems are in place to make information more accessible at the point of delivery i.e. single sign on, whilst recognising the importance the person s rights to privacy. The vision and its principles map with the wider NHS Scotland, the strategic actions and implementation plan will reflect the local Lanarkshire status and situation. 7. Benefits A number of benefits will flow from the implementation of this strategy including; Quick easy access to information, enabling front line staff to spend more time focused on patient care; An increased level of trust, confidence and comfort in sharing information across care settings, with multi agency partners and third party contractors; Reduced security breaches and the costs of investigation; Improvements in data quality; Standardisation of health records; Improved protection against clinical, reputational, legal and financial risks; Issue 4 Page 8 of 15
9 Greater public and staff confidence in NHSL handing and storing their personal data; Building a greater level of knowledge and awareness of information security across NHSL; Improved risk assessment of threats and the vulnerability of critical assets which will allow a more informed and discriminating approach to risk migration and control. 8. Strategic Focus and Action Section 8 outlines the key areas of strategic action that NHSL intends to focus on in order to deliver its vision and strategic aims for information assurance. In order to achieve the strategic aims and remain consistent with best practice, the development of Information Assurance at NHSL will be focused around four core areas; leadership and governance, information risk management, policy and operations and monitoring and compliance. This section highlights some of the critical activities and actions within each of the areas of best practice. This does not represent an exhaustive list but signposts to the key areas of attention required to improve the availability, integrity and confidentiality of information so that the management of information becomes an integral part of normal business processes and operations. In some cases, a number of the actions or initiatives have been initiated through the ehealth Delivery Plan (e.g. single sign on, privacy breach detection). The table included on page 12 together with the supporting implementation plan provide further detail and a timetable for delivery. 8.1 Leadership and Governance Board and CMT Objectives - information assurance will become a component part of the NHS board s score card objectives. Whilst Information Governance and ehealth are already an integral part of the NHSL Local Delivery Plan, each member of the executive and corporate management team will now have information assurance included within their personal performance objectives. Clinical Leadership - the need for strong clinical engagement and leadership will be a key component of the change management process for embedding information assurance across the organisation. The Caldicott Guardian, Chair of the Information Governance Committee, Director of Nursing and Medical Director will work together with the NHSL ehealth Clinical Leads to establish an engagement programme to cover all clinical staff groups across all care settings (including independent contractors). The associated governance process will be strengthened and include increased clinical membership. The effective integration of information assurance and clinical governance will enable improvements in the use of information to support clinical decision making and enhance performance. Human Resources Contractual Documentation whilst employee contracts currently include data protection /confidentiality / information governance statements, this will Issue 4 Page 9 of 15
10 be broadened to include information assurance. Job descriptions will be amended to reflect the individual s responsibility to comply with information assurance. Staff engagement and communications meaningful engagement of staff at an operational level will be crucial to embedding of information assurance across NHSL and with its partners. This communication and messaging to promote a culture that values and protects information will come actively from the Executive team and other clinical leaders. Part of the activities of influencing behaviour will come through much clearer messaging, training, deterrents and sanctions that may be applied where appropriate. 8.2 Information Risk Management Board Governance this strategy affirms the importance and intent that for information assurance to become a reality across NHSL then strong visible leadership at board level is essential. It is also recognised that responsibility goes far beyond the Board and includes the Caldicott Guardian and Information Asset Owners (IAO). The role of the IAO is vital in supporting the IA framework and providing expertise to NHSL staff on information assurance issues. IAO s will be required to provide input to, and support the ongoing maintenance of the information asset register. Whilst the implementation planning will look in detail at the necessary structures and responsibilities to deliver and govern information assurance this strategy proposes that a Non Executive Director takes a leading role for this critical area. Risk Management Framework this framework and supporting process will be aligned to the Board s corporate risk management framework and link to local clinical service plans. This will allow NHSL to identify, manage, action and learn from the risk experiences and have mechanisms in place for highlighting areas of risk and actions to be taken. The approach to risk management will be proportionate but ensure structured