INFORMATION GOVERNANCE STAFF HANDBOOK
|
|
- Maurice Haynes
- 8 years ago
- Views:
Transcription
1 INFORMATION GOVERNANCE STAFF HANDBOOK
2 Contents Why do YOU need to know about Information Governance (IG)?... 2 Keeping Information Safe... 2 Confidentiality... 2 Deciding to Communicate Important Information... 3 Information Sharing... 3 Internet... 3 Protecting Important Information Stored on Computers... 4 Usernames and Passwords (including Smartcards - Registration Authority)... 4 Why we need to get it right... 5 Information Quality Assurance... 5 Records... 5 What happens when something goes wrong?... 6 Incident reporting... 6 We are all accountable... 6 Data Protection... 6 Freedom of Information... 6 Information Commissioner... 7 Where do I get help?... 8 Glossary of IG Terms... 9 Information Governance Policies IG Handbook E SCHNHST V9 September 2014 MASTER.doc 1
3 Why do YOU need to know about Information Governance (IG)? Everyone who works in healthcare must be aware of: The importance of the information we hold which may be confidential or sensitive and relate to patients, staff or the Trust What legislation, best practice and guidelines there are for looking after such important information Why you must take responsibility for how you obtain, record, use, keep and share information All staff, whether permanent, temporary or contracted, are responsible for making themselves aware of Shropshire Community Health Trust s IG requirements and complying with them on a day to day basis. Managers are also responsible for promoting Information Governance standards and ensuring compliance by their team members. Information Governance is EVERYONE S responsibility. Use this IG Handbook as a reference to signpost you to the Trust s IG policies, procedures and guidance Keeping Information Safe Confidentiality Confidentiality is defined as the right of the patient to know that information given is not shared freely either within the organisation where there is no need, or between agencies. Generally information can only be shared when there is consent. We work in complex areas in a community trust often closely with other agencies, so we all have to be very careful when we share information e.g. through notes, s telephone calls and just in talking to others. There are principles governing when information can be shared and these are the Caldicott principles. As a general principle be thoughtful and cautious and always seek advice if asked for information. If the situation appears very difficult seek advice from the Caldicott Guardian, Steve Gregory steve.gregory@shropcom.nhs.uk or initial advice can be sought from the Records Manager, Alan Ferguson, alan.ferguson@shropcom.nhs.uk, in his role as Caldicott support. IG Handbook E SCHNHST V9 September 2014 MASTER.doc 2
4 Deciding to Communicate Important Information Care and consideration should be given when deciding to communicate or transfer information. Consider if you actually need to send the information at all, or can it be accessed securely by other means and kept safe where it already is. Think about the most appropriate method of communication , USB memory stick, telephone call, fax or letter and how you can make sure the right person receives it. Information Sharing The Trust keeps records about the healthcare of patients to help ensure they receive the best possible care and we have a legal duty to keep this information confidential and secure. This information sometimes needs to be shared with other NHS organisations, social care or third parties. It can only ever be shared with the consent of the patient or under the terms of the Fair Processing notices we display and publish. These are posters or leaflets that explain to patients why we hold their information and why we may need to share it. The Trust must also comply with the NHS Care Record Guarantee which sets out the rules that govern how patient information is used in the NHS and what control the patient can have over this. It is based on professional guidelines, best practice and the law and applies to both paper and electronic records. Internet The Internet is used a lot more in our day to day life and key risks to be aware of are: Phishing - a way of attempting to acquire confidential and sensitive information such as usernames, passwords and credit card details by websites masquerading as legitimate organisations. Malware/Virus - malicious computer programs designed to gather information that leads to loss of privacy or exploitation and gain unauthorised access to computer systems. Social Networking placing inappropriate information on social networking sites or other public forums such as Facebook. IG Handbook E SCHNHST V9 September 2014 MASTER.doc 3
5 Protecting Important Information Stored on Computers When you communicate using computer equipment, for example by , you must always ensure you protect it by encryption. The Trust s systems have the facility to do this; but it is your responsibility to understand how this should be used. The Trust s laptops and USB memory sticks are always protected by encryption. You should only use the Trust s computer equipment and systems to store, transfer or look at Trust Information. Refer to the Trust s Information Security Policy for more advice. Just as you would not leave important papers lying around, you must not leave your computer system vulnerable to others. So, when you move away from your computer e.g. for a coffee-break, meeting or to go home you should always leave the system safe. That could mean logging out, removing your smartcard, removing your USB memory stick, or