INFORMATION GOVERNANCE POLICY



Similar documents
Information Governance Policy

Information Governance Policy

Information Governance Policy

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

Information Governance Policy

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY

Information Governance Policy

Data Protection Policy

How To Ensure Information Security In Nhs.Org.Uk

INFORMATION GOVERNANCE STRATEGY

Policy Document Control Page

NHS Commissioning Board: Information governance policy

Information Governance Policy

Information Governance Strategy. Version No 2.0

Information Governance Policy

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs

Version Number Date Issued Review Date V1 25/01/ /01/ /01/2014. NHS North of Tyne Information Governance Manager Consultation

Information Governance Policy

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

INFORMATION GOVERNANCE POLICY

Information Governance Policy

Information Governance Strategy :

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

Information Governance Framework and Strategy. November 2014

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16

How To Ensure Network Security

CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY. December 2014

Information Governance Strategy

Information Governance Strategy

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

Information Governance Strategy. Version No 2.1

INFORMATION GOVERNANCE POLICY & FRAMEWORK

Information Governance Strategy

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE

NETWORK SECURITY POLICY

Information Management Policy CCG Policy Reference: IG 2 v4.1

NHS Business Services Authority Information Governance Policy

Information Governance Strategy & Policy

Information Governance Management Framework

NHS Waltham Forest Clinical Commissioning Group Information Governance Policy

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy

INFORMATION RISK MANAGEMENT POLICY

Policies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1

Information Governance Plan

INFORMATION GOVERNANCE

Business Continuity Policy

INFORMATION GOVERNANCE POLICY

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.

Information Sharing Policy

INFORMATION GOVERNANCE POLICY

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

CCG: IG06: Records Management Policy and Strategy

Business Continuity Policy

JOB DESCRIPTION. Information Governance Manager

INFORMATION GOVERNANCE POLICY

SUBJECT ACCESS REQUEST PROCEDURE

INFORMATION GOVERNANCE POLICY

INFORMATION SECURITY POLICY

Risk Management Policy and Process Guide

Information Governance Policy

INFORMATION GOVERNANCE STRATEGY NO.CG02

Subject Access Request (SAR) Procedure

Information Governance Training Plan v13

RISK MANAGEMENT STRATEGY

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September Information Governance Manager

USE OF PERSONAL MOBILE DEVICES POLICY

Lancashire County Council Information Governance Framework

Information Governance Policy

CORE SKILLS FRAMEWORK INFORMATION GOVERNANCE LESSON NOTES AND TIPS FOR A SUGGESTED APPROACH

Transcription:

INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14

Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy and High Level Procedures Information Governance Policy Linda Pickup, Information Governance Manager S&LCSU Publication Date 28.01.14 Review Date 28.01.16 Target Audience Description Cross Reference Superseded Document Action Required All working for or on behalf of Blackpool Clinical Commissioning Group Policy and high level procedures for Information Governance Information Governance Handbook n/a To Note Approval Route Recommended - Finance and Performance Committee 28 January 2014 Approved CCG Governing Body 4 March 2014 Contact Details (for further information) Lancashire Information Governance Team information.governance@lancashirecsu.nhs.uk 01254 282999 Document Status This is a controlled document. Whilst this document may be printed, the electronic version posted on the intranet is the controlled copy. Any printed copies of this document are not controlled. As a controlled document, this document should not be saved onto local or network drives but should always be accessed from the intranet. Information Governance Policy_v2.0_060913_LP Page 2 of 14

Contents Contents... 3 1 Introduction... 4 2 Principles... 4 3 Scope... 5 3.1 Officers Within the Scope of this Document... 5 3.2 Information covered by this Document... 5 4 Roles & Responsibilities... 5 4.1 Executive Team 5 5 Information Governance Management Framework... 8 6 Information Governance Strategy... 9 7 Training/Distribution... 12 8 Monitoring... 13 8.1 Compliance... 13 8.2 Equality Impact Assessment... 13 9 Associated Documentation... 13 10 References... 13 Information Governance Policy_v2.0_060913_LP Page 3 of 14