and clear understanding of risks, threats, vulnerabilities, probabilities and impacts. The profile of such key risks will be visible at CEO, CMT and Audit Committee level. Information Asset Register A full information asset register will be developed and linked to the Disaster Recovery and Business Continuity plans. The information asset register will record all information assets, identify ownership for each information asset, document associated risks to assets and provide details of risk mitigation. Information Breach Reporting and Risk Assessment Potential and actual breaches will be identified and reported in a structured manner and information governance breaches recorded through the Datix system. The reporting of IT faults will continue to be triaged through the IT helpdesk, potential security breaches will be recorded on Datix. Quarterly risk assessments will be held with the Senior Information Risk Owner supported by the network of Information Asset Owners. This process is designed to drive behaviour change and ensure greater collective and active responsibility for the management of risks. Whilst technical risks and vulnerabilities in areas such as IT infrastructure continue to be current, NHSL recognises the need and intend to place Issue 4 Page 10 of 15
11 further focus around behavioural and culture change (management of information, its storage, its risk and importantly greater use to benefit patient care delivery). 8.3 Policy and Operations Policies and Procedures - the strategy will ensure that there are proportionate policies, procedures and protocols established with the required acceptable standards. These will be articulated to employees and partners, ensuring that roles and responsibilities are clearly understood. Policies will be readily available on First Port and where appropriate issued via Net Consent. IA standards and procedures will continue to evolve and will remain current and relevant with NHS Scotland national directives and local NHSL objectives and priorities. Education, Awareness and Training the education and training of staff will be fundamental to ensuring effective information assurance. Such a programme will be developed and delivered to ensure that staff are informed, kept up to date, have access to and are given the appropriate advice and support when required. Through the training and awareness programme front line staff will understand how IA will have a positive impact on how they work, enabling improvements in areas such as consistency in record keeping, reduction in record duplication, easier sharing of information, and building on existing good working practices. It will be important that key personnel have the necessary knowledge, experience and resources to support staff to design and implement information assurance at a local level. Current initiatives such as DOTS and Flying Start and information assurance awareness elearning for delivery of training will be built upon. NHSL will share the IA strategy with key partners with responsibility for education of professional staff including University of the West of Scotland. Data Quality There is a strong recognition that improvements in data quality bring significant healthcare benefits, these benefits will drive better clinical decision making, patient outcomes and greater public confidence in their interactions with the NHS as well as financial efficiency. Both clinical and administrative staff groups require greater confidence in the quality of data coming into and out NHSL. Information Assurance Capability NHSL currently has limited resources, capacity or capabilities to meaningfully embrace and embed information assurance. A broad range of capabilities will be designed and developed to cover the IA elements that need to be embedded within all parts of NHSL everyday business processes. These IA Capabilities will including knowledge, expert advice, performance benchmarking, systems, processes, structure, training and cultural change. At the heart of the strategy and its implementation would be the intent to create a network of Information Asset Owners to undertake an IA champion role and become a central liaison point for advice and communications across care setting and different departments. Patient Record Chronology whilst NHSL wishes to provide greater electronic access for patients into their records, this is seen as a longer term opportunity. The short to medium priority will be clinician-to-clinician interaction in improving the accuracy and quality of the patient record. The first step in this process is to build a chronological Issue 4 Page 11 of 15
12 history of the patient with data from different sources. This would provide significant immediate clinical treatment and care benefits. Technologies and Systems new technologies will bring opportunities to modernise working practices. They will provide staff with new ways of working i.e. the community nurse working remotely in patient s homes using smart phones and tablets to capture information, record diagnostics, update records in a timely fashion, having patient information instantly accessible and stored in a secure manner. Such opportunities also bring threats and so it s critical that staff, patients and the public are assured of security and confidentiality of the data that is held on their behalf. A key feature of IA is confidentiality and security together with the need for access; the full implementation of a system of single sign on replacing the current proliferation of usernames and passwords that are used by staff that access multiple systems will be a major strategic objective. Third Party Involvement all parties acting on behalf of or working with NHSL will adhere to the Information Assurance strategy. They will be required to sign Information Sharing Protocols and/or Non Disclosure Agreements therefore ensuring adherence to this strategy and to the Data Protection Act In association with NHSL Partner agencies, Information Assurance will either be a component part of Service Level Agreements (SLA s), non-disclosure agreements and / or Information Sharing Protocols. 