OPERATIONAL DIRECTIVE. Data Stewardship and Custodianship Policy. Superseded By:

Similar documents
Information Circular

Data Governance Policy. Version October 2015

RECORDS MANAGEMENT POLICY

Council Policy. Records & Information Management

1. BACKGROUND Accuracy Timeliness Comparability Usability Relevance

NSW Data & Information Custodianship Policy. June 2013 v1.0

DFS C Open Data Policy

Information Management Responsibilities and Accountability GUIDANCE September 2013 Version 1

SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION)

Rowan University Data Governance Policy

Data Governance. Policy FINAL (Approved)

Part A OVERVIEW Introduction Applicability Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...

INFORMATION GOVERNANCE POLICY

NSW Government Open Data Policy. September 2013 V1.0. Contact

Data Protection Policy

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN better health cover shouldn t hurt

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents

Information and records management. Purpose. Scope. Policy

INFORMATION SECURITY MANAGEMENT POLICY

Guideline for Roles & Responsibilities in Information Asset Management

Information Governance Strategy & Policy

SCHEDULE "C" ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

Guidelines for Best Practices in Data Management Roles and Responsibilities

Data Governance in-brief

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

APES 310 Dealing with Client Monies

Information Security Policy

Security Awareness and Training

University of Liverpool

How To Ensure Information Security In Nhs.Org.Uk

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013

Information Governance Policy

Daltrak Building Services Pty Ltd ABN: Privacy Policy Manual

Information Integrity & Data Management

FACS Community Complaints Guidelines for Ageing and Disability Direct Services

University of Hawai i Executive Policy on Data Governance (Draft 2/1/12)

APES 310 Dealing with Client Monies

Information Governance Framework. June 2015

august09 tpp Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper

Corporate Policy and Strategy Committee

Data Governance Policy. Staff Only Students Only Staff and Students. Vice-Chancellor

Information Governance Policy

Data Protection Breach Management Policy

Corporate Information Security Policy

Information Management and Security Policy

PROFESSIONAL INDEMNITY CLAIM FORM

How To Protect Decd Information From Harm

Information Governance Policy

STRATEGIC PLAN

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT

NSW Government Digital Information Security Policy

Asset Management Policy

INFORMATION MANAGEMENT STRATEGIC FRAMEWORK GENERAL NAT OVERVIEW

Data Management Standard

ASPEN AUSTRALIA BRANCH PRIVACY POLICY

Records Management - Department of Health

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:

Records Disposal Schedule Anti-Discrimination Services Northern Territory Anti-Discrimination Commission

Third Party Security Requirements Policy

3D Online Education Initiative

OFFICIAL. NCC Records Management and Disposal Policy

Information Governance Policy

Guidelines: Medical Practitioner Recruitment Selection, Appointment, Credentialling, Reappointment and Recredentialling Processes within WA Health

Information Security and Governance Policy

MOBILE TELEPHONES POLICY & GUIDELINES

Australian Research Council. Client Service Charter

Office of the Auditor General Western Australia. Audit Practice Statement

CORK INSTITUTE OF TECHNOLOGY

NSW Government Digital Information Security Policy

Information Governance Framework

INITIAL APPROVAL DATE INITIAL EFFECTIVE DATE

Standards, quality processes and accountability

University of New England Compliance Management Framework and Procedures

DATA PROTECTION POLICY

HERTSMERE BOROUGH COUNCIL

Research Data Management Procedures

DEPARTMENT OF TAXATION AND FINANCE SECURITY OVER PERSONAL INFORMATION. Report 2007-S-77 OFFICE OF THE NEW YORK STATE COMPTROLLER

Information Security Guideline for NSW Government Part 1 Information Security Risk Management

Merthyr Tydfil County Borough Council. Data Protection Policy

Information Management Advice 39 Developing an Information Asset Register

Technical Competency Framework for Information Management (IM)

Policy Statement on. Associations. Eligibility to apply for a Scheme under Professional Standards Legislation May 2014

Client complaint management policy

Information Management Advice 50 Developing a Records Management policy

Corporate Information Security Management Policy

Transcription:

OPERATIONAL DIRECTIVE Enquiries to: Ruth Alberts OD number: OD0321/11 Performance Directorate Phone number: 9222 4218 Date: February 2011 Supersedes: OD 0107/08 File No: F-AA-00673 Subject: Data Stewardship and Custodianship Policy In the course of its operations, WA Health collects, stores, uses and discloses a large volume of data. The data is an important resource used for the clinical care of patients, for funding, management, planning, monitoring, improvement, research and evaluation of health and health services in the state. The State of WA is the owner of all data collected by and within WA Health. The responsibility for its security, management and (legitimate) disclosure are delegated to the Director General of the Department of Health (DG). Through the various instruments of delegation, the DG delegates a number of these responsibilities to senior officers to administer and/or manage. Data Stewards have delegated responsibility for setting the overall strategic direction of data collections to ensure the collection is developed, maintained and utilised in accordance with the strategic goals of WA Health. Data Stewards are also responsible for authorising the access, use and disclosure of data from data collections for clearly defined purposes that comply with WA Health s statutory obligations. Data Custodians have delegated responsibility for the ongoing development, data collection maintenance and review of data collections. They are responsible for the quality of the data, its security, timeliness and adherence to standards. Data Custodians are nominated and endorsed by the Data Stewards. This policy documents the appointment of Data Stewards and Data Custodians and their associated roles and responsibilities. Kim Snowball DIRECTOR GENERAL DEPARTMENT OF HEALTH WA This information is available in alternative formats upon a request from a person with a disability. 1

Data Stewardship and Custodianship Policy Data Custodian Policy 1. BACKGROUND In the course of its operations, WA Health collects, stores, uses and discloses a large volume of data. The data is an important resource used for the clinical care of patients, for funding, management, planning, monitoring, improvement, research and evaluation of health and health services in the state, including accountability to the Minister for Health and Parliament. The State of Western Australia (WA) is the owner of all data collected by and within WA Health irrespective of the method of storage or size of the collection. The data is a valuable corporate asset that is managed to support the business of WA Health for the benefit of all Western Australians. WA Health data also includes highly sensitive business and personal information which needs to managed to ensure that confidentiality and privacy are maintained in compliance with the common law and all applicable legislation. 2. SCOPE This policy applies to all data collections, including those provided for by statute, held by or within WA Health. It includes collections of patient, corporate, financial and workforce information. The scope of this policy includes both paper-based and electronic data. For the purpose of this policy, a data collection includes both operational data collections and data repositories. 3. PURPOSE The purpose of the Data Stewardship and Custodianship Policy is to ensure that data is collected for a legitimate purpose, managed appropriately and only disclosed for an approved purpose. This is achieved through the allocation of accountability and responsibility for all data collections in WA Health by documenting how Data Stewards and Custodians are appointed and their roles and responsibilities. 4. POLICY A Data Steward and Custodian will be formally assigned to all data collections, regardless of size, where one or more of the following conditions are met: The data collection is used to meet business, operational or legislative requirements; The State of WA has a strategic need for the data; The data collection contains personal information; The data collection is used for reporting at a state level, national level or external to the health service where the data collection resides; or The data collection is used across multiple health services. Page 1 of 10

5. DELEGATED AUTHORITIES The State of WA is the legal owner of all data collected by and within WA Health. The responsibility for its security, management and (legitimate) disclosure are delegated to the Chief Executive Officer of the various government agencies. Within WA Health, the Director General of the Department of Health (DG) is the delegated owner of all data and information collected, stored, used and disclosed within the various entities. Through the various instruments of delegation, the DG delegates a number of these responsibilities to senior officers to administer and/or manage. Data Stewards have delegated responsibility for setting the overall strategic direction of the specific data collection to ensure the collection is developed, maintained and utilised in accordance with the strategic goals of WA Health. Data Stewards are also responsible for authorising the access, use and disclosure of data from the data collection for clearly defined purposes that comply with WA Health s statutory obligations. Data Custodians have delegated responsibility for the ongoing development, data collection, maintenance and review of the collection. Data Custodians are responsible for the quality of the data, its security, timeliness and adherence to standards. Data Custodians must be nominated and endorsed by the Data Stewards. The data collections within WA Health are stored in enterprise systems and local systems. 5.1 Enterprise Systems Enterprise systems are large-scale, integrated information systems which support processes, information flows, reporting and data analytics across WA Health. Typically enterprise systems are classed as tier 1 applications requiring 24 hour, 7 day per week availability and technical support. Enterprise systems for WA Health include EDIS, TOPAS, HCARe, icm, Psolis, TMS, AIMS/Clinical Incident Management System, Stork, ipharmacy, icm, Oracle Financials, Alesco and Objective. The Executive Director, Performance Activity and Quality Division (PAQ), is the Data Steward for enterprise systems. 5.2 Local Systems Local systems are small to medium scale information systems which support processes, information flows, reporting and data analytics within a local area. Typically local systems are classed as tier 2 and 3 applications requiring availability and technical support during business hours only. Data collections/information systems used within individual areas such as the Hospital Morbidity Data Collection, Finance Data Warehouse and Vehicle Booking Systems are considered to be local systems under this policy. Page 2 of 10