1 Introduction 1.1.1 The purpose of this document is to provide guidance on Information Governance to all Clinical Commissioning Group (CCG) Staff. 1.1.2 The CCG will establish and maintain this policy and associated procedures to ensure compliance with the requirements of the Information Governance Toolkit and to provide assurance to CCG staff, partners and the public that information is dealt with legally, securely, efficiently and effectively to deliver the best service possible. 1.1.3 The CCG recognises the need for an appropriate balance between openness and confidentiality in the management and use of information and fully supports the principles of corporate governance recognising its public accountability. It equally places importance on the confidentiality of, and the security arrangements to safeguard, both personal information about patients and staff and commercially sensitive information. 1.2 The CCG also recognises the need to share patient information with other health organisations and other agencies in a controlled manner consistent with the interests of the patient and, in some circumstances, the public interest. 1.3 The CCG believes that accurate, timely and relevant information is essential to deliver the highest quality health care. As such it is the responsibility of all CCG employees to ensure and promote the quality of information and to actively use information in decision making processes. 2 Principles 2.1 This policy follows the HORUS model as proposed by the Department of Health to ensure compliance with legislation including the Data Protection Act, these principles are that information is: Held safely and confidentially Obtained fairly and lawfully Recorded accurately and reliably Used effectively and ethically Information Governance Policy_V1.0_050913_LP Page 4 of 14

Shared and disclosed appropriately and lawfully 3 Scope 3.1 Officers Within the Scope of this Document 3.1.1 This policy applies to members of staff employed by or working on behalf of the CCG including contracted, non-contracted, temporary, honorary, secondments, bank, agency, students, volunteers, locums or third parties. 3.2 Information covered by this Document 3.2.1 This policy covers all aspects of handling information including but not restricted to; Structured record systems paper and electronic Transmission of information fax, email, other forms of electronic transmission such as FTP, post and telephone 3.2.2 This policy covers all information systems purchased, developed and managed by or on behalf of the CCG, and any individual directly employed or otherwise by the CCG. 4 Roles & Responsibilities 4.1 Governing Body It is the role of the Governing Body to define the CCG policy in respect of Information Governance, taking into account legal and NHS requirements. The Governing Body is also responsible for ensuring that sufficient resources are provided to support the requirements of the policy. The Governing Body whilst retaining their legal responsibilities have delegated IG compliance to the Finance and Performance Committee. 4.2 Responsibilities will be given to: 4.2.1 The Caldicott Guardian is the Chief Nurse who will: Be responsible for ensuring that the CCG satisfies the highest practical standards for handling patient information Information Governance Policy_V1.0_050913_LP Page 5 of 14

Ensuring confidentiality reflected in CCG policies and procedures to support lawful and ethical processing of information Act as the conscience for the CCG, champion Information Governance requirements at Senior Management Team level Ensure that all staff comply with the Caldicott Principles and the guidance contained in the NHS Confidentiality Code of Practice Facilitate and enable information sharing agreements and oversee arrangements put into place to share personal confidential data with external bodies 4.2.2 The Senior Information Risk Owner (SIRO) is the Chief Finance Officer who will: Be a member of the Governing Body Take ownership of the Information Risk Assessment process The SIRO will act as an advocate and champion for information risk to the Governing Body; Provide written advice to the Chief Operating Officer on the content of the annual Statement of Internal Control (SIC) in regard to information risk. Understand how the strategic business goals of the CCG will be impacted by information risks and how to manage those risks Ensure that identified information security threats are followed up and incidents managed. Provide reports to the Governing Body on the effectiveness of Information Risk Management The role will be supported by the Staffordshire and Lancashire Commissioning Support Unit Information Governance Team, the Caldicott Guardian and a network of Information Asset Owners and Information Asset Administrators Information Governance Policy_V1.0_050913_LP Page 6 of 14

4.2.3 Information Asset Owners will: Lead and foster a culture that values, protects and uses information for the benefit and success of the CCG and its customers Ensure that information risk assessments are performed on all information assets where they have been assigned ownership Submit the risk assessment results and associated plans to the SIRO for review Ensure mitigation plans include specific actions with expected completion dates, as well as an account of residual risks. 4.2.4 The Finance and Performance Committee will: Be accountable to the CCG Governing Body Monitor Information Governance performance annually using the Information Governance Toolkit hosted by the Health and Social Care Information Centre (HSCIC) Provide audited IG Toolkit results to the relevant CCG Group for approval prior to final submission to HSCIC Be responsible for overseeing day to day Information Governance issues, developing and maintaining policies, standards, procedures and guidance, coordinating and raising awareness of Information Governance in the CCG Co-ordinate and monitor the implementation of the Information Governance Framework and Strategy across the CCG Produce and maintain the Terms of Reference 4.2.5 All Managers will: Be responsible for ensuring that the Information Governance Policy and the Information Governance Handbook is implemented within their section/department or directorate. Ensuring that the policy and its supporting standards and guidelines are built into local processes and that there is on-going compliance on a day-to-day basis. Information Governance Policy_V1.0_050913_LP Page 7 of 14