8.4 Monitoring and Compliance The Information Assurance Strategy will require that there are sufficient systems and organisational infrastructure and resources in place to ensure that monitoring, review and compliance are achieved. These systems will be required to ensure effective compliance and provide positive assurance that NHSL Board policy is being governed and implemented in accordance with the vision, strategic aims and benefits. These systems include: Monitoring and Audit regular internal and external monitoring and audit will be undertaken against the IG toolkit, Public Records Scotland Act 2011 and Information Commissioner requirements and standards. Standards will need to be reviewed to ensure alignment with Board level information assurance expectations and compliance. Privacy Breach Detection - additional audit and monitoring functionality will be enabled with the introduction of a Privacy Breach Detection System. This will allow a centralised approach and oversight of the monitoring, audit and detection of potential privacy breaches. Privacy Impact Assessments (PIA s) - PIA s will continue to be utilised but mandated directly into the process of process change. Information Asset Owners will be central in the management and completion of PIA s. Information Governance Walk Rounds regular walk rounds by Executive and CMT individuals involving the support from a network information governance champions (to be developed). Issue 4 Page 12 of 15
13 Table 1 Development of Information Assurance; Key Areas of Activity and Action Leadership & Governance Information Risk Management Policy & Operations Monitoring & Compliance People & Culture Board and CMT IA objective Clinical engagement Staff engagement & comms Clear lines of accountability and oversight Local Data Sharing Partnership Board governance for IA Education, awareness and training Data quality Clear structure, roles and responsibilities Information Assurance capability Internal and external audit Processes & Procedures Human resources documentation Disaster recovery Patient history chronology IG walk rounds and audits Job descriptions Asset register Data sharing protocols IG, PRA and ICO standards Business continuity Third parties controls Breach detection and reporting Corporate records management Patient access to records Risk management framework Whistle Blowing Systems & Technology ehealth and IA strategy incorporated into LDP Fair warning - Privacy Impact Assessment Risk reporting through Datix system Single sign on software Remote & mobile working Security software IG toolkit compliance Systems audit and monitoring Explanatory context and narrative is provided in Sections 8.1 to 8.4 for the items in bold. Issue 4 Page 13 of 15
14 9. Implementation The scope of the Strategy and the scale of delivery required are significant and it will be practical to implement in stages. Therefore sitting alongside this strategy will be a transition and implementation plan. Transition will reflect activities and actions that can be considered in some cases as quick wins, some that require swift partial completion or require early set up. Many of these transition activates could be progressed as part of business as usual. Implementation will reflect activities that require development and completion over a longer period (i.e. 12 to 18 months). In many cases this work should be progressed will an appropriate level of project management and oversight. This plan will cover the following areas; Description of the action and its associated standard required Action owner Completion dates A review of future governance arrangements will be included as part of the strategic actions. Subject to the outcome of those discussions, the IA Committee will continue to take overall responsibility for the Information Assurance Strategy and oversight of its implementation. It is planned that the Information Assurance Strategy will be reviewed, consulted upon and formally approved by the IA Committee, Corporate Management Team and then the NHSL Board. The ultimate sign off would reside with the NHSL Chairman, Chief Executive, Medical Director and Caldicott Guardian. Subject to the necessary approvals, a full programme of staff engagement would be developed and launched. It is anticipated that to fully implement the requirements of information assurance, that there will be a resource impact. This will be quantified as part of implementation planning. Roles and responsibilities for further design, planning and early transition activities will primarily be managed and co-ordinated in the short term by the Information Assurance Project Team and any successor organisation. A tracking and monitoring and will be established as part of the implementation plan to support the implementation of the IA strategy. This will help highlight issues and demonstrate progress. 10. Next Steps The next steps planned are as follows; IG Committee review and approval of the IA Strategy 29 th January CMT review and approval of the IA Strategy 14 th February NHSL Board review and approval of the IA Strategy 27 th February Review date February 2014 Reviewed February 2014 Next Review Date February 2016 Issue 4 Page 14 of 15