switching off the equipment. Usernames and Passwords (including Smartcards - Registration Authority) In order to use the Trust computer systems you and your manager may need to apply for access. This may result in you being given a Smartcard, electronic token, username(s), initial password(s) and passcode depending upon the number and type of computer systems you need to access. Your password(s) and passcode are specific and identifiable to you and should be treated in the same way as a bank card PIN, for example, not shared with other people. Think where you keep a note of your password, e.g. it s pointless if you keep it in the case with your laptop or stuck to the side of your PC. You will need a Smartcard to access NHS Systems such as Lorenzo/iPM, Electronic Staff Records (ESR), Summary Care Records (SCR), (the Trust s main information systems). Smartcards are similar to a chip and PIN credit or debit card but they are more secure than a credit or debit card. A user s Smartcard is printed with their name, photograph and unique user identity number (UUID). The PIN is regarded as a digital signature and is auditable, so activity can be tracked back to an individual. It is not an identity card For further information contact your RA Team on or ra.admin@shropcom.nhs.uk or ra.admin@nhs.net IG Handbook E SCHNHST V9 September 2014 MASTER.doc 4
6 Why we need to get it right Information Quality Assurance Data quality is crucial to patient safety and the availability of complete, accurate and timely data is important in supporting patient care, clinical governance and management and service agreements for healthcare planning and accountability. For example risk issues may arise if we are unable to uniquely identify patients or send correspondence to the incorrect address; this is why using the NHS number is so important. The Trust recognises the importance of reliable information as a fundamental requirement for the speedy and effective treatment of patients; therefore Good data quality is not an optional extra it is a fundamental basis for the business of the Trust. All staff who record information, whether on paper or by electronic means, have a responsibility to take care to ensure that the data is accurate and as complete as possible. The data needs to be present at the time that processes require it, for both service delivery and reporting purposes so key staff must be aware of relevant deadlines. Individual staff members are responsible for the data they enter onto any system. We have to keep personal and public information accurate and up-to-date to comply with the Data Protection Act 1998 so if you see any inaccuracies or errors in paper or electronic records please report these to an appropriate person for correction. Records Records are important to any organisation; they are the means of providing evidence and information about that organisation. In simple terms without them there is no way to know who has done what. Records Management is the term used to cover the processes the Trust has in order to meet its legal and regulatory requirements. This covers any record generated whether paper or electronic and includes staff, corporate and health related records. Record keeping is also a requirement of professional practice e.g. e.g. General Medical Council and Nursing and Midwifery Council. Good record keeping practices ensures we have accurate and up to date records and that staff can work efficiently and don t waste time searching for documents. It is important that records management processes are documented and are included in new staff inductions and as part of their continued personal development. Records management covers the full lifecycle of a record from creation through to disposal. Whether it is a policy, contract, personnel or health record there must be an efficient means of finding it when required. Old records must be retained for set periods of time and then destroyed under appropriate confidential conditions. Good record keeping is the responsibility of all staff. IG Handbook E SCHNHST V9 September 2014 MASTER.doc 5
7 What happens when something goes wrong? Incident reporting You have a responsibility to identify and report any information security risks in order for the Trust to investigate and learn from them, e.g. you find a copy of patient notes in a photocopier, you see unattended computers in an area where they can be viewed by the public showing patient records or logged into a trust system. All IG serious incidents should be reported immediately to your line manager and on the incident reporting system, Datix. If applicable it should also be reported to the police and the IT Service Desk e.g. stolen laptop. Your line manager is responsible for confirming that all relevant people within the Trust have been informed. We are all accountable Data Protection The Trust needs to collect and use information about people in order to operate. These include current, past and prospective patients, staff and suppliers. There are legal safeguards to ensure this in the Data Protection Act 1998 and the Trust s Data Protection Policy provides more detail on the Act and the allocation of responsibilities. Under the Data Protection Act 1998 anyone has the right to see and have a copy of information which is held by the Trust about them. Ask your line manager to tell you who is the nominated Data Protection Liaison Officer for your service. This person will be trained to deal with requests for information and will know when information should not be released. For all other Data Protection enquiries please contact Gill Richards, Project Manager Information Services gill.richards@shropcom.nhs.uk Freedom of Information The Freedom of Information (FOI) 2000 gives members of the public the right to access information held by, or on behalf of, a public authority that does not relate to personal information (this would be where the Data Protection Act applies) As a general principle the Freedom of Information Act is applicant and motive blind. In other words it does not matter who the requestor is or why they want the information, they don t have to give a reason. For a request to be valid under the Freedom of Information Act it must simply be in writing stating the name and address of the requestor and describing the information requested then the Trust has to respond within 20 working days. IG Handbook E SCHNHST V9 September 2014 MASTER.doc 6
