1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.



Similar documents
Information Governance Policy

Information Governance Policy

Information Governance Policy

SALISBURY NHS FOUNDATIONTRUST

Information Governance Policy

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY

Gloucestershire Hospitals

Information Governance Policy. Church Road Medical Practice

INFORMATION GOVERNANCE POLICY

Policy Document Control Page

Trust Informatics Policy. Information Governance. Information Governance Policy

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY

Information Governance Policy

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs

Information Governance Strategy :

INFORMATION GOVERNANCE POLICY

Information Governance Framework and Strategy. November 2014

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY

Information Governance Policy

Information Governance Strategy 2015/16

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE.

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

Information Governance Policy (incorporating IM&T Security)

Information Governance Strategy

Information Governance Policy

Information Governance Strategy. Version No 2.0

INFORMATION GOVERNANCE STRATEGY

Information Governance Strategy

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

Information Governance Policy

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16

Information Governance Framework

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

Data Protection Policy

CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY. December 2014

INFORMATION GOVERNANCE POLICY

Information Governance Policy

INFORMATION GOVERNANCE POLICY & FRAMEWORK

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE

Information Governance Policy

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16

INFORMATION GOVERNANCE POLICY & STRATEGY FINAL DRAFT

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY

Information Governance Policy

Information Governance Strategy

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

INFORMATION RISK MANAGEMENT POLICY

Information Governance Policy

NHS Commissioning Board: Information governance policy

Information Governance Strategy

Version Number Date Issued Review Date V1 25/01/ /01/ /01/2014. NHS North of Tyne Information Governance Manager Consultation

Information Governance Policy

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

Information Governance Strategy. Version No 2.1

Use and verification of the NHS number for all active patients.

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September Information Governance Manager

NHS Business Services Authority Information Governance Policy

Information Governance Strategy & Policy

INFORMATION GOVERNANCE POLICY

JOB DESCRIPTION. Information Governance Manager

RECORDS MANAGEMENT POLICY

Information governance policy

Information Governance Plan

INFORMATION GOVERNANCE STRATEGY NO.CG02

INFORMATION GOVERNANCE POLICY

Information Governance Policy

Policies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1

INFORMATION GOVERNANCE INFORMATION GOVERNANCE POLICY

Policy Checklist. Head of Information Governance

Information Governance policy

A Question of Balance

Information Governance Policy

Information Governance Strategy Includes Information risk & incident management methodology

Information Governance and Data Protection Policy

The Informatics Policy Information Governance Process

North Cumbria University Hospitals NHS Trust - FoI Enclosure 01. Job Description

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.

NOT PROTECTIVELY MARKED. Suffolk County Council DATA QUALITY POLICY

Lancashire County Council Information Governance Framework

Information Governance Management Framework

Information Governance Standards in Relation to Third Party Suppliers and Contractors

Information Management Policy CCG Policy Reference: IG 2 v4.1

University of Sunderland Business Assurance. Over-arching Information Governance Policy. Document Classification: Public

Information Governance Toolkit Policy

Policy Information Management

How To Ensure Network Security

CORE SKILLS FRAMEWORK INFORMATION GOVERNANCE LESSON NOTES AND TIPS FOR A SUGGESTED APPROACH

How To Ensure Information Security In Nhs.Org.Uk

Information Governance Toolkit Assessment 2009/10

Information Governance Framework

Mobile and Remote Working Policy

NHS Waltham Forest Clinical Commissioning Group Information Governance Policy

Job Description. Information Assurance Manager Band 8A TBC Associate Director of Technology Parklands and other sites as required

Senate. SEN15-P17 11 March Paper Title: Enhancing Information Governance at Loughborough University

Transcription:

Title: Reference No: NHSNYYIG - 007 Owner: Author: INFORMATION GOVERNANCE POLICY Director of Standards First Issued On: September 2010 Latest Issue Date: February 2012 Operational Date: February 2012 Review Date: April 2013 Consultation Process: Policy Sponsor: Ratified and Approved by: Distribution: Compliance: Equality & Diversity Statement: Information Governance Manager Key internal stakeholders (management & staffside); JNCC; LNC Information Governance Steering Group Governance and Quality Committee All staff Mandatory for all permanent & temporary employees, contractors & sub-contractors of NHS North Yorkshire and York Compliant CHANGE RECORD DATE AUTHOR NATURE OF CHANGE VERS No 07/05/2009 IG Manager Draft of new Policy 0.01 28/05/2009 Governance Committee Approval of Policy 1.00 September 2010 IG Manager Draft of new policy 2.00 Dec 2011 IG Team Amendments to reflect the new organisational structure 2.01 Feb 2012 IG Manager Approval of policy 2.02 NHS North Yorkshire and York 2008/2009 Page 1 of 9 Doc Title:\\ NHS NYY Information Governance Policy - vers 2 02-Feb 2012.doc