15 11. Guidance Review Author Author s Job Title Division Department Craig Tannahill Information Governance Manager Corporate ehealth/ict Version number Issue 4 Ratifying Committee Information Assurance Committee Ratified Date 4 th March 2014 Review Date March 2016 Manager responsible for review Manager Job Title Key words General Manager ehealth General Manager ehealth IA Strategy Issue 4 Page 15 of 15
NHS Commissioning Board: Information governance policy
NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION
More informationLancashire County Council Information Governance Framework
Appendix 'A' Lancashire County Council Information Governance Framework Introduction Information Governance provides a framework for bringing together all of the requirements, standards and best practice
More informationNHS Lanarkshire Information Governance Committee
INFORMATION GOVERNANCE COMMITTEE DRAFT TERMS OF REFERENCE Name Purpose NHS Lanarkshire Information Governance Committee To provide direction of and oversee the development of NHS Lanarkshire Information
More informationINFORMATION GOVERNANCE POLICY & STRATEGY FINAL DRAFT
INFORMATION GOVERNANCE POLICY & STRATEGY FINAL DRAFT Prepared By: Alistair Stewart Responsible Person: Endorsed by: Information Governance Committee Date: May 2008 Review: June 2009 Issue Number Draft
More informationINFORMATION GOVERNANCE STRATEGY
INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying
More informationInformation Governance Management Framework
Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date
More informationInformation Governance Policy
Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route
More informationInformation Governance Strategy & Policy
Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):
More informationInformation Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.
Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments
More informationShropshire Community Health Service NHS Trust Policies, Procedures, Guidelines and Protocols
Shropshire Community Health Service NHS Trust Policies, Procedures, Guidelines and Protocols Title Trust Ref No 1340-29497 Local Ref (optional) Main points the document covers Who is the document aimed
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Version Version 1 Ratified By Date Ratified PROPOSED FOR APPROVAL 15/11/12 Author(s) Responsible Committee / Officers Date Issue November 2012 Review Date November 2013 Intended
More informationGeneral Register Office for Scotland information about Scotland s people. Paper NHSCR GB 5/07. NHSCR s quality assurance procedures
General Register Office for Scotland information about Scotland s people Paper NHSCR GB 5/07 NHSCR s quality assurance procedures November 2007 NHSCR SCOTLAND INFORMATION GOVERNANCE STANDARDS Author: Muriel
More informationInformation Security Policy
Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September
More informationInformation Governance Strategy. Version No 2.1
Livewell Southwest Information Governance Strategy Version No 2.1 Notice to staff using a paper copy of this guidance. The policies and procedures page of LSW Intranet holds the most recent version of
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title
More informationBarnsley Clinical Commissioning Group. Information Governance Policy and Management Framework
Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of
More informationInformation Management Strategy. July 2012
Information Management Strategy July 2012 Contents Executive summary 6 Introduction 9 Corporate context 10 Objective one: An appropriate IM structure 11 Objective two: An effective policy framework 13
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying
More informationSOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager
SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY Report to the Trust Board 22 September 2015 Sponsoring Director: Author: Purpose of the report: Key Issues and Recommendations: Director
More informationInformation Governance Strategy
Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationInformation Governance Policy
Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading
More informationInformation Governance Framework
Information Governance Framework Authorship: Chris Wallace, Information Governance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date: March
More informationNHS LANARKSHIRE HEALTH RECORDS POLICY Management and Maintenance, Security, Storage, Distribution and Retention of Health Records
NHS LANARKSHIRE HEALTH RECORDS POLICY Management and Maintenance, Security, Storage, Distribution and Retention of Health Records Author: Responsible Lead Executive Director: Endorsing Body: Governance
More informationInformation Governance Strategy. Version No 2.0
Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent
More informationNational Approach to Information Assurance 2014-2017
Document Name File Name National Approach to Information Assurance 2014-2017 National Approach to Information Assurance v1.doc Author David Critchley, Dave Jamieson Authorisation PIAB and IMBA Signed version
More informationINFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK
INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic
More informationINFORMATION GOVERNANCE POLICY & FRAMEWORK
INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger
More informationRISK MANAGEMENT STRATEGY 2014-17
RISK MANAGEMENT STRATEGY 2014-17 DOCUMENT NO: Lead author/initiator(s): Contact email address: Developed by: Approved by: DN128 Head of Quality Performance Julia.sirett@ccs.nhs.uk Quality Performance Team
More informationInformation Governance Plan
Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.