8 The request can be made to anybody in the Trust but we all need to know what to do with it. We will also have to respond to any request on environment such as air, water, soil and land under the Environmental Information Regulations 2004 (EIR) in the same way as we would deal with FOI requests made to the Trust. Please pass on any request to the Soma Moulik, FOI Manager, without any delay as the 20 working days limit begins as soon as a request is received in the Trust. Information Commissioner The Information Commissioner s Office (ICO) is the UK s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The Information Commissioner can prosecute an organisation for failing to follow the IG rules for handling information. The ICO has the power to fine a data controller (that would be the Trust) or individuals as well if found personally responsible for a breach. Examples of recent fines and undertaking by the ICO: A fine of 120,000 was issued to Surrey County Council for a serious breach of the Data Protection Act after sensitive personal information was ed to the wrong recipients on three separate occasions A fine of 80,000 was issued to Ealing Council following the loss of an unencrypted laptop which contained personal information. Ealing Council breached the Data Protection Act by issuing an unencrypted laptop to a member of staff in breach of its own policies. An undertaking has been signed by Dartford and Gravesham NHS Trust following the accidental destruction of 10,000 archived records. The records which should have been kept in a dedicated storage area were put in a disposal room due to lack of space. An undertaking has also been signed by Poole Hospital NHS Foundation Trust after two diaries containing information relating to the care of 240 midwifery patients - were stolen from a nurse s car. The diaries included patients names, addresses and details of previous visits and were used by the nurse during out of hours duty. IG Handbook E SCHNHST V9 September 2014 MASTER.doc 7
9 Where do I get help and training? If you re new to the Trust please make sure, as an absolute priority, that you complete the IG training Mandatory Introductory Module (e-learning), which may be followed by a short face-to-face session. Every year you will need to update your IG knowledge via an e-learning Mandatory Refresher Module or workshop as required by your line manager or the IG Operational Group. If you are involved in an IG incident you will be required to undertake the face-to-face session. Specialist Information Governance training is available to those groups working within specific areas of expertise e.g. Records Management, Caldicott etc. All e-learning is accessible through the Trust s learning management system, Oracle Learning Management (OLM). The user guide How to access e-learning in ESR/OLM 825 is available on the Trust s website in the Staff Zone. Information Governance Contact List for Shropshire Community Health NHS Trust IG Role Name Contact Details Chief Executive Officer and Accounting Officer for Information Director of Finance and SIRO (Senior Information Risk Owner) Director of Nursing and Operations and Caldicott Guardian Records Management and Caldicott Support Data Protection and Information Governance Lead and Support Freedom of Information Information Security Information Quality Assurance Corporate Risk Manager Assistant Risk Manager IG Mandatory Training Registration Authority (RA) Smartcards Media Enquiries Local Counter Fraud Specialist Jan Ditheridge Trish Donovan Steve Gregory Alan Ferguson Gill Richards Sarah Hirst Soma Moulik Paul Stokes Lee Osborne Peter Foord Anita Bishop Deborah Hammond Sylvia Jones Gill Richards Andy Rogers Terry Feltus William Farr House jan.ditheridge@shropcom.nhs.uk William Farr House trish.donovan@shropcom.nhs.uk William Farr House steve.gregory@shropcom.nhs.uk William Farr House alan.ferguson@shropcom.nhs.uk William Farr House gill.richards@shropcom.nhs.uk sarah.hirst@shropcom.nhs.uk William Farr House soma.moulik@shropcom.nhs.uk William Farr House paul.stokes@shropcom.nhs.uk William Farr House lee.osborne@shropcom.nhs.uk William Farr House peter.foord@shropcom.nhs.uk anita.bishop@shropcom.nhs.uk Mercian House IT Training Centre, Oxon deborah.hammond@shropcom.nhs.uk sylvia.jones@shropcom.nhs.uk William Farr House gill.richards@shropcom.nhs.uk William Farr House andy.rogers@shropcom.nhs.uk William Farr House Mobile: terry.feltus@shropcom.nhs.uk IG Handbook E SCHNHST V9 September 2014 MASTER.doc 8
