OxCCARE Information Governance Policy



Similar documents
INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

Personal Data Handling and Sharing Policy

De-identification of Data using Pseudonyms (Pseudonymisation) Policy

The Leeds Teaching Hospitals NHS Trust. Research & Development Department DATA PROTECTION IN RESEARCH GUIDANCE NOTES FOR RESEARCHERS

Information Governance Statement: Protocol on data collected by the audit

CONTACTING SERVICE USERS BY TEXT MESSAGES (SMS) POLICY

Information Sharing Policy

2. Reporting The national clinical audit is on the list of mandatory national audits for inclusion in Trust s Quality Accounts.

A Framework for the Safe and Secure Use & Management of Community Pharmacy NHSmail including Generic Mailboxes

MINAP Web-portal Guide

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE

USC Marshall School of Business ShareFile_With_Outlook_Client_v2.docx 6/12/13 1 of 9

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February Title: Information Security Policy

Outlook . Step 1: Open and Configure Outlook

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

Research Governance Standard Operating Procedure

NHS Fife. Your Risk - Information Governance and Security Survey

HSCIC Audit of Data Sharing Activities:

Accessing Personal Information on Patients and Staff:

Creating a New Project

MANAGING SHARED AREAS: FILE STRUCTURES

Remote Data Extraction Policy and Procedure

INPS Remote Vision MIQUEST Training Manual

Access Control and Audit Trail Software

Name of responsible committee: Information Governance Board Date issued: 15 th April 09 Review date: 14 th April 11 Referenced Documents:

Safe Haven Policy. Equality & Diversity Statement:

your hospitals, your health, our priority STANDARD OPERATING PROCEDURE: Safe Haven Procedure TW SOP 3 SOP NO: VERSION NO:

How To Login To A Website On A Pc Or Mac Or Mac (For Pc Or Ipad)

Installing SmartGate Remote Backup (Ahsay) Software

GMC Connect User Guide v1.1

Copyright 2016 Health and Social Care Information Centre

Produced by: Flinders University Centre for Educational ICT

Managing & Validating Research Data

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

Version Number Date Issued Review Date V1 25/01/ /01/ /01/2014. NHS North of Tyne Information Governance Manager Consultation

NHS Business Services Authority Registration Authority and Smartcard Management Procedure

Mobility and Young London Annex 4: Sharing Information Securely

Vehicle Fleet Manager 3.0. User guide

Secure A Guide for Users

USE OF PERSONAL MOBILE DEVICES POLICY

UCLH VPN User Guide. January VPN User Guide v

DSS Data Exchange Task Card 1 How to access the DSS Data Exchange

RD SOP17 Research data management and security

Information governance guidance for schools

OneDrive in Office 365

Policy: Remote Working and Mobile Devices Policy

WSF SPIN Registration Guide. for players and administrators

How to Manage Subcontractor Agreements & Policy

Children s Service. Secure Guide for external users

INFORMATION RISK MANAGEMENT POLICY

Case Recording Practice Adults Services

SingTel PowerON Desktop Backup

Secure Storage, Communication & Transportation of Personal Information Policy Disclaimer:

Personal data - Personal data identify an individual. For example, name, address, contact details, date of birth, NHS number.

Motor Insurance Database Phase II 4 th EU Motor Insurance Directive. Attended file transfer

User Guide. Chapter 1. SitePublish: Content Management System

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY

How do I share a file with a friend or trusted associate?

ESA FAQ. Self Administration Frequently Asked Questions

Remote Access End User Guide (Cisco VPN Client)

Information Governance

A Quick and Easy Guide to PERSONAL ONLINE BANKING

1. Open the Account Settings window by clicking on Account Settings from the Entourage menu.

Mass Announcement Service Operation

Acclipse Document Manager

Governance. Information. Bulletin. Welcome to the nineteenth edition of the information governance bulletin

System requirements 2. Overview 3. My profile 5. System settings 6. Student access 10. Setting up 11. Creating classes 11

The latest in online FX trading

Information Circular

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers

Last Revised: 2/16/2010. Microsoft Office SharePoint 2007 User Guide

Directed Enhanced Services User Guide. Emergency Hormonal Contraception

Egnyte App for Android Quick Start Guide

Secure Message Center User Guide

Policy. Information Steering Group. Version Author Date Reason for review 0.0 Andrew Thomas July Neil Taylor August 2013