More informationInformation Governance Policy
Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:
More information7 Directorate Performance Managers. 7 Performance Reporting and Data Quality Officer. 8 Responsible Officers
Contents Page 1 Introduction 2 2 Objectives of the Strategy 2 3 Data Quality Standards 3 4 The National Indicator Set 3 5 Structure of this Strategy 3 5.1 Awareness 4 5.2 Definitions 4 5.3 Recording 4
More informationInformation Governance Framework and Strategy. November 2014
November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date
More informationInformation Governance Policy (incorporating IM&T Security)
(incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationINFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER
INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE
More informationInformation Governance Policy
Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact
More informationINFORMATION GOVERNANCE POLICY
Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):
More informationInformation Governance Policy
Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date
More informationInformation Governance Framework
Information Governance Framework March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aim 2 3 Purpose, Values and Principles 2 4 Scope 3 5 Roles and Responsibilities 3 6 Review 5 Appendix 1 - Information
More informationInformation Governance Strategy :
Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:
More informationInformation Governance Strategy
Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version
More informationIssue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager
Document Reference Number Date Title Author Owning Department Version Approval Date Review Date Approving Body UoG/ILS/IS 001 January 2016 Information Security and Assurance Policy Information Security
More informationRECORDS MANAGEMENT FRAMEWORK
RECORDS MANAGEMENT FRAMEWORK Policy Number: 253 Supersedes: Standards For Healthcare Services No/s 1, 19, 20 Version No: Date Of Review: Reviewer Name: 1.1 Nov 2011 Alison Gittins 1.2 Mar 2015 Alison Gittins
More informationINFORMATION GOVERNANCE INFORMATION GOVERNANCE POLICY
Appendix 1 INFORMATION GOVERNANCE INFORMATION GOVERNANCE POLICY Author Information Governance Review Group Information Governance Committee Review Date May 2014 Last Update February 2013 Document No. GV
More informationAll CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.
Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,
More informationInformation Governance Policy
Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups
More informationInformation Governance Strategy 2015-2018
Introduction Information Governance Strategy 2015-2018 This strategy sets out the approach to be taken within Children s Hearings Scotland (CHS) to develop a robust Information Governance (IG) framework
More informationSALISBURY NHS FOUNDATIONTRUST
SALISBURY NHS FOUNDATIONTRUST PAPER SHC 1738 TITLE Information Governance Policy PURPOSE OF PAPER The Information Governance Policy was first approved in April 2005. It is currently due for review to ensure
More informationInformation Governance Policy
Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting
More informationGeneral Register Office for Scotland information about Scotland s people. Paper NHSCR GB 1/08. NHSCR Scotland Information Governance Standards
General Register Office for Scotland information about Scotland s people Paper NHSCR GB 1/08 NHSCR Scotland Information Governance s This is a draft on which the Board s comments would be welcome. Contents
More informationInformation Governance Strategy
Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching
More informationCCG: IG06: Records Management Policy and Strategy
Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of
More informationInformation Governance Policy
Information Governance Policy Implementation date: 30 September 2014 Control schedule Approved by Corporate Policy and Strategy Committee Approval date 30 September 2014 Senior Responsible Officer Kirsty-Louise
More informationBusiness Continuity Management
Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective
More informationMONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY
MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency
More informationA Question of Balance
A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What
More informationHMG Security Policy Framework