The Data Stewards for local systems are: Chief Executives (Tier 1b) for Metropolitan Area Health Services (AHS) Chief Executive (Tier 1b) for the WA Country Health Service (WACHS) Executive Directors (Tier 2) for the Department of Health (DOH) The diagram below illustrates the delegations of authority. Ownership State of WA Responsibilities Delegated Director General Data Steward Enterprise Systems: Executive Director PAQ Local Systems: Tier 2 (DOH) Tier 1b (AHS) Tier 1b (WACHS) Data Custodian Nominated and Approved by Data Steward 6. ROLES AND RESPONSIBILITIES OF DATA STEWARDS Data Stewards are responsible for: Setting the strategic direction for the data collection; Ensuring that information and communications technology (ICT) and information management investment for the data collection is aligned to the strategic goals of WA Health; Ensuring that projects and initiatives are aligned and coordinated to deliver the best value; Ensuring the use, disclosure and access to data meets legislative responsibilities and other arrangements entered into by the State; Developing a role based Access Control model which specifies the types of users that can access the data collection and the level of access permitted; Developing an Information Disclosure model which specifies the level of approval required prior to releasing information from the data collection based on the granularity and sensitivity of the information requested; and Nominating a Data Custodian for the day-to-day management, operation and support of each data collection. Page 3 of 10

7. ASSIGNMENT OF DATA CUSTODIANS Data Custodians are responsible for the day-to-day management of data from a business perspective. The Data Custodian aims to improve the accuracy, usability and accessibility of data with the data collection. For enterprise systems, Data Custodians must be nominated and endorsed by the Data Steward. For local systems, Data Custodians must be nominated and endorsed by the Data Steward following recommendation from the relevant Executive Team(s) within AHS, WACHS and DOH. Data Custodians are accountable to the nominated Data Steward for the data collection. The nominated Data Custodian for the data collection must complete the proforma in Attachment A, providing a summary of the data collection. The completed proforma must be endorsed by the Data Steward and submitted to the Information Development and Management (IDM) branch within the PAQ Division. IDM will submit relevant details on behalf of the Data Steward to the SHEF Performance Reporting and Governance Sub Committee for noting. 7.1 New Data Collections Prior to establishing a new data collection, a Data Custodian must be appointed for the data collection. All proposals for new data collections must designate a Data Custodian in accordance with this policy. 7.2 Existing Data Collections Data Stewards are responsible for coordinating the assignment of Data Custodians to existing data collections. This includes: Identifying data collections within the scope of this policy; Identifying the appropriate Data Custodian for each data collection by applying the criteria for selection specified in this policy in consultation with stakeholders; and Notifying the Data Custodian of their responsibilities. 7.3 Criteria for selecting Data Custodians The criteria for selecting the appropriate Data Custodian include: Competence, skills and authority to discharge the custodianship responsibilities; Understanding of the relevant legislation and policies; and Understanding of business needs of all users. Custodianship responsibilities for data collections may be allocated to an office or position but not to a named person. Page 4 of 10

7.4 Assignment of Custodianship Where powers and responsibilities for collection of data are assigned by statute they will be held and exercised in accordance with the relevant legislation and may only be delegated in accordance with the relevant legislation. Where custodianship responsibilities for data collections are not assigned by statute then the Data Steward must endorse the assignment of custodianship of the data collection. The assignment of custodianship will be in writing specifying details of the relevant data collection and the responsibilities allocated. Attachment A provides a template which needs to be completed. A list of officers assigned custodianship responsibilities will be published on the web to provide potential users of the data with a point of contact to discuss their requirements. 8. ROLES AND RESPONSIBILITIES OF DATA CUSTODIANS Data Custodians are responsible for the day-to-day management of data on behalf of the State of WA. This encompasses a range of responsibilities. Data Custodian s responsibilities include, but are not limited to, the following: (a) Data Collection Planning The responsibilities include ensuring that the design of the information system in which the data is stored, the implementation of changes to existing systems and the development of new systems, meets business needs. This includes: Identifying the information requirements including identifying and consulting with key stakeholders and users of the information system; Identifying the data items needed to meet the requirements; Identifying existing or overlapping sources of information; Identifying relevant standards, policies and guidelines; Identifying requirements to meet legislative responsibilities and other arrangements entered into by the State; Adhering to organisational metadata standards; Adhering to organisational data quality standards; Adhering to organisational data security standards; and Developing and maintaining system metadata. (b) Data Collection Management and Production Responsibilities include the day-to-day management and production of the data. This includes: Establishing data collection procedures; Ensuring data meets data quality standards; Ensuring data security; Ensuring data is not misused; Ensuring data is not misrepresented; Page 5 of 10

