Information Governance Policy



Similar documents
1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.

Information Governance Policy

INFORMATION GOVERNANCE POLICY

CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY. December 2014

Information Governance Policy

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY

Information Governance Policy

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE STRATEGY

Information Governance Policy

Policy Document Control Page

Information Governance Policy (incorporating IM&T Security)

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

Information Governance Strategy. Version No 2.0

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

NHS Business Services Authority Information Governance Policy

Information Governance Strategy. Version No 2.1

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs

Information Governance Policy

Information Governance Policy

INFORMATION GOVERNANCE POLICY

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

Information Governance Plan

Information Governance Policy

Information Governance Policy

Senate. SEN15-P17 11 March Paper Title: Enhancing Information Governance at Loughborough University

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

Version Number Date Issued Review Date V1 25/01/ /01/ /01/2014. NHS North of Tyne Information Governance Manager Consultation

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE

INFORMATION GOVERNANCE POLICY

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

INFORMATION GOVERNANCE POLICY & FRAMEWORK

Information Governance Strategy

Information Governance Strategy

INFORMATION GOVERNANCE POLICY

NHS Commissioning Board: Information governance policy

Information Governance Framework and Strategy. November 2014

Information Governance Strategy :

INFORMATION RISK MANAGEMENT POLICY

Information Governance Policy

Information Governance Policy

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16

Information Governance Strategy & Policy

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

INFORMATION GOVERNANCE POLICY

Information Governance Policy

RECORDS MANAGEMENT POLICY

NHS Business Services Authority Information Security Policy

INFORMATION GOVERNANCE POLICY

Information security policy

Policies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.

Information Governance Strategy

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September Information Governance Manager

Information Governance Management Framework

INFORMATION SECURITY POLICY

Information Governance Strategy Includes Information risk & incident management methodology

NHS Lanarkshire Information Governance Committee

How To Ensure Information Security In Nhs.Org.Uk

INFORMATION GOVERNANCE HANDBOOK

How To Ensure Network Security

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents

Information Governance Management Framework

Information Security and Governance Policy

CCG: IG06: Records Management Policy and Strategy

Information Governance Lead

Highland Council Information Security Policy

Information Governance Strategy Includes Information risk & incident management methodology

Transcription:

BEXLEY CARE TRUST MANAGEMENT MANUAL Title: INFORMATION GOVERNANCE POLICY Originating Department: IT DEPARTMENT Authorised by: Risk Management Committee June 2008 Reference no: CA12 Date of Issue: JANUARY 2007 Reviewed on: JUNE 2008 BEXLEY CARE TRUST Information Governance Policy Version 3 Legal Acts Data Protection Act 1998 Human Rights Act 1998 Freedom of Information Act 2000 Access to Health Records Act 1990 (where not superseded by the Data Protection Act 1998) Computer Misuse Act Copyright, designs and patents Act 1988 (as amended by the copyright computer programmes regulations 1992) Crime and Disorder Act 1998 Electronic Communications Act 2000 Regulations of Investigatory Powers Act 2000 (RIPA) Mental Capacity Act 2005 Supporting Documents Information Security Management: NHS Code of Practice April 2007 UK Strategy for Information Assurance: Protecting our information systems CSIA Cabinet Office 2004 Lord Chancellor s code of practice on the management of records under section 46 of the Freedom of information act 2000 - November 2002 Page 1 of 10 Last Updated: 01/06/08

VERSION CONTROL Document Location Bexley Care Trust Intranet See Under Policies and Procedures Change History Version Owner Changed By Change Summary Date Ratified 2 Information David Irwin Changes to policy in line Governance Information Governance Group Toolkit and revised IG domains 3 David Williams Jo Silcock Changes in line with (COO) Information Governance Toolkit Risk Management Cttee 30.1.07 Risk Management Committee Responsibility for distribution of this document David Williams - COO Page 2 of 10 Last Updated: 01/06/08

Contents 1 Introduction...4 2 Scope...4 3 Principles...5 3.1 Openness, Transparency & Traceability...5 3.2 Legal Compliance...6 3.3 Information Security...6 3.4 Information Quality Assurance...6 4 Responsibilities...7 5 Training / Awareness...7 6 Monitoring / Audit...7 7 Information Governance Management...7 8 Policy Review...8 Page 3 of 10 Last Updated: 01/06/08