1 Introduction 1.1 Information Governance is an initiative that addresses the requirements that legislation, ethical guidelines and policy place upon information processing (i.e. the holding, obtaining, recording, use, sharing and disposal of information). 1.2 Information Governance underpins Clinical Governance and Corporate Governance as part of an Integrated Governance approach, encompassed within the Risk Management Framework. Information is a vital asset and resource and in terms of this policy information means all information held by the organisation both corporate and personal. 1.3 Likewise information plays a key part in Service Planning, Legal Services and Performance Management, therefore NHS organisations must have clear standards, policies and procedures for all information processing that comply with the legislation, national and NHS guidance. 1.4 The Department of Health requires NHS Organisations to comply with and adopt the Information Governance standards set out in the Connecting for Health Information Governance Toolkit and the requirements of The Care Quality Commission. NHS Organisations must provide evidence of compliance, through self assessments, annual submissions, supported by annual audits. 1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy. 1.6 NHS North Yorkshire and York has established and will maintain policies and procedures to ensure compliance with all Information Governance requirements. 2 Scope 2.1 This policy applies to all employees of NHS North Yorkshire and York in all locations including the Non-Executive Directors, temporary employees, locums, students, volunteers, and contracted staff. 2.2 This policies covers all aspects of information within the organisation, including (but not limited to): Patient/Client/Service User information Personnel/Staff information Organisational information 2.3 This policies covers all aspects of handling information, including (but not limited to): Structured record systems - paper and electronic Transmission of information fax, e-mail, post and telephone 2.4 This policies covers all information systems purchased, developed and managed by/or on behalf of the organisation. NHS North Yorkshire and York 2008/2009 Page 2 of 9

3 Responsibilities 3.1 Chief Executive. The Chief Executive has overall responsibility to ensure that NHS North Yorkshire and York complies with all legal obligations, relevant legislation, standards and guidelines and to sign off of the Annual Information Governance Assessment. 3.2 Caldicott Guardian. The Caldicott Guardian s role is to: 3.2.1 Actively support the implementation of processes and procedures to ensure Confidentiality and Data Protection are properly embedded within the organisation. 3.2.2 Actively support work to facilitate and enable information sharing and advise on options for lawful and ethical processing of patient identifiable information. 3.2.3 Represent and champion Information Governance (IG) requirements and issues at Board/management team level. 3.3 Director of Standards. The Director of Standards is responsible for: 3.3.1 The Director of Standards is the Board Lead for Information Governance and also acts as the organisations Senior Information Risk Owner. (SIRO) 3.3.2 Overseeing the NHS North Yorkshire and York s Information Governance work programme. 3.3.2 Ensuring this policy and all Information Governance Policies are maintained and made available to staff. 3.3.4 Reviewing the management and accountability for Information Governance. 3.3.5 Obtaining Board approval for and implement any measures required to strengthen information governance arrangements. 3.3.6 Ensuring the Board in adequately briefed on Information Governance issues and the broader information Governance agenda. 3.3.7 Ensuring Information Quality policies and procedures are implemented 3.3.8 Establishment and Implementation of record management systems. 3.4 Director of Finance. The Director of Finance is responsible for: 3.4.1 Establishment of Registration Authority systems and procedures in line will national guidance. 3.5 Directors, Senior and Line Managers. All Directors, Senior and Line Managers are responsible for: 3.5.1 Ensuring that all staff are aware of and understand their obligations and duties in line with this policy. 3.6 NHS North Yorkshire and York Employees. All NHS North Yorkshire and York employees are responsible for: 3.6.1 Ensuring that they understand and comply with their duties and responsibilities in line with this policy. NHS North Yorkshire and York 2008/2009 Page 3 of 9