Ensure any breaches or suspected breaches of confidentiality or information security are referred to the Information Governance Team for immediate investigation. Ensure staff complete their Information Governance annual mandatory training 4.2.6 All Staff will: Be responsible for ensuring that they are aware of their obligations for Information Governance and for ensuring that they comply with these on a day to day basis Adhere to this policy and the procedures set out in the Information Governance Handbook Undertake mandatory Information Governance Training relevant to their post using the Information Governance Training Tool or other method as agreed by the Information Governance Managers. Receive instruction and direction regarding Information Governance for additional sources dependent upon their post within the CCG. This may take the form of additional training or communications such as team meetings, emails, news posted on the intranet. 5 Information Governance Management Framework 5.1 The Information Governance Framework for the CCG is set out in this policy. 5.1.1 Key governance bodies: Governing Body Finance and Performance Committee Information Governance Teams 5.1.2 Key roles: Caldicott Guardian Senior Information Risk Owner Information Asset Owners 5.1.3 Key policies and procedures: Information Governance Policy Information Governance Policy_V1.0_050913_LP Page 8 of 14

Information Governance Handbook covers procedures for: o Confidentiality and Data Protection o Code of Conduct (in respect of confidentiality) o IG Training o Information Sharing, Privacy Impact Assessments o Information Security/Safe Haven procedures o Information Risk Assessment and Management Programme o Records Management o Subject Access Requests o IG Incident Management o Mobile Media/Social Networking o Freedom of Information Management of Information Assets (MIA) Information Governance Terms of Reference 6 Information Governance Strategy 6.1 This policy forms part of the strategy for ensuring that the Information Governance Framework is implemented. In addition an annual Information Governance Work Plan will be produced linked to corporate objectives. 6.2 There are four key interlinked areas to Information Governance that ensure the HORUS model is followed: Openness and transparency Legal compliance Information security and Risk Quality assurance 6.2.1 Openness and Transparency Integrity of information will be developed, monitored and maintained to ensure that it is appropriate for the purposes intended. Information Governance Policy_V1.0_050913_LP Page 9 of 14

Availability of information for operational purposes will be maintained within set parameters relating to its importance via appropriate procedures and computer system resilience. The CCG will regard all identifiable information relating to patients as confidential. Compliance with legal and regulatory framework will be achieved, monitored and maintained through this policy and associated procedures. The CCG will regard all identifiable information relating to staff as confidential except where national policy on accountability and openness requires otherwise. The CCG will ensure that when person identifiable information is shared, the sharing complies with the law, guidance and best practice and both service users rights and the public interest are respected. Non-confidential information relating to the CCG and its services will be made available to the public through a variety of media, in line with the Freedom of Information Act and Environmental Information Regulations. The CCG will have clear procedures and arrangements for liaison with the press and broadcasting media. The CCG will establish and maintain policies and procedures to ensure compliance with the Data Protection Act, Human Rights Act, the common law duty of confidentiality and the Freedom of Information Act and Environmental Information Regulations. Patients/service users will have access to information relating to their own health care, options for treatment and their rights as patients. There will be clear procedures and arrangements for handling queries from patients and the public. 6.2.2 Legal Compliance The CCG will regard all personal confidential data relating to patients and staff as confidential and as such takes steps to ensure that the handling of such information complies with the Data Protection Act 1998 except where there is a legal requirement to override the Act. The CCG will undertake or commission annual assessments and audits of its compliance with legal requirements through the IG Toolkit. Information Governance Policy_V1.0_050913_LP Page 10 of 14