10 Glossary of IG Terms Term / Abbreviation Caldicott Guardian Care Record Guarantee Choose and Book (CAB) DATIX e-learning Encryption Explanation / Definition A Caldicott Guardian is a senior person responsible for protecting the confidentiality of patient and service-user information and enabling appropriate information-sharing The NHS Care Record Guarantee includes information on: people's access to their own records, how access to an individual's healthcare record will be monitored and policed and what controls are in place to prevent unauthorised access, options people have to further limit access, access in an emergency, what happens when someone is unable to make decisions for themselves. A national electronic referral service which gives patients a choice of place, date and time for their first outpatient appointment in a hospital or clinic. This is the system used by the Trust for healthcare risk management, incident reporting and adverse event reporting. Learning through electronic media The process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. All Trust Laptops and USB Memory Sticks are protected by encryption EIR Environmental Information Regulations 2004 EPS ESR Fair Processing FOI ICO IM&T IG IGT IGTT IT NCRS OLM Pseudonymisation SIRO Universal Serial Bus (USB) Electronic Prescribing Service Electronic Staff Record Fair Processing is the conditions which have to be met for any activity involving personal data to be lawful and ensure compliance with the Data Protection Act Freedom of Information Information Commissioner s Office Information Management and Technology Information Governance Information Governance Toolkit Information Governance Training Tool Information Technology NHS Care Record Service Oracle Learning Management A method which disguises the identity of patients by creating a pseudonym for each patient identifiable data item. Senior Information Risk Owner Universal Serial Bus (USB) is a specification for transferring data to and from electronic devices; in this case the electronic device is a memory stick which is used to store or transfer information. All Trust USB Memory Sticks are protected by encryption. IG Handbook E SCHNHST V9 September 2014 MASTER.doc 9
11 Information Governance Policies Confidentiality Code of Practice Data Protection Freedom of Information Information Governance Policy Information Quality Assurance Information Security Pseudonymisation Records Management IG Handbook E SCHNHST V9 September 2014 MASTER.doc 10
INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER
INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE
More informationBarnsley Clinical Commissioning Group. Information Governance Policy and Management Framework
Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of
More informationInformation Governance
CONTROLLED Information Governance Caldicot Version-Workbok Non Caldicott Version - Workbook Version 12 January 2015 40 1 Don t Get Bitten by the Data Demon Notes Using this Workbook The objective of this
More informationInformation Governance Plan
Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.
More informationINFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK
INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire
More informationInformation Governance Policy
Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting
More informationINFORMATION GOVERNANCE AND DATA PROTECTION POLICY
INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy
More informationInformation Governance Strategy :
Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update
More informationDATA AND PAYMENT SECURITY PART 1
STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of
More informationInformation Governance Policy
Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):
More informationINFORMATION SECURITY POLICY
INFORMATION SECURITY POLICY Policy approved by: Audit and Governance Committee Date: 4 th December 2014 Next Review Date: December 2016 Version: 1 Information Security Policy Page 1 of 17 Review and Amendment
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval
More informationINFORMATION GOVERNANCE POLICY & FRAMEWORK
INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger
More informationInformation Governance Policy
Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Name of Policy Author: Name of Review/Development Body: Ratification Body: Ruth Drewett Information Governance Steering Group Committee Trust Board : April 2015 Review date:
More informationHow To Ensure Network Security
NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:
More informationINFORMATION GOVERNANCE STRATEGY
INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying
More informationInformation Governance Training Plan v13
Information Governance Training Plan To meet requirements of IGT v13 Lincolnshire East Clinical Commissioning Group Page 1 of 17 Contents Introduction Page 3 Training Provision Page 4 Staff Induction Awareness
More informationData Protection Policy
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
More informationINFORMATION RISK MANAGEMENT POLICY
INFORMATION RISK MANAGEMENT POLICY DOCUMENT CONTROL: Version: 1 Ratified by: Steering Group / Risk Management Sub Group Date ratified: 21 November 2012 Name of originator/author: Manager Name of responsible
More informationInformation Governance Strategy
Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:
More informationInformation Governance Framework and Strategy. November 2014
November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date
More informationNHS Commissioning Board: Information governance policy
NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION
More informationINFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK
INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic
More informationInformation Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.