3.6.2 Attending training and awareness sessions provided by NHS North Yorkshire and York. 4 Policy Objectives To meet the principles of and sustain robust Information Governance 4.1 To meet the requirements of the NHS Operating Framework 2010/11. 4.2 To achieve level 2 compliance against all criterion of the Connecting for Health Information Governance Toolkit and ensure plans are in place to progress beyond this minimum where it has been achieved. 4.3 To meet the requirements of the Care Record Guarantee 4.4 To ensure all staff complete basic IG training as part of the Statutory and Mandatory Training Programme. 4.5 To report on the management of information risks in statements of internal controls and to include details of data loss and confidentiality breach incidents in annual reports 4.6 NHS North Yorkshire and York have an approved Information Governance Strategy and Improvement Plan. 5 Principles of Information Governance 5.1 Openness 5.1.1 Non-confidential information on NHS North Yorkshire and York and its services will be available to the public through a variety of media, in line with NHS North Yorkshire and York s codes of openness. 5.1.2 NHS North Yorkshire and York will establish and maintain policies to ensure compliance with the Freedom of Information Act. 5.1.3 NHS North Yorkshire and York will undertake or commission annual assessments and audits of its policies and arrangements for openness. 5.1.4 Patients will have ready access to information relating to their own health care, their options for treatment and their rights as patients. 5.1.5 NHS North Yorkshire and York will have clear procedures and arrangements for liaison with the press and broadcasting media. 5.1.6 NHS North Yorkshire and York will have clear procedures and arrangements for handling queries from patients and the public. 5.2 Legal Compliance 5.2.1 NHS North Yorkshire and York will through its policies, procedures and guidelines put in place effective arrangements to ensure the confidentiality, security and quality of the personal and corporate information it holds or is held on its behalf. 5.2.2 NHS North Yorkshire and York regard all person identifiable information relating to patients as confidential. 5.2.3 NHS North Yorkshire and York will undertake or commission annual assessments and audits of its compliance with legal requirements. 5.2.5 NHS North Yorkshire and York regards all person identifiable information relating to staff as confidential except where national policy on accountability and openness requires otherwise. NHS North Yorkshire and York 2008/2009 Page 4 of 9

5.2.6 NHS North Yorkshire and York will establish and maintain policies to ensure compliance with the Data Protection Act, Human Rights Act and the common law confidentiality and NHS Code of Practice on Confidentiality. 5.2.7 NHS North Yorkshire and York will establish and maintain policies and procedures for the proactive, controlled and appropriate sharing of patient information within the organisation both for the care of service users and for service management as determined by law, statute and best practice 5.2.8 NHS North Yorkshire and York will establish and maintain policies and procedures to proactive use of information with its partner organisations to support care as determined by law, statute and best practice 5.3 Information Security 5.3.1 NHS North Yorkshire and York will establish and maintain policies for the effective and secure management of its information assets and resources. 5.3.2 NHS North Yorkshire and York will undertake or commission annual assessments and audits of its information and IT security arrangements. 5.3.3 NHS North Yorkshire and York will undertake risk assessments to determine appropriate security controls are in place for existing or potential information systems. 5.3.4 NHS North Yorkshire and York will promote effective confidentiality and security practice to its staff through policies, procedures and training. 5.3.5 NHS North Yorkshire and York will establish and maintain incident reporting procedures and will monitor and investigate all reported instances of actual or potential breaches of confidentiality and security. 5.4 Information Quality Assurance 5.4.1 NHS North Yorkshire and York will establish and maintain policies and procedures for information quality assurance and the effective management of records. 5.4.2 NHS North Yorkshire and York will undertake or commission annual assessments and audits of its information quality and records management arrangements. 5.4.3 NHS North Yorkshire and York Managers are expected to take ownership of, and seek to improve, the quality of information within their services. 5.4.4 Wherever possible, information quality should be assured at the point of collection. 5.4.5 Data standards will be set through clear and consistent definition of data items, in accordance with national standards. 5.4.6 NHS North Yorkshire and York will promote information quality and effective records management through policies, procedures/user manuals and training. 5.5 Records Management 5.5.1 NHS North Yorkshire and York will establish and maintain policies and procedures for the effective management of records. NHS North Yorkshire and York 2008/2009 Page 5 of 9