Site Monitor. Version 5.3

Information Security Assurance Plan 2015/16

How To Use Webmail. Guiding you through the Universities online

Cloud Services. Lync. IM/ Web Conferencing Admin Quick Start Guide

Online Payments. Intel Learn Easy Steps Activity Card

Develop Education Business Partnership

Implementation of Internal Audit Recommendations: Summary of Progress Report by Head of Finance

Administrator Quick Start Guide

Quick Tips For Full-Access Accounts

Information Governance Policy

POLICY DOCUMENT. Policy on Mobile / Portable Computing Devices and Data Security. Release: Final Date Created: 3 March 2009

INFORMATION SECURITY POLICY

The latest in online FX trading

Information Sharing Protocol

Title: Recording Patient and Specimen Information on the Inventory System. Version Approver: James Edwards Version Approval Date: 25/04/2012

Performance Characteristics of Data Security. Fabasoft Cloud

Backing up your WebCT Course

Health and Social Care Information Centre

Data Protection and Information Security Policy and Procedure

Personal Training. Chapter 27. FrontDesk v PT Specific Program Options. Contract Templates. Set Member s Secure Check In Password

Getting Started with Blackboard A Guide for Students

INFORMATION GOVERNANCE POLICY & FRAMEWORK

Data Protection Policy

USERS MANUAL FOR OWL A DOCUMENT REPOSITORY SYSTEM

Nevada Department of Education. Sponsor Information and Payment System (SIPS) Training Guide

Transcription:

OxCCARE Information Governance Policy Introduction: This document is intended to act as a practical guide to information governance (IG) for all research, audit, quality improvement and service evaluation projects carried out under the umbrella of the Oxford Critical Care & Anaesthetics Research Enterprise (OxCCARE). It is vital in securing the cooperation of individual hospitals and trusts that any OxCCARE project follows good IG practices. A link to The Healthcare Quality Improvement Partnership HQIP guide An Information Governance Guide for Clinical Audit, can be found on the OxCCARE website. Nothing in this OxCCARE policy is intended to override the guidance provided in the HQIP document, and it is recommended that all project leads read it during the planning phases of a project. This OxCCARE guideline should contain sufficient information for individual hospital leads to abide by good IG principles and should be read by all hospital leads, and individual contributors to projects. In addition, it is a requirement of membership of OxCCARE that all members have read this Policy. OxCCARE would like to thank the Welsh Anaesthesia Audit, Research & Engagement Network (WAAREN) for sharing their information governance policy which this OxCCARE policy is based upon. Patient identifiable data: The HQIP guide provides the following advice on the handling of patient information: When planning a project, and deciding what data is to be collected the above principles must be taken into account. Further to this if patient identifiable information (rather than information about patients) is being stored there are far more stringent rules which must be followed, and as such it is always easier to design an audit to avoid storing such information wherever possible. Unfortunately it is difficult to pin down an absolute definition of patient identifiable data. Some things such as name, date of birth and hospital number are obvious; however combinations of other pieces of data could still allow identification of an individual. The HQIP guide provides the following useful definitions:

Practical aspects of data handling and security: The secure handling of data is vital to the ongoing success of OxCCARE projects. It is entirely reasonable to manage this in a wide variety of ways, however the method described below is intended to become a default for OxCCARE projects. Common adoption of this method should ensure that people quickly become familiar with practical aspects of performing data collection, aggregation and transfer, and minimise the risk of data security failure. If there are compelling reasons for different methods of data handling for individual projects these must be clearly specified and justified in the Project Data Governance Checklist when the project is submitted. In