Information Governance Policy 1 SUMMARY This policy is intended to ensure that staff are fully aware of their Information Governance (IG) responsibilities, so that they can effectively manage and best
More informationBEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE
GUIDANCE 1 TITLE: INFORMATION GOVERNANCE FRAMEWORK 2 POLICY AREA: INFORMATION GOVERNANCE 3 ACCOUNTABLE DIRECTOR FOR POLICY AREA: DIRECTOR OF QUALITY AND GOVERNANCE 4 GUIDANCE DRAFTED BY: INTEGRATED GOVERNANCE
More informationInformation Governance Policy (incorporating IM&T Security)
(incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationInformation Governance Manual Training Booklet
Information Governance Manual Training Booklet Introduction This booklet is aimed at staff who do not access a computer whilst working for the Trust. If you have access to a computer, you must complete
More informationInformation governance
Information governance Staff handbook RDaSH 88 02 Information governance Introduction to information governance Overview 88 03 Information governance or IG - includes information security and confidentiality,
More informationInformation Governance Policy
BEXLEY CARE TRUST MANAGEMENT MANUAL Title: INFORMATION GOVERNANCE POLICY Originating Department: IT DEPARTMENT Authorised by: Risk Management Committee June 2008 Reference no: CA12 Date of Issue: JANUARY
More informationSecurity Awareness. A Supplier Guide/Employee Training Pack. May 2011 (updated November 2011)
Security Awareness A Supplier Guide/Employee Training Pack May 2011 (updated November 2011) Contents/Chapters 1. How do I identify a DWP asset 2. Delivering on behalf of DWP - Accessing DWP assets 3. How
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy
More informationData and Information Security Policy
St. Giles School Inspire and achieve through creativity School Policy for: Date: February 2014 Data and Information Security Policy Legislation: Policy lead(s) The Data Protection Act 1998 (with consideration
More informationINFORMATION GOVERNANCE HANDBOOK
INFORMATION GOVERNANCE HANDBOOK Information Governance Handbook_V1.0 1 Information Reader Box Function Purpose Document Purpose Document Name Author Corporate Governance Guidance Procedures Information
More informationInformation Security Policy London Borough of Barnet
Information Security Policy London Borough of Barnet DATA PROTECTION 11 Document Control POLICY NAME Document Description Information Security Policy Policy which sets out the council s approach to information
More informationInformation Governance Management Framework
Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date
More informationInformation Governance Strategy
Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version
More informationInformation Sharing Policy
Information Sharing Policy REFERENCE NUMBER IG 010 / 0v3 February 2013 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive Committee 5.2.13 REVIEW DUE DATE February 2016 West Lancashire CCG is committed
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying
More informationInformation Governance Policy
Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date
More informationIntroduction to the NHS Information Governance Requirements
Introduction to the NHS Information Governance Requirements 2 Version April 2014 Information Governance ensures necessary safeguards for, and appropriate use of, patient and personal information. The widely
More informationInformation Governance and Data Protection Policy
Information Governance and Data Protection Policy Page 1 of 21 Document Control Sheet Name of document: Version: Owner: File location / Filename: Information Governance and Data Protection Policy Final
More informationINFORMATION GOVERNANCE POLICY
Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):
More informationHighland Council Information Security Policy
Highland Council Information Security Policy Document Owner: Vicki Nairn, Head of Digital Transformation Page 1 of 16 Contents 1. Document Control... 4 Version History... 4 Document Authors... 4 Distribution...