HMG Security Policy Framework Security Policy Framework 3 Foreword Sir Jeremy Heywood, Cabinet Secretary Chair of the Official Committee on Security (SO) As Cabinet Secretary, I have a good overview of
More informationPolicy Checklist. Head of Information Governance
Policy Checklist Name of Policy: Information Governance Policy Purpose of Policy: To provide guidance to all staff on their responsibilities regarding information governance and to ensure that the Trust
More informationCHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY
Zurich Management Services Limited Registered in England: No 2741053 Registered Office The Zurich Centre, 3000 Parkway Whiteley, Fareham Hampshire, PO15 7JZ CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY
More informationINFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK
INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire
More informationAUDIT COMMITTEE 10 DECEMBER 2014
AUDIT COMMITTEE 10 DECEMBER 2014 AGENDA ITEM 8 Subject Report by MANAGEMENT OF INFORMATION RISKS DIRECTOR OF CORPORATE SERVICES Enquiries contact: Tony Preston, Ext 6541, email tony.preston@chelmsford.gov.uk
More informationSouth West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy
South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy Reference No: CG 01 Version: Version 1 Approval date 18 December 2013 Date ratified: 18 December 2013 Name of Author
More informationCorporate Policy and Strategy Committee
Corporate Policy and Strategy Committee 10am, Tuesday, 30 September 2014 Information Governance Policies Item number Report number Executive/routine Wards All Executive summary Information is a key asset
More informationINFORMATION RISK MANAGEMENT POLICY
INFORMATION RISK MANAGEMENT POLICY DOCUMENT CONTROL: Version: 1 Ratified by: Steering Group / Risk Management Sub Group Date ratified: 21 November 2012 Name of originator/author: Manager Name of responsible
More informationCommissioning Strategy
Commissioning Strategy This Commissioning Strategy sets out the mechanics of how Orkney Alcohol and Drugs Partnership (ADP) will implement its strategic aims as outlined in the ADP Strategy. Ensuring that
More informationBEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE
GUIDANCE 1 TITLE: INFORMATION GOVERNANCE FRAMEWORK 2 POLICY AREA: INFORMATION GOVERNANCE 3 ACCOUNTABLE DIRECTOR FOR POLICY AREA: DIRECTOR OF QUALITY AND GOVERNANCE 4 GUIDANCE DRAFTED BY: INTEGRATED GOVERNANCE
More informationHow To Ensure Network Security
NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:
More informationThe CPS incorporates RCPO. CPS Data Protection Policy
The CPS incorporates RCPO CPS Data Protection Policy Contents Introduction 3 Scope 4 Roles and Responsibilities 4 Processing Criminal Cases 4 Information Asset Owners 5 Information Asset Register 5 Information
More informationComplaints Policy. Complaints Policy. Page 1
Complaints Policy Page 1 Complaints Policy Policy ref no: CCG 006/14 Author (inc job Kat Tucker Complaints & FOI Manager title) Date Approved 25 November 2014 Approved by CCG Governing Body Date of next
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY POLICY NO IM&T 011 DATE RATIFIED January 2012 NEXT REVIEW DATE January 2015 POLICY STATEMENT/KEY OBJECTIVE: To provide an overarching framework through which Information Governance
More informationInformation Governance Strategy
Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:
More informationInformation Governance Policy
Information Governance Policy REFERENCE NUMBER IG 101 / 0v3 May 2012 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive 4.9.12 REVIEW DUE DATE May 2015 West Lancashire CCG is committed to ensuring
More informationCentral Sponsor for Information Assurance. A National Information Assurance Strategy
Central Sponsor for Information Assurance A National Information Assurance Strategy A NATIONAL INFORMATION ASSURANCE STRATEGY i Foreword Information and communications technology is changing the way that
More informationLEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction
LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed
More informationBusiness Continuity Management Framework 2014 2017
Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity
More informationUniversity of Sunderland Business Assurance Information Security Policy
University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant
More informationData Protection Policy
Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages
More information1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.
