Information Governance Plan

Similar documents
INFORMATION GOVERNANCE STRATEGY

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

Information Governance Strategy

Information Governance Toolkit Report 2013/14

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

Information Governance Strategy. Version No 2.0

Information Governance Policy

Information Governance Policy

INFORMATION GOVERNANCE POLICY

Information Governance Strategy :

Policy Document Control Page

Information Governance Strategy

Information Governance Policy

Information Governance Standards in Relation to Third Party Suppliers and Contractors

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY

Information Governance Policy

Version Number Date Issued Review Date V1 25/01/ /01/ /01/2014. NHS North of Tyne Information Governance Manager Consultation

Information Security Assurance Plan 2015/16

Information Governance Policy

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

Information Governance Policy

NHS Commissioning Board: Information governance policy

Information Governance Strategy 2015/16

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT

Information Governance Strategy. Version No 2.1

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE STRATEGY NO.CG02

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16

Information Governance and Data Protection Policy

Information Governance Framework and Strategy. November 2014

Information Governance Strategy

Information Governance Policy

INFORMATION GOVERNANCE POLICY

Information Governance Strategy

A Question of Balance

SALISBURY NHS FOUNDATIONTRUST

Information Governance Policy

INFORMATION GOVERNANCE POLICY & FRAMEWORK

INFORMATION GOVERNANCE POLICY

Information Governance Policy (incorporating IM&T Security)

INFORMATION GOVERNANCE POLICY

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.

NHS Waltham Forest Clinical Commissioning Group Information Governance Policy

INFORMATION GOVERNANCE POLICY

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs

INFORMATION GOVERNANCE POLICY

Further to reports to EAG in February and March 2014, the purpose of this report is to;

Information Governance Management Framework

Information Governance Policy

Information Governance Framework

INFORMATION GOVERNANCE POLICY

Information Governance Toolkit Assessment 2009/10

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.

Policies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1

Policy Checklist. Head of Information Governance

INFORMATION GOVERNANCE POLICY

D-CRIS Information Governance Assurance

INFORMATION GOVERNANCE HANDBOOK

Lancashire County Council Information Governance Framework

Information Governance Strategy

NHS Waltham Forest Clinical Commissioning Group Information Governance Strategy

Information Governance Training Plan v13

How To Ensure Information Security In Nhs.Org.Uk

Date: 30 th May Agenda Item: 5.5. Ian Mackenzie Director of Information and Estates REPORT AUTHOR:

Information Governance Strategy & Policy

INFORMATION GOVERNANCE POLICY

Information Governance Policy

Gloucestershire Hospitals

INFORMATION GOVERNANCE POLICY & STRATEGY FINAL DRAFT

Information Governance Framework

Trust Informatics Policy. Information Governance. Information Governance Policy

General Register Office for Scotland information about Scotland s people. Paper NHSCR GB 1/08. NHSCR Scotland Information Governance Standards

Information Governance Management Framework

Information Governance Policy

INFORMATION GOVERNANCE POLICY

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September Information Governance Manager

JOB DESCRIPTION. Information Governance Manager

NETWORK SECURITY POLICY

UCL Information Governance Framework Trevor Peacock UCL School of Life and Medical Sciences

Information Governance

Information Governance Policy

INFORMATION GOVERNANCE

Information Governance Policy

Information Governance Policy. Church Road Medical Practice

Information Governance Strategy Includes Information risk & incident management methodology

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE.

Information Management Strategy. July 2012

INFORMATION RISK MANAGEMENT POLICY

Document No: IG10f. Version: 1.0. Information Governance Contracts Guidance. Name of Procedure: Version Control

How To Ensure Network Security

RECORDS MANAGEMENT POLICY

Information Security and Governance Policy

South East Coast Ambulance Service NHS Trust. Information Governance Working Group. Terms of Reference

Information Governance Policy

Transcription:

Information Governance Plan 2013 2015

1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources. NHS Stockport Clinical Commissioning Group aims to safeguard patient confidentiality and maintain data security. 1.2 Information Governance (IG) is the way in which the NHS handles all of its information, in particular the personal and sensitive information relating to patients and employees. It provides a framework to ensure that personal information is dealt with legally, securely, efficiently and effectively, in order to deliver the best possible care. It also offers NHS employees a clear structure to deal consistently with the many different rules about how information is handled, including those set out in: The Data Protection Act 1998; The common law duty of confidentiality; The Confidentiality NHS Code of Practice; The NHS Care Record Guarantee for England; The Social Care Record Guarantee for England; The international information security standard: ISO/IEC 27002: 2005; The Information Security NHS Code of Practice; The Records Management NHS Code of Practice; The Freedom of Information Act 2000. 1.3 Ensuring that our staff and clinical leaders are suitably equipped to manage this important area of work is a key priority for NHS Stockport CCG and integral to our capacity to deliver on plans to build local trust, as outlined in our Communications & Engagement Strategy. 2. CCG Principles 2.1 As an evidence-based organisation, we will collect and use a wide range of data to ensure that our decisions reflect the needs of local people. In doing so, we will take all necessary steps to ensure that patient and employee data is safeguarded and used within the parameters of national legislation to improve patient care. 2.2 Our work will be guided by the following principles: 2.3 Confidentiality Information must be secured against unauthorised access. Information Sharing Protocols must be in place for any data sharing. 2.4 Integrity Information must be safeguarded against unauthorised modification. Efforts will be undertaken to ensure that all information is correct. 2.5 Openness