Bexley Care Trust INFORMATION GOVERNANCE POLICY Information Governance is the framework by which the NHS safeguards information about patients and employees in particular, personal and sensitive information. It allows individuals and NHS and partner organisations to ensure that personal information is dealt with legally, securely, efficiently and effectively in order to deliver the best possible care. 1 1 Introduction The Care Trust recognises the importance of reliable information, both in terms of the clinical management of individual patients and the efficient management of services and resources. Information governance plays a key part in supporting clinical governance, service planning and performance management. It is therefore of paramount importance to ensure that information is efficiently managed, and that appropriate policies, procedures and management accountability and structures provide a robust governance framework for information management. This policy gives assurance to the Care Trust Board and to individuals that personal information is dealt with legally, securely, efficiently and effectively, in order to deliver the best possible care. The Care Trust will establish and maintain policies and procedures to ensure compliance with requirements contained in the National Health Service Connecting for Health Information Governance Toolkit. 2 Scope This policy covers all aspects of information within the organisation, including (but not limited to): Patient/Client/Service User information Personnel information Organisational information This policy covers all aspects of handling information, including (but not limited to): Structured record systems - paper and electronic Transmission of information fax, e-mail, post and telephone This policy covers all information systems purchased, developed and managed by/or on behalf of, the organisation and any individual directly employed or otherwise by the organisation. 1 Connecting for Health Page 4 of 10 Last Updated: 01/06/08

3 Principles The Care Trust recognises the need for an appropriate balance between openness and confidentiality in the management and use of information. The Care Trust fully supports the principles of corporate governance and recognises its public accountability, but also recognises the importance for confidentiality of, and the security arrangements to safeguard, both personal information about patients and staff and commercially sensitive information. The Care Trust also recognises the need to share patient information with other health organisations and other agencies in a controlled manner consistent with the interests of the patient and, in some circumstances, the public interest. The Care Trust believes that accurate, timely and relevant information is essential to deliver the highest quality health care. As such it is the responsibility of all clinicians and managers to ensure and promote the quality of information and to actively use information in decision making processes. There are 4 key interlinked strands to the information governance policy: Openness, Transparency & Traceability Legal Compliance Information Security Quality Assurance 3.1 Openness, Transparency & Traceability The Care Trust recognises the need for an appropriate balance between openness and confidentiality in the management and use of information. Information will be defined and where appropriate kept confidential, underpinning the principles of Caldicott and the regulations outlined in the Data Protection Act. Non-confidential information on The Care Trust and its services will be available to the public through a variety of media, in compliance with the Freedom of Information Act. Patients will have access to information relating to their own health care, options for treatment and their rights as patients. The Care Trust will have clear procedures and arrangements for liaison with the press and broadcasting media. The Care Trust will have clear procedures and arrangements for handling queries from patients and the public. Integrity of information will be developed, monitored and maintained to ensure that it is appropriate for the purposes intended. Availability of information for operational purposes will be maintained within set parameters relating to its importance via appropriate procedures and computer system resilience. Page 5 of 10 Last Updated: 01/06/08

3.2 Legal Compliance The Care Trust regards all identifiable personal information relating to patients as confidential. The Care Trust regards all identifiable personal information relating to staff as confidential except where national policy on accountability and openness requires otherwise. The Care Trust will undertake or commission annual assessments and audits of its compliance with legal requirements. The Care Trust will establish and maintain policies to ensure compliance with the Data Protection Act, Human Rights Act and the common law confidentiality. The Care Trust will establish and maintain policies for the controlled and appropriate sharing of patient information with other agencies, taking account of relevant legislation (e.g. Health and Social Care Act, Crime and Disorder Act, Protection of Children Act). 3.3 Information Security The Care Trust will establish and maintain policies for the effective and secure management of its information assets and resources. The Care Trust will undertake or commission annual assessments and audits of its information and IT security arrangements. The Care Trust will promote effective confidentiality and security practice to its staff through policies, procedures and training. The Care Trust will establish and maintain incident reporting procedures and will monitor and investigate all reported instances of actual or potential breaches of confidentiality and security. 3.4 Information Quality Assurance The Care Trust will establish and maintain policies and procedures for information quality assurance and the effective management of records. The Care Trust will undertake or commission annual assessments and audits of its information quality and records management arrangements. Managers are expected to take ownership of, and seek to improve, the quality of information within their services. Wherever possible, information quality should be assured at the point of collection. Data standards will be set through clear and consistent definition of data items, in accordance with national standards. The Care Trust will promote information quality and effective records management through policies, procedures/user manuals and training. Page 6 of 10 Last Updated: 01/06/08