Title: Reference No: NHSNYYIG - 007 Owner: Author: INFORMATION GOVERNANCE POLICY Director of Standards First Issued On: September 2010 Latest Issue Date: February 2012 Operational Date: February 2012 Review
More informationNHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Final No impact Document Ratified/Approved By Hartlepool
More informationCOMMUNICATION AND ENGAGEMENT STRATEGY 2013-2015
COMMUNICATION AND ENGAGEMENT STRATEGY 2013-2015 NWAS Communication and Engagement Strategy 2013-2015 Page: 1 Of 16 Recommended by Executive Management Team Communities Committee Approved by Board of Directors
More informationCorporate Risk Management Policy
Corporate Risk Management Policy Managing the Risk and Realising the Opportunity www.reading.gov.uk Risk Management is Good Management Page 1 of 19 Contents 1. Our Risk Management Vision 3 2. Introduction
More informationRoyal Borough of Kensington and Chelsea. Data Quality Framework. ACE: A Framework for better quality data and performance information
Royal Borough of Kensington and Chelsea Data Quality Framework ACE: A Framework for better quality data and performance information March 2010 CONTENTS FOREWORD 2 A CORPORATE FRAMEWORK FOR DATA QUALITY
More informationInformation Governance Policy
Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY
More informationPublic Records (Scotland) Act 2011. Healthcare Improvement Scotland and Scottish Health Council Assessment Report
Public Records (Scotland) Act 2011 Healthcare Improvement Scotland and Scottish Health Council Assessment Report The Keeper of the Records of Scotland 30 October 2015 Contents 1. Public Records (Scotland)
More informationHead of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2
Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications
More informationInformation Governance Policy
Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September
More informationInformation Governance Strategy 2015/16
Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationMANAGING DIGITAL CONTINUITY
MANAGING DIGITAL CONTINUITY Project Name Digital Continuity Project DRAFT FOR CONSULTATION Date: November 2009 Page 1 of 56 Contents Introduction... 4 What is this Guidance about?... 4 Who is this guidance
More informationehealth Architecture Principles
ehealth Architecture Principles Version 3.0 June 2009 Document Control Details Title: ehealth Architecture Principles Owner: Head of Architecture and Design, Scottish Government ehealth Directorate Version:
More informationVersion Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation
Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South
More informationInformation Strategy 2006-2009
The University of Sheffield Information Strategy 2006-2009 The Information Strategy exists to support the University s mission and its objectives in research, teaching and learning, and knowledge transfer.
More informationInformation Governance Policy
Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version
More informationThe Department for Business, Innovation and Skills IMA Action Plan PRIORITY RECOMMENDATIONS
PRIORITY RECOMMENDATIONS R1 BIS to elevate the profile of information risk in support of KIM strategy aims for the protection, management and exploitation of information. This would be supported by: Establishing
More informationInformation Governance and Management Standards for the Health Identifiers Operator in Ireland
Information Governance and Management Standards for the Health Identifiers Operator in Ireland 30 July 2015 About the The (the Authority or HIQA) is the independent Authority established to drive high
More informationRecords Management Policy
Once printed off, this is an uncontrolled document. Please check the Intranet for the most up to date copy Author Freedom of Information Lead Version 5.0 Issue Issue Date October 2011 Review Date October
More informationInformation Security Assurance Plan 2015/16
Information Security Assurance Plan 2015/16 Policy number: N/A Version 2.0 Approved by Name of author/originator Owner (Exec Director) Date of approval August 2015 Date of last review July 2015 Next due
More informationThe post holder will be guided by general polices and regulations, but will need to establish the way in which these should be interpreted.
JOB DESCRIPTION Job Title: Membership and Events Manager Band: 7 Hours: 37.5 Location: Elms, Tatchbury Mount Accountable to: Head of Strategic Relationship Management 1. MAIN PURPOSE OF JOB The post holder
More information