More informationShropshire Community Health Service NHS Trust Policies, Procedures, Guidelines and Protocols
Shropshire Community Health Service NHS Trust Policies, Procedures, Guidelines and Protocols Title Trust Ref No 1340-29497 Local Ref (optional) Main points the document covers Who is the document aimed
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Version Version 1 Ratified By Date Ratified PROPOSED FOR APPROVAL 15/11/12 Author(s) Responsible Committee / Officers Date Issue November 2012 Review Date November 2013 Intended
More informationMerthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationPolicies, Procedures, Guidelines and Protocols
Title Trust Ref No 1545/17322 Local Ref (optional) Main points the document covers Who is the document aimed at? Author Approved by (Committee/Director) Policies, Procedures, Guidelines and Protocols Document
More informationInformation Governance Strategy 2015/16
Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal
More informationAll CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.
Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title
More informationNon ASPH Trust Staff - DATA ACCESS REQUEST Page 1/3
Paper 9 Non ASPH Trust Staff - DATA ACCESS REQUEST Page 1/3 Please ensure that all THREE pages of this contract are returned to: Information Governance Manager, Health Informatics, Chertsey House, St Peter
More informationPersonal Data Handling and Sharing Policy
Personal Data Handling and Sharing Policy Originator Richard Gibson Date 20 June 2012 Verifier Lynda Oliver Date 20 June 2012 Reviewed Richard Gibson, Lynda Oliver Date July 2013 Contents Page 1. Introduction
More informationSOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager
SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY Report to the Trust Board 22 September 2015 Sponsoring Director: Author: Purpose of the report: Key Issues and Recommendations: Director
More informationINFORMATION GOVERNANCE HANDBOOK
INFORMATION GOVERNANCE HANDBOOK SECTION ONE Author Tracey Burrows Role Information Governance Manager (CSCSU) Date / Version February 2015 Version FINAL V1.0 Approved by IM&T Board Date 27 February 2015
More informationStaff Information Governance Manual. All you need to know about Information Governance in one place
Staff Information Governance Manual All you need to know about Information Governance in one place CONTENTS Page 1. The roles of the Caldicott Guardian and the Senior Information Risk Owner 1 2. Fair Processing
More informationDATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff
DATA PROTECTION IT S EVERYONE S RESPONSIBILITY An Introductory Guide for Health Service Staff 1 Message from Director General Dear Colleagues The safeguarding of and access to personal information has
More informationINFORMATION GOVERNANCE STRATEGY NO.CG02
INFORMATION GOVERNANCE STRATEGY NO.CG02 Applies to: All NHS LA employees, Non-Executive Directors, secondees and consultants, and/or any other parties who will carry out duties on behalf of the NHS LA.
More informationInformation Governance Strategy. Version No 2.0
Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent
More informationInformation Governance Framework
Information Governance Framework Authorship: Chris Wallace, Information Governance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date: March
More informationNETWORK SECURITY POLICY
NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet
More informationNHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety
More informationScottish Rowing Data Protection Policy
Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this
More informationInformation Incident Management. and Reporting Policy
Information Incident Management and Reporting Policy Policy ID IG10 Version: 1 Date ratified by Governing Body 21/3/2014 Author South CSU Date issued: 21/3/2014 Last review date: N/A Next review date:
More informationData Access Request Service
Data Access Request Service Guidance Notes on Security Version: 4.0 Date: 01/04/2015 1 Copyright 2014, Health and Social Care Information Centre. Introduction This security guidance is for organisations
More informationDATA PROTECTION AND DATA STORAGE POLICY
DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether
More informationNHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT
NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT 9.7 Date of the meeting 15/07/2015 Author Sponsoring Clinician Purpose of Report Recommendation J Green - Head
More informationTameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:
Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether
More informationInformation Governance Policy
Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups
More informationInformation Governance. and what it means for you
Information Governance and what it means for you 1 Content Introduction 3 Who are we? 4 What is Information Governance? 4 Purpose of Holding Information 5 Confidentiality and Security 5 Accuracy of Information
More informationInformation Governance Policy
Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September
More informationNHS Waltham Forest Clinical Commissioning Group Information Governance Policy
NHS Waltham Forest Clinical Commissioning Group Information Governance Policy Author: Zeb Alam & David Pearce Version 3.0 Amendments to Version 2.1 Updates made in line with National Guidance and Legislation