Information must be accessible to authorised users at times when they require it. Patients will have ready access to information relating to their own health care, their options for treatment and their rights as patients. Non-confidential information on NHS Stockport CCG and its services will be available to the public through a variety of media, including a Publication Scheme in line with the Freedom of Information Act. 3. Accountability & Responsibilities 3.1 While the principles of Information Governance apply to all employees of NHS Stockport CCG, a structure is in place to monitor progress, minimise risks, advise and train staff, and ensure that NHS Stockport CCG meets its legal responsibilities. 3.2 Senior Information Risk Owner The Senior Information Risk Owner (SIRO) is responsible for fostering a culture for protecting and using data. The role provides a focal point for managing information risks and incidents and is concerned with the management of all information assets. NHS Stockport CCG has appointed its Chief Financial Officer to take on the role of SIRO. 3.3 Caldicott Guardian Each NHS organisation must have a Caldicott Guardian - a senior person responsible for protecting the confidentiality of patient and service-user information and enabling appropriate information-sharing. NHS Stockport CCG has appointed its Public Health Consultant on the Governing Body to take on the role of Caldicott Guardian. 3.4 Information Governance Lead / Data Protection Officer At an operational level, information governance and data protection will be led by the Head of Compliance, within NHS Stockport CCG s Strategy & Governance Directorate. 3.5 Information Asset Owners Each Directorate within NHS Stockport CCG will identify an Information Asset Owner (IAO). Their role is to understand and address risks to the information assets they own, and to provide assurance to the SIRO on the security and use of those assets. They will be responsible for developing information asset registers for all key information sources within their authority. 3.6 Information Asset Administrators Each Directorate will also nominate an Information Asset Administrator (IAA) with responsibility for updating data within the team s information assets. The IAA will be responsible for identifying any actual or potential security incidents, consult their IAO on incident management and ensure that all information asset registers are up-to-

date and accurate. 3.7 Freedom of Information The administration of Freedom of Information (FOI) requests will be handled centrally within the Corporate team. All Directorates will have a responsibility to ensure that requests are responded to within the 20 working day time limit. NHS Stockport has appointed the Chief Finance Officer as the Governing Body lead on FOI. 3.8 All staff, whether permanent, temporary or contracted, are responsible for ensuring that they are aware of the requirements incumbent upon them and for ensuring that they comply with these on a day to day basis. Staff will undertake annual IG training through Connecting for Health s e-learning tool. 4. Monitoring Arrangements 4.1 It is the role of Audit Committee to define NHS Stockport CCG s policies in respect of Information Governance, taking into account legal and NHS requirements. 4.2 The Senior Information Risk Owner (SIRO) will report quarterly to Audit Committee on: o Information Security Risks o Information Security Incidents o Data Quality o Staff Training o Progress on the IG Toolkit. 4.3 On an annual basis, Audit Committee will update the Governing Body on NHS Stockport CCG s progress in terms of the Information Governance Toolkit. Any matters of concerns arising will be reported to the Governing Body on an ad-hoc basis. 5. Information Governance Toolkit 5.1 The IG Toolkit is an online system which allows NHS organisations and partners to assess themselves against Department of Health Information Governance policies and standards. It also allows members of the public to view progress reports, offering assurance to our patients that we prioritise their privacy and take all reasonable steps to maintain the confidentiality of their data. 5.2 Over 2011/12 clinical leads on the Governing Body requested that NHS Stockport undertook a major improvement project to develop Information Governance capacity and procedures within the organisation. The project resulted in attainment of level two for all areas of the toolkit, with the exception of 2 requirements, due to a lack of time for all Information Asset Owners and Administrators to undertake all training courses. 5.3 NHS Stockport CCG intends to build upon this work to ensure that the CCG assures

compliance in this important area. A project plan has been developed to review and transfer the recently upgraded IG provision of the PCT over to the CCG. A major part of this work plan will be the review and transfer of existing PCT processes and procedures to the CCG. 5.4 An initial assessment of the requirements for CCGs under Version 10 of the NHS's IG Toolkit suggests that NHS Stockport CCG is fully compliant with its IG responsibilities, comfortably meeting level 2 in all 27 requirements (the requirement for version 9 of the toolkit in 2011/12), and is on target to achieve level 3 in 14 areas by the 31 March 2013, through implementation of the CCG's IG transition plan. Attainment s for All Initiatives 1 0 14 13 Not Yet Answered 0 1 2 3 Not Relevant See full breakdown by requirement in appendix 1. 5.5 This would give NHS Stockport CCG a score of 83%. The target level for CCGs in this first year of our IG Toolkit submission is to achieve a score of 80%. 0 1 2 3 N/A Score Information Governance Management 0 0 1 4 0 93% Confidentiality and Data Protection Assurance 0 0 3 4 1 85% Information Security Assurance 0 0 8 5 0 79% Clinical Information Assurance 0 0 1 1 0 83% All Initiatives 0 0 13 14 1 83% 6. Next Steps 6.1 We will put in place a post authorisation workplan to take NHS Stockport CCG s IG Toolkit score up to 100% over the next three financial years. 6.2 Using the parameters of the IG Toolkit, the workplan will focus on the areas identified for improvement in our baseline submission and will include:

