Information Governance
What you will learn in this session? 1. Principles of Information Governance and their application to health and social care organisations 2. Accessing Information Governance resources including national legislation, guidance and local policies & procedures 3. Health and social care organisations responsibilities 4. Protection of an individual s confidentiality and the Caldicott Principles 5. How to practice and promote a confidential service 6. Principles of ensuring and maintaining good client records 7. Recognising / responding to Freedom of Information requests 8. Keeping Information Secure
What is Information Governance? Information Governance is about how health and social care organisations and their employees must handle sensitive information IG is to do with how NHS/Social Care organisations and individuals handle information
A framework of legal and ethical principles that apply when sensitive information is collected, processed and shared What is Information Governance? Different Data Sets: Personal & Sensitive (Healthcare records) Person based & anonymous (Research data) Corporate (Trust Financial Accounts) How organisations & individuals handle personal & sensitive information Excellent Care is built on a Foundation of confidence & trust Principles of Law and best practice Slide 4 of 21
What is Information? Personal Sensitive Corporate Examples Name, Address, Date of Birth, Next of Kin Ethnicity, Diagnosis, Illness & Disorders, Sexual Orientation Minutes of Meetings, Employee Details, Financial Information
Why is Information Governance so important? For patients and service users Information is critical for safe, timely and effective care Information is sensitive Excellent healthcare is built on a foundation of confidence & trust
Why is Information Governance so important? For an employee Sensitive information Ethical and legal responsibility of every employee Information must be: accessed, used & shared appropriately
Why is Information Governance so important? For a health or social care organisation Ethical and legal responsibility of every organisation Breaches of confidentiality costs money and reputation
Information Governance requirements for health & social care organisations ; All information must be: Trust policies, guidelines and procedures H eld securely and confidentially O btained fairly and efficiently R ecorded accurately and reliably U sed effectively and ethically S hared appropriately and lawfully
The Law and Information Governance Common Law Duty of Confidentiality Computer Misuse Act 1990 Data Protection Act 1998 The Human Rights Act 1998 The Freedom of Information Act 2000 People have legal rights through common law to confidentiality It is an offence to access / attempt to access computer systems without appropriate authorisation States legal obligations for the collection, use, sharing and disclosure of personal information Enshrines a basic human right for all to have the right to privacy Allows the public to request information held by Public Authorities
Standards, Policies & Codes of Practice Information Security Standards ISO/IEC 17799: 2005 and IS Management NHS Code of Practice The NHS Confidentiality Code of Practice The Records Management NHS Code of Practice Information Quality Assurance
Always follow the Caldicott Principles The Caldicott principles must be used when accessing and using Patient Identifiable Information (PID) or confidential information and which must be maintained by all healthcare organisations. Justify the purpose of using confidential information Only use it when absolutely necessary Use the minimum information required Allow access on a strict need-to-know basis Always understand your responsibility Understand and comply with the law The duty to share information can be as important as the duty to protect patient confidentiality Slide 12 of 21
Caldicott Guardians Q. Who is a Caldicott Guardian? A. A senior person in the organisation responsible for ensuring the Caldicott principles are applied and maintained Q. Are you unsure whether to disclose? A. Don t disclose Ask your manager or the Caldicott Guardian
Subject Access Requests Individuals have the right to access sensitive information including paper, computer records and other related information Patients can request access to their medical record Employees can request access to their personal records
What is a Freedom of Information (FOI) Request? A request for official information held by Public Bodies such as hospital trusts Public have a right to access/view all non-personal, public authority information Purpose is to promote openness & accountability Requests must be made in writing There are Exemptions Law requires that any FOI request must receive a response within 20 days Direct Freedom of Information requests to the Lead in your Organisation
Can you recognise a Freedom of Information (FOI) Request? Dear Sir/Madam, I would like to know how much the Trust is spending on the new A&E unit due to be completed in March 2014. I would like a list of the new medical and non medical equipment being purchased for this unit. Yours sincerely Daniel Radcliffe MP Dear FOI Lead, I have recently undergone an operation on my hip at your Trust and would like to see all the notes in my health record regarding this period of care. Please give me an indication of when this information can be provided to me. Yours sincerely Mrs A Smith
Duty of Confidence You have a legal duty to protect and maintain confidentiality There s a confidentiality clause in your contract of employment You have a professional duty of confidence It s in your Code of Professional Conduct Slide 17 of 21
Duty of Confidence Be careful and cautious when answering the telephone: Callers request information under false pretences Requests for information need to be verified If possible, always obtain requests in writing Are you unsure? Don t disclose Ask your manager or the Caldicott Guardian who s responsible for ensuring confidentiality
Good Quality Record Keeping Does a record already exist? Records must be clear, factual, accurate & complete Can everybody else read them? Complete them quickly! Make sure they dated, timed and signed Keep information up-to-date Store them safely Read them, check them, then check again! Slide 19 of 21
Good Quality Record Keeping Check the minimum period records have to be retained Are you deleting records? If so check the organisation s Disposal of Records Policy and Procedures
Information Security Information security is about ensuring information is: Protected and secure Reliable Available to authorised users only Any breaches of data security, no matter how small must be reported Your responsibilities are to ensure: Records are correctly stored Passwords are kept secure Report inappropriate disclosures Safe Haven processes when faxing are used Delete spam mail without opening You don t download unauthorised software You use IT equipment correctly
Information Security A serious matter Organisations have systems in place to monitor the access, use of systems and information by staff Failure to comply with legal obligations or organisational policy & guidelines could mean disciplinary and legal action being taken
Your Responsibilities DO Protect an individual s information Be aware of national & local information, Policy & Procedures Inform patients how information is used and when it may be disclosed Help to improve the way organisation protects information Report any suspected or actual breaches of information security Seek advice from the appropriate leads if you have any Information Governance concerns DON T Send confidential, personidentifiable data without applying the required encryption/security measures Store Personal/Sensitive information on unencrypted and unauthorised portable devices Disclose confidential information with unauthorised people Leave person-identifiable data (PID) unattended or in vehicles Access inappropriate websites Use an organisation's equipment or information to promote private business or for financial gain
Further advice Useful sources of Information and links Contact your local Information Governance Manager or Lead Useful Links Information Commissioners Office www.ico.org.uk/ Connecting for Health Toolkit www.igt.hscic.gov.uk/
Thank you for the support in developing these materials Michael Abbotts St Helens and Knowsley NHS Hospitals Trust Jonathan Mayes Information Risk Manager Pennine Care NHS Foundation Trust Trish Noon Information Governance Manager Pennine Acute Hospitals NHS Trust Trish s original presentation was used as the basis for these materials Barbara Smart Data Protection Liaison Officer Royal Liverpool and Broadgreen University Hospitals NHS Trust Cora Suckley Information Governance Project Coordinator The Clatterbridge Cancer Centre NHS Foundation Trust Menna Harland Academic Lead for Practice Learning Liverpool John Moores University Nick Moseley Moseley Multimedia Ltd
THANK YOU Any Questions? Insert trainer s name, telephone number and email here