5.5.2 NHS North Yorkshire and York will undertake or commission annual assessments and audits of its records management. 5.5.3 NHS North Yorkshire and York Managers are expected to ensure effective records management within their service areas. 5.5.4 NHS North Yorkshire and York will promote records management through policies, procedures and training. 5.5.5 NHS North Yorkshire and York will use the Department of Health (DoH) Records Management: NHS Code of Practice (2 nd Edition 2009) as its standard for records management. 6 Training and Awareness 6.1 Information on Information Governance, points of contact for advice and training will be included in the NHS North Yorkshire and York Induction Booklet which will be available to all staff via the NHS North Yorkshire and York Intranet. 6.2 Staff will be made aware of this policy via line management. 6.3 The policy will be available to all staff via the NHS North Yorkshire and York Intranet. 6.4 References to this policy will be included in mandatory and induction training sessions. 7 Achieving objective Objectives will be achieved through the implementation of the approved Information Governance Strategy and Annual Improvement Plans, and through the continuous development of policy, procedures and guidance. 8 Equality and Diversity NHS North Yorkshire and York recognise the diversity of the local community and those in its employ. Our aim is therefore to provide a safe environment free from discrimination and a place where all individuals are treated fairly, with dignity and appropriately to their need. All policies and procedures are assessed in accordance with the Equality & Diversity Assessment Toolkit, the results for which are monitored centrally. 9 Review This policy will be reviewed annually. Earlier review may be required in response to exceptional circumstances, organisational change or relevant changes in legislation or guidance. 10 Monitoring 10.1 Breaches in Information Governance will be reported via the NHS North Yorkshire and York s incident reporting mechanisms and may be subject to investigation. NHS North Yorkshire and York 2008/2009 Page 6 of 9

10.2 The Information Governance Steering Group will develop a routine audit programme to monitor the adequacy of systems and policies and provide reports to the Governance Committee. 11 Discipline Breaches of this policy may be investigated and result in the matter being treated as a disciplinary offence under the NHS North Yorkshire and York s disciplinary procedure. NHS North Yorkshire and York 2008/2009 Page 7 of 9

Annex A Information Governance Policies, Laws and Codes of Practice A1 NHS North Yorkshire and York IG Policies The following documents should be complied with in conjunction with this policy: Information Security Policy Data Protection Policy Confidentiality Policy Subject Access Policy Records Management Policy Safe Haven Policy Registration Authority Policy Freedom of Information Policy Data Quality Policy NHS Number Usage Policy (Under Review) (Under Review) (Under Review) A2 National Legislation All NHS North Yorkshire and York staff are governed by National Legislation including: Data Protection Act 1998. Data Protection (Processing of sensitive Personal Data) Order 2000 Copyright, Designs and Patents Act 1990. Computer Misuse Act 1990. Freedom of Information Act 2000. Access to Medical Records Act 1988. Access to Health Records Act 1990 Human Rights Act 1998. Common Law Duty of Confidence Regulation of Investigatory Powers Act 2000. Crime and Disorder Act 1998. Mental Capacity Act 2005. Human Fertilisation and Embryology (Disclosure of Information) Act 1992. Venereal Diseases Act 1917 and Venereal Diseases Regulations of 1974 and 1992. Abortion Act 1967. The Adoption Act 1976. Public Health (Control of Diseases) Act 1984. Public Health (Infectious Diseases) Regulations 1985. Education Act 1944 (for immunisations and vaccinations to NHS Trusts from schools). Births and Deaths Act 1984. Police and Criminal Evidence Act 1984. NHS North Yorkshire and York 2008/2009 Page 8 of 9

A3 Professional Standards and Codes of Practice All NHS North Yorkshire and York staff are governed by Professional Standards and Codes of Practice including: Report on the Review of Patient - Identifiable Information (Caldicott Report) December 1997. Caldicott Guardian Manual 2006 DoH Confidentiality: NHS Code of Practice (2003) DoH Information Security Management: NHS Code of Practice (2007) DoH Records Management: NHS Code of Practice (2 nd Edition 2009) DoH NHS Information Governance: Guidance on Legal and Professional Obligations (2007) Healthcare Commission Core Standards c9 Records Management Healthcare Commission Core Standards c13c Confidentiality of Patient Information NHS Care Records Guarantee NHS Litigation Authority Risk Management Standards 2003 NHS Information Governance Toolkit and Statement of Compliance Professional codes of conduct (NMC, GMC etc) NHS North Yorkshire and York 2008/2009 Page 9 of 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information