INFORMATION GOVERNANCE STRATEGY Document Number 2009/49/V2 Document Title Information Governance Strategy Author Phil Cottis Author s Job Title Information Governance & RA Manager Department IM&T Ratifying Committee Capacity and Infrastructure Committee Ratified Date 9 th February 2012 Review Date 28 th February 2014 Owner Barbara Cummings Owner Job Title Director of Performance & Informatics
Contents INFORMATION GOVERNANCE STRATEGY 1 PURPOSE OF THE STRATEGY... 3 2 APPROACH... 3 3 RESPONSIBILITY AND SCOPE... 3 4 INFORMATION GOVERNANCE STRATEGY IMPLEMENTATION... 5 5 MONITORING AND REVIEW... 5 6 EQUALITY IMPACT ASSESSMENT... 6 IG Strategy Page 2 of 6
1 PURPOSE OF THE STRATEGY 1.1 Information Governance (IG) ensures the necessary safeguards for, and appropriate use of, patient and personal information. 1.2 This strategy sets out the approach taken within the Trust to provide a robust Information Governance (IG) framework for the current and future management of information to ensure compliance with all appropriate legislation, standards and best practice. 2 APPROACH 2.1 The IG strategy cannot be seen in isolation as information plays a key part in corporate governance, clinical governance, risk management, service planning, informatics, performance and business management. The strategy is, therefore, closely linked with other strategies to ensure integration with all aspects of the Trust s business activities. 2.2 IG should be viewed in the overall context of Governance within the Trust as a vital component of both planning and healthcare. IG is a component of performance management, i.e. ensuring that IG is central to the working lives of all staff will be a part of each manager s personal objectives. 2.3 The two key components underpinning this strategy are: The Trust s IG Policy, which outlines the objectives for information governance; and An annual IG Action Plan arising from a base line assessment against the standards and controls set out in the NHS Connecting for Health Information Governance Toolkit 2.4 The over-riding critical success factor for effective IG will be to develop and maintain a culture of good management of data & information, information systems, information security, information quality assurance, data protection and records management. This will be achieved primarily by an effective programme of IG awareness, training and education. 3 RESPONSIBILITY AND SCOPE 3.1 Ultimate responsibility for IG within the Trust lies with the Trust Board. The Trust has appointed a Senior Information Risk Owner (SIRO) at Board level, who has clearly defined Board level responsibility for overseeing all the diverse aspects of information governance, information risk and information security within the Trust. Currently the SIRO is the Director of Performance and Informatics. 3.2 In support, the Trust has established the IG Committee, which has delegated authority from the Board and is accountable via the Capacity and Infrastructure Committee and Healthcare Governance Committee to the Board. The Chair of the IG Committee is the SIRO and the Deputy Chair is the Caldicott Guardian. IG Strategy Page 3 of 6
The following diagram depicts the reporting chain: TRUST BOARD CAPACITY & INFRASTRUCTURE COMMITTEE INFORMATION GOVERNANCE COMMITTEE Corporate Records Committee Medical Records Committee RA Working Group 3.3 The Caldicott Guardian is the senior person responsible for protecting the confidentiality of patient and service-user information and enabling appropriate information sharing. They play a key role in ensuring that the Trust satisfies the highest practicable standards for handling patient identifiable information. The Caldicott Guardian will bring clinical governance issues to the attention of the IG committee as appropriate. 3.4 The IG Committee has specific terms of reference, and membership includes the SIRO, the Caldicott Guardian, the IG Manager and representatives from the major directorates within the Trust. 3.5 The IG Committee has overall responsibility for this strategy, the IG policy and the IG work programme. These will be subject to periodic review and progress reports to the Healthcare Governance Committee and, where appropriate, to the Board. 3.6 A key function of the IG Committee will be to monitor and review untoward occurrences and incidents relating to IG and ensure that effective remedial and preventative action is taken. Serious Untoward Incidents (SUIs) concerning information risk will be reported via the IG Committee to the SIRO, and then reported to the Board. The IG Committee will seek to be pro-active about IG risk management wherever possible in order to minimise risk. 3.7 The Trust has appointed an Information Governance & Registration Authority Manager who is responsible for leading the work of the IG Committee, co-ordinating the various strands into a comprehensive work programme to ensure the Trust meets its statutory and regulatory obligations. The IG & RA Manager will support the SIRO and Caldicott Guardian in the IG agenda. 3.8 Any associated resource implications incurred by the implementation of the IG strategy, policy and work programme will be identified by the IG Committee. Business cases, including the provision of awareness and training needs, will be developed and submitted to the Trust Board for approval. IG Strategy Page 4 of 6
4 INFORMATION GOVERNANCE STRATEGY IMPLEMENTATION 4.1 The Information Governance Committee will monitor implementation of this strategy and its associated work programmes through regular meetings. 4.2 All Trusts are mandated to complete a self-assessment of their IG performance using the IG Toolkit. This is an on-line self-assessment tool based on IG standards and is one of the sources of information by the Care Quality Commission for assessing compliance with the essential standards of quality and safety. The Information Governance standards are based on generally accepted definitions of good practice in relation to Information Governance and inter-link with other recommendations and standards such as the Data Protection Act 1998 etc. 4.3 The Information Governance and RA Manager will: Undertake a baseline assessment of the current position in relating to the IG standards (using the self-assessment toolkit) Agree an annual work programme to ensure year on year improvement in performance Ensure the development of strategies, policies and procedures required for information governance Identify resources required for implementation Monitor progress made Report on progress, incidents and issues to the IG Committee. Regularly assess performance against the IG Toolkit (in July / October and March each year) Complete the self-assessment toolkit on an annual basis The IG Committee will review this strategy annually or in response to any significant changes to mandatory requirements or guidance or as a result of significant information governance breaches or incidents. 5 MONITORING AND REVIEW 5.1 The implementation of the IG strategy, policy and work programme will ensure that information is