More informationFurther to reports to EAG in February and March 2014, the purpose of this report is to;
Report to: Trust Board of Directors Date of Meeting: 29 May 2014 Report Title: Annual Information Governance Report 13/14 Status: Mark relevant box with X Prepared by: Executive Sponsor (presenting): Appendices
More informationSubject Access Request (SAR) Procedure
Subject Access Request (SAR) Procedure East and North Hertfordshire Clinical Commissioning Group Page 1 of 16 DOCUMENT CONTROL SHEET Document Owner: Chief Finance Officer Document Author(s): Anne Ephgrave
More informationInformation Governance Strategy & Policy
Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information
More informationSECURITY POLICY REMOTE WORKING
ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY REMOTE WORKING Introduction This policy defines the security rules and responsibilities that apply when doing Council work outside of Council offices
More informationData Protection Policy
Data Protection Policy Version: V1 Ratified by: Operational Management Executive Committee Date ratified: 26 September 2013 Name and Title of originator/author(s): Chris Brady, FOI, Data Protection and
More informationSecure Storage, Communication & Transportation of Personal Information Policy Disclaimer:
Secure Storage, Communication & Transportation of Personal Information Policy Version No: 3.0 Prepared By: Information Governance, IT Security & Health Records Effective From: 20/12/2010 Review Date: 20/12/2011
More informationInformation Management Handbook for Schools. Information Management Handbook for Schools London Borough of Barnet
Information Management Handbook for Schools London Borough of Barnet Document Name Document Description Information Management Handbook for Schools This document is intended for use by Barnet Borough Schools.
More informationInformation Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.
Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments
More informationCardiff Council. Data protection audit report. Executive summary June 2014
Cardiff Council Data protection audit report Executive summary June 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act 1998
More informationData protection. Report on the data protection guidance we gave schools in 2012
Data protection Report on the data protection guidance we gave schools in 2012 Contents 1. Background 2. Summary of recommendations 3. tification 4. Personal data 5. Fair processing 6. Information security
More informationCaedmon College Whitby
Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be
More informationPAPER RECORDS SECURE HANDLING AND TRANSIT POLICY
PAPER RECORDS SECURE HANDLING AND TRANSIT POLICY CORPORATE POLICY Document Control Title Paper Records Secure Handling and Transit Policy Author Information Governance Manager ** Owner SIRO/CIARG Subject
More informationData Protection and Information Security Policy and Procedure
Data Protection and Information Security Policy and Procedure Document Detail Category: Data Protection Authorised By: Full Governing Body Author: School Business Manager Version: 1 Status: Approved May
More informationWest Midlands Police and Crime Commissioner Records Management Policy 1 Contents
West Midlands Police and Crime Commissioner Records Management Policy 1 Contents 1 CONTENTS...2 2 INTRODUCTION...3 2.1 SCOPE...3 2.2 OVERVIEW & PURPOSE...3 2.3 ROLES AND RESPONSIBILITIES...5 COMMISSIONED
More informationNHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing
More informationHuman Resources Policy documents. Data Protection Policy
Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and
More informationSo the security measures you put in place should seek to ensure that:
Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.
More informationInformation Governance Strategy Includes Information risk & incident management methodology
Version 2.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality & Governance Committee Ratification date: May 2014 Review date: May
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY POLICY NO IM&T 011 DATE RATIFIED January 2012 NEXT REVIEW DATE January 2015 POLICY STATEMENT/KEY OBJECTIVE: To provide an overarching framework through which Information Governance
More informationPS177 Remote Working Policy
PS177 Remote Working Policy January 2014 Version 2.0 Statement of Legislative Compliance This document has been drafted to comply with the general and specific duties in the Equality Act 2010; Data Protection
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:
More informationMONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY
MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency
More informationA Question of Balance
A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What
More informationInformation Governance Staff Handbook. Information Governance Staff Handbook
Information Governance Staff Handbook Information Governance Staff Handbook August 2014 Version 2 Page 1 of 35 Document History Document Reference: IG42 The document compliments all other Information Governance
More informationInformation Incident Management and Reporting Procedures
` Information Incident Management and Reporting Procedures Compliance with all CCG policies, procedures, protocols, guidelines, guidance and standards is a condition of employment. Breach of policy may
More information