Calendar of staff training sessions Review, amend and adopt IG policies and procedures for the new CCG Review and update all Information Sharing Protocols Convene IAOs and IAAs with the SIRO to review the Information Asset Register of the old PCT and develop a new register for NHS Stockport CCG Map data flows within the organisation Agree core IG clauses for all staff and provider contracts Undertake internal assurance checks Undertake assurance checks on provider organisations.

Appendix 1 - IG Toolkit Baseline Submission 31 July 2012 Req No Description Information Governance Management 10-130 There is an adequate Information Governance Management Framework to support the current and evolving Information Governance agenda 10-131 There are approved and comprehensive Information Governance Policies with associated strategies and/or improvement plans 10-132 Formal contractual arrangements that include compliance with information governance requirements, are in place with all contractors and support organisations 10-133 Employment contracts which include compliance with information governance standards are in place for all individuals carrying out work on behalf of the organisation 10-134 Information Governance awareness and mandatory training procedures are in place and all staff are appropriately trained Confidentiality and Data Protection Assurance 10-230 The Information Governance agenda is supported by adequate confidentiality and data protection skills, knowledge and experience which meet the organisation s assessed needs 10-231 Staff are provided with clear guidance on keeping personal information secure and on respecting the confidentiality of service users 10-232 Personal information is only used in ways that do not directly contribute to the delivery of care services where there is a lawful basis to do so and objections to the disclosure of confidential personal information are appropriately respected 10-233 Individuals are informed about the proposed uses of their personal information 10-234 There are appropriate procedures for recognising and responding to individuals requests for access to their personal data 10-235 There are appropriate confidentiality audit procedures to monitor access to confidential personal information 10-236 All person identifiable data processed outside of the UK complies with the Data Protection Act 1998 and Department of Health guidelines 10-237 All new processes, services, information systems, and other relevant information assets are developed and implemented in a secure and structured manner, and comply with IG security accreditation, information quality and confidentiality and data protection requirements Past (PCT) Current Target 1 3 3 NR NR NR

Req No Description Information Security Assurance 10-340 The Information Governance agenda is supported by adequate information security skills, knowledge and experience which meet the organisation s assessed needs 10-341 A formal information security risk assessment and management programme for key Information Assets has been documented, implemented and reviewed 10-342 There are established business processes and procedures that satisfy the organisation s obligations as a Registration Authority 10-343 Monitoring and enforcement processes are in place to ensure NHS national application Smartcard users comply with the terms and conditions of use 10-344 Operating and application information systems (under the organisation s control) support appropriate access control functionality and documented and managed access rights are in place for all users of these systems 10-345 An effectively supported Senior Information Risk Owner takes ownership of the organisation s information risk policy and information risk management strategy 10-346 Business continuity plans are up to date and tested for all critical information assets (data processing facilities, communications services and data) and service - specific measures are in place 10-347 Policy and procedures are in place to ensure that Information Communication Technology (ICT) networks operate securely 10-348 Policy and procedures ensure that mobile computing and teleworking are secure 10-349 There are documented incident management and reporting procedures 10-350 All transfers of hardcopy and digital personal and sensitive information have been identified, mapped and risk assessed; technical and organisational measures adequately secure these transfers 10-351 All information assets that hold, or are, personal data are protected by appropriate organisational and technical measures 10-352 The confidentiality of service user information is protected through use of pseudonymisation and anonymisation techniques where appropriate Clinical Information Assurance 10-420 The Information Governance agenda is supported by adequate information quality and records management skills, knowledge and experience 10-421 There is consistent and comprehensive use of the NHS Number in line with National Patient Safety Agency requirements PCT Current Target 1 3 3

Version Control Document Amendment History: Date Version Author Changes 31.07.2012 1.0 Angela Beagrie Initial draft 10.08.2012 1.1 Tim Ryley Various from first read through by senior staff 13.08.2012 1.2 Angela Beagrie Inserted leadership roles and next steps Reviewers: This document has been reviewed by the following: Name Role Date Gary Jones SIRO Dr Vicci Owen-Smith Caldicott Guardian Approvals: This document has been approved by the following: Name Role Date Dr Ranjit Gill Chief Clinical Officer Gaynor Mullins Chief Operating Officer Distribution: Controlled copy stored on SharePoint site Information Governance Plan 2013-2015 Page 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information