The CCG will establish and maintain procedures to ensure compliance with the Data Protection Act, Human Rights Act, Freedom of Information Act and common law of confidentiality. The CCG will establish and maintain procedures for the controlled and appropriate sharing of patient information with other agencies, taking account of relevant legislation (e.g. Health and Social Care Act, Crime and Disorder Act, Protection of Children Act). 6.2.3 Information Security and Risk The CCG will establish a Senior Information Risk Owner (SIRO) from the Governing Body who will take ownership of the organisation s Information Risk Procedures. The CCG will ensure that the role and responsibilities of the SIRO and the infrastructure to support the SIRO are kept under review The CCG will establish and maintain procedures for the effective and secure management of its information assets and resources. The CCG will undertake or commission annual assessments and audits of its information and IT security arrangements through the IG Toolkit framework. The CCG will promote effective confidentiality and security practice to its staff through procedures and training. The CCG will establish and maintain incident reporting procedures and will monitor and investigate all reported instances of actual or potential breaches of confidentiality and security. This will include reporting via the Information Governance Toolkit Reporting Tool from 2013. The CCG will establish and maintain Risk Management and reporting procedures and will have in place risk control and monitor all reported information risks. 6.2.4 Quality Assurance The CCG will establish and maintain procedures for information quality assurance and the effective management of records. Information Governance Policy_V1.0_050913_LP Page 11 of 14

The CCG will undertake or commission annual assessments and audits of its information quality and records management arrangements in line with IG toolkit requirements. The CCG will ensure that information is managed throughout its lifecycle of creation, retention, maintenance, use and disposal. The CCG will ensure that information is effectively managed so that it is accurate, up to date, secure, retrievable and available when required. Employees are expected to take ownership of, and seek to improve, the quality of information within their services. Information quality should be assured at the point of collection. The CCG will promote information quality and effective records management through procedures and training. 7 Training/Distribution 7.1 Information Governance training including awareness and understanding of Caldicott principles and confidentiality, information security, records management and data protection will be mandatory for all staff. Information governance will be included in induction training for all new staff. 7.2 The organisation will provide annual mandatory Information Governance training for all staff via the Connecting for Health IG Training Tool. Training needs analysis will be undertaken at induction and annually to ensure that training is relevant to a staffs post. 7.3 The Information Governance Policy, Handbook and other advice will be given to all new staff on induction and made available to all staff via the intranet. A global notice will be sent to all staff notifying them of the release of this document. 7.4 Targeted and more general training for existing staff will be provided on different areas of information governance. 7.5 Regular communications will be provided to staff on Information Governance issues via email, intranet and posters. 7.6 Key contact points for staff support will be available within the CCG. Information Governance Policy_V1.0_050913_LP Page 12 of 14

8 Monitoring 8.1 Compliance 8.1.1 Compliance with the policies, procedures and strategy laid down in this document will be monitored via the Finance and Performance Committee, together with independent reviews by both Internal and External Audit on a periodic basis. 8.1.2 An assessment of compliance with the requirements of the Information Governance Toolkit (IGT) will be undertaken each year. The CCG will identify staff to undertake Administrator, Reviewer and User roles as described in the IGT. 8.1.3 Annual reports and work plans will be presented to the relevant CCG Group for approval prior to submission of the IGT. 8.1.4 The Information Governance Managers are responsible for the monitoring, revision and updating of this document. 8.2 Equality Impact Assessment 8.2.1 This document forms part of the CCG s commitment to create a positive culture of respect for all staff and service users. The intention is to identify, remove or minimise discriminatory practice in relation to the protected characteristics (race, disability, gender, sexual orientation, age, religious or other belief, marriage and civil partnership, gender reassignment and pregnancy and maternity), as well as to promote positive practice and value the diversity of all individuals and communities. 8.2.2 As part of its development this document and its impact on equality has been analysed and no detriment identified. 9 Associated Documentation 9.1 This document should be read in conjunction with the Information Governance Handbook. 10 References 10.1 The following references can be accessed via the links provided: Data Protection Act 1998 available from www.opsi.gov.uk Information Governance Policy_V1.0_050913_LP Page 13 of 14

Access to Health Records Act 1990 available from www.opsi.gov.uk Human Rights Act 1998 available from www.opsi.gov.uk Freedom of Information available from www.opsi.gov.uk Record Management available from http://www.nationalarchives.gov.uk/recordsmanagement Common Law of Confidentiality NHS Confidentiality- code of Practice available from http://www.dh.gov.uk/en/publicationsandstatistics/publications/publicationspolicy AndGuidance/DH_4069253 Caldicott Report available from https://www.gov.uk/government/publications/the- information-governance-review Information Governance Policy_V1.0_050913_LP Page 14 of 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information