Establishing procedures to permit and review access to information as required by relevant legislation and in accordance with the requirements of the Data Steward; Ensuring data continues to meet business requirements; Ensuring access to and disclosure of data is in accordance with the Access Control model and Information Disclosure model as specified by the Data Steward; Extracting data for authorised uses; Providing data to authorised recipients; and Ensuring the retention, storage and disposal of data is in accordance with relevant legislation and organisational policies. Data Custodians may assign day-to-day tasks associated with their responsibilities to directly supervised staff. 9. RESPONSIBILITIES OF USERS All those who contribute to or use data collections within WA Health have responsibilities to other users, Data Stewards, Data Custodians, the DG and the State of WA. These responsibilities include: Maintaining agreed standards when collecting and submitting information to data collections; Using the data in an appropriate manner consistent with accompanying metadata; Citing the source and currency of information they use; Advising Data Custodians of any changes to their information requirements; Advising the Data Custodian of any errors or omissions in the data sets or information products they receive; and Maintaining confidentiality and security of the information in accordance with conditions of use and relevant legislation. Users who breach confidentiality and security may be subject to disciplinary action and other remedies available through legislative provision such as the Public Service Regulations and the Criminal Code. Unauthorised access, use and disclosure of confidential information is misconduct pursuant to the WA Health Code of Conduct and suspected cases may be reported to the Corruption and Crime Commission (refer to Information Security Policy). 10. DEFINITIONS A Data Collection is a systematic gathering of data for a particular purpose from various sources, including manual entry into an application system, questionnaires, interviews, observation, existing records and electronic devices. This includes both operational data collections and data repositories. A Data Repository includes data that is collected from various sources, including operational data collections for the primary purpose of monitoring, evaluation, reporting and research. Examples of data repositories include data held within the Hospital Morbidity Data Collection, Finance Data Warehouse and the Emergency Department Data Collection (EDDC). Page 6 of 10

An Operational Data Collection includes data that is collected as part of the day-today activities of an area for the primary purpose of tracking and managing the operational aspects of the area. The operational data collection is typically a transaction-based system which contains detailed data elements to represent the activities of the area. Examples of operational data collections include data held within Patient Administration Systems, TRIM, Financial Systems and Human Resource Management Systems. Personal information means information about an individual whose identity is apparent or can reasonably be ascertained. It includes both information of a sensitive nature (e.g. name, address, age, salary) and health information (e.g. diagnosis, treatment). WA Health incorporates the legal entities of the Metropolitan Health Service, WA Country Health Service, Department of Health and the administrative entities of North Metropolitan Area Health Service and South Metropolitan Area Health Service. 11. RELEVANT POLICIES Database Administration Standard Data Management Policy Information Security Policy Information Classification Policy Acceptable Use Standard Computing and communications facilities 12. RELEVANT LEGISLATION Hospitals and Health Services Act 1927 Health Legislation Administration Act 1984 Health Act 1911 Human Reproductive Technology Act 1991 Freedom of Information Act 1992 State Records Act 2000 WA Mental Health Act 1996 Financial Management Act 2006 Public Sector Management Act 1994 13. SUPPORTING DOCUMENT NSW Health. 2005. Process for Approval of New or Modified Data Collections. NSW: NSW Health. http://www.health.nsw.gov.au/policies/pd/2005/pd2005_155.html (accessed on 17 January 2010) Page 7 of 10

Assignment of Data Custodian Please complete the questions below: Q1. Name of Data Collection Q2. Brief description and purpose of Data Collection Q3. The Data Collection is classified as: An Enterprise System A Local System Q4. Data Custodian (Include Name and Role or Position - names only are not acceptable) Name: Position/ Role: Q5. Do the data items that are being collected exist in another data collection? Yes If yes, specify the collection and the reasons it is not utilised No Health Data Collections Templates

Assignment of Data Custodian Q6. Impact of data collection on WA Health (e.g. supports reform initiatives; supports mandatory National requirements; required by legislation) Q7. Issues associated with data collection and how they will be resolved Q8. Estimated cost to establish and maintain data collection (if known) Health Data Collections Templates

Data Steward and Custodian Sign-Off Data Custodian Sign Off Name and Position or Role: HE Number/Signature: Date: Contact Details: Data Steward Sign Off Name and Position HE Number/Signature: Date: Contact Details: Name: Position/ Role Phone: Email: Name: Position: Phone: Email: Please submit completed template to the Senior Policy Officer (Ruth Alberts) (ruth.alberts@health.wa.gov.au) within the Performance Activity and Quality Division. Ruth Alberts can be contacted on (08) 9222 4218 if you require any assistance in completing the attached template. Health Data Collections Templates

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information