4 Responsibilities Care Trust Board - It is the role of the Care Trust Board to define the Care Trust s policy in respect of Information Governance, taking into account legal and NHS requirements. The Board is also responsible for ensuring that sufficient resources are provided to support the requirements of the policy. Information Governance Steering Group - The Information Governance Steering Group is responsible for overseeing day to day Information Governance issues; developing and maintaining policies, standards, procedures and guidance, coordinating Information Governance in the Care Trust and raising awareness of Information Governance. Managers - Managers within the Care Trust are responsible for ensuring that the policy and its supporting standards and guidelines are built into local processes and that there is ongoing compliance. Staff - All staff, whether permanent, temporary or contracted, and contractors are responsible for ensuring that they are aware of the requirements incumbent upon them and for ensuring that they comply with these on a day to day basis. 5 Training / Awareness Information Governance will be a part of induction training. All new staff will receive awareness training and information on Information Governance, which will include Caldicott and confidentiality, data protection, information security and Freedom of Information. Information Governance training including awareness and understanding of Caldicott principles and confidentiality, information security and data protection will be mandatory training for all staff. The frequency of information governance training will be appraisal based. 6 Monitoring / Audit The Care Trust will monitor this policy and its related strategies, policies and guidance through the Information Governance Toolkit and the annual Statement of Compliance. Internal & External Audit will consider the inclusion of the review of this policy and associated procedures within their annual programmes. The Care Trust will use this monitoring arrangement to supply evidence of compliance with the core Standards for Better Health (Standards C9 & C7b) and progress towards the Information Governance development standard. (D6). 7 Information Governance Management Information Governance management across the Care Trust will be coordinated by the Information Governance Steering Group. The structure and Terms of Reference is included as Appendix 1. The responsibilities of the Information Governance Steering Group will include, but not limited to: Page 7 of 10 Last Updated: 01/06/08

Provide the leadership and management of Information Governance across the Care Trust. Development & recommendation for approval by the Risk Management Committee related policies 2 and procedures. Preparation and recommendation for approval by the Risk Management Committee the annual IG Toolkit Statement of Compliance. Develop and implement an annual Information Governance workplan. Identify new Information Governance risks and resolve any gaps in their control or assurance. The Information Governance Steering Group will construct its leadership, workplan and monitoring using the domains set out in the IG Tool kit. These are: Information Governance Management Confidentiality and Data Protection Assurance Information Security Assurance Clinical Information Assurance Secondary User Assurance Corporate Information Assurance 8 Policy Review This policy will be reviewed on an annual basis to take into account any changes to legislation that may occur and/or guidance from the Department of Health. 2 Appendix 2 Page 8 of 10 Last Updated: 01/06/08

Appendix One Information Governace Steering Group Terms of Reference Page 9 of 10 Last Updated: 01/06/08

Appendix Two Information Governance Related Policies & Procedures Information Management Governance Confidentiality and Data Protection Assurance Business Continuity Plans ICT Data Quality Policy Email & Internet Policy IG in External Contracts IG included in staff contracts & reviewed. IG Staff Induction & Training Information Governance Policy Information Security Policy Records Management Policy (inc Information Lifecycle Policy) Registering Authority Procedure Information Sharing Policy Caldicott Guardian Data Protection Policy Safe Haven Policy Encryption Policy Information Assurance Security Clinical Information Assurance Secondary User Assurance Data Quality Policy Corporate Information Assurance ICT Security Policy USB Memory Policy Documented Legitimate Workgroups Information Asset Register Transportation of Clinical Records Guidance Mobile Devices Policy Use of NHS Number Clinical Records Policy & Audit Corporate Document Control System FOI Policy Records Management Policy (Corporate Records) Page 10 of 10 Last Updated: 01/06/08

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information