such cases the suitability will be judged against the criteria set down in the HQIP document An Information Governance Guide for Clinical Audit Should you have suggestions for improvements to these procedures please contact the OxCCARE committee (OxCCARE@gmail.com). Problems with individual projects should first be directed to the project lead (please see the OxCCARE website for details of individual project leads) and if problems persist to the IT Lead (via the OxCCARE commmittee). Data handling at individual trust / hospital level: A paper pro-forma may be used for initial data collection, along with patient records if a retrospective project is being completed. The physical security of both of these must be ensured at all times, ideally by being kept in an office that is locked when vacated. Microsoft excel spreadsheets should be used to store all electronic records, and a blank template spreadsheet will be distributed by the project lead. Spreadsheets should be password projected, which can be achieved by clicking the options button in the Save as dialogue box. The password to be used must be agreed ahead of time by the project lead. This spreadsheet should only be stored on the trust network, using the network storage provided with each users login. This ensures both that it is backed up, and that access is restricted. Some trusts encrypt memory sticks for staff, if this is the case these may be used to transfer the spreadsheet so that it can be used on computers which are not logged on with the individuals account, however such data should still not be taken home. It is assumed that most projects will not require patient follow-up once the data has been collected. As such it should only be necessary to identify each record with a sequential identity number in the spreadsheet. Should there be a requirement to re-trace data then two independent spreadsheets should be kept. The first would have the clinical audit data with the sequential identifier, and the second would relate this sequential identifier to the hospital / NHS identifier. This second file would then never leave the local hospitals IT network. Data collation by project lead: All data transfer between Health boards should be electronic only. This can safely be achieved by the use of email addresses exclusively inside the NHS network, i.e. emails of the format @x.nhs.uk or @nhs.net. Under no circumstances is data to be transferred in any other way i.e. using non-nhs email addresses or using physical data media e.g. memory sticks, even if these are encrypted. For the duration of the project all emails should be kept in a dedicated folder owned by the project lead to act as a record of the data transfers that have taken place. Any other tools used to collate or process data e.g. SPSS or Microsoft Access should have their data stored using the same methods described above. Presenting of results between different trusts: When projects are completed it is anticipated that data will be presented outside individual health boards / hospitals (organisations), and also at internal hospital audit meetings. Outside of individual organisations, data should generally presented aggregated across all the organisations involved. Should there be a compelling reason to present data comparing organisations e.g. to present inter-organisation variability, then this must be made clear in the

initial project proposal document so each organisation can take a view on this. In such cases every effort must be made to prevent identification of an individual organisation, however it must be recognsied that the nature of different workloads of different organisations may still make individual units identifiable by virtue of some data points. Each hospital project lead may wish to present their individual organisation s results at a local meeting. In such a case the project lead must provide the individual with both their own organisations data, and the data aggregated across all the organisations involved in the project. Such comparison data should not be shared with anyone outside of the organisation in question. Storage of data once a project is completed: Once a project is completed all data relating to that project should be stored as advised by the HQIP IG policy; that is to say for a five year period. It is suggested that each organisation involved use the Anaesthetic departments shared network storage area, in which they create a folder dedicated to OxCCARE projects. The project lead should store the aggregated data in the department shared network storage area of the department in which they are working at the time. All data in personal network folders (and if applicable on encrypted memory sticks) should then be deleted. At the end of the five year period, it is expected that the OxCCARE hospital lead for each hospital will then delete any data. OXCCARE will keep a record of projects and remind the hospital lead when this period has expired. Breach of Information Governance Standards If any participant in a project is concerned that the IG standards set out here, and in the HQIP guide are not being followed it is vital that these concerns are communicated to the OxCCARE committee. The first point of contact should be the information technology lead, who can then raise concerns with the committee. All communications will be dealt with in confidence. In the event of any loss of data or breach of data security it is vital that the OxCCARE committee are informed at the earliest possible opportunity. A decision will then be taken by the committee on how to proceed. The committee retains the right to withdraw membership from anyone breaching IG standards. Projects that breach IG standards may be cancelled with no prior warning.

Appendix 1 Project Data Governance Checklist Please confirm that you agree to the following information governance principles: If you are completing a project, then it will be registered with each participating trusts clinical audit team or discussed with the anaesthetic audit lead in that trust. Will you remind all of the hospital leads, and anyone else with access to the project data of their information governance responsibilities (all OxCCARE members and leads should have read this document) Comments: With respect to the data you will collect: Please state the goal of the project: What data will you collect to achieve this? If the reason for a given data item is not evident from the stated goal please explain the reason for collecting it: Will it be necessary to trace back any patients after initial data collection? If so please confirm how data will be anonymised / pseudonymised (see main document): NB - If any of the above data is patient identifiable (see section in main document), then you will need to gain consent from the Caldicott Guardian / IG lead from each trust.

Data handling and Security: It is assumed that you will follow the principles described in the data handling section of the OxCCARE information governance policy. If you plan to do so, please simply state OxCCARE IG v1.1 in the fields below. How will electronic or paper data be stored inside individual trusts / hospitals? How will electronic or paper data be transferred for collation by the project lead? How will electronic or paper data be stored by the project lead? What records will be kept of data transfers? How long will the data be kept after completion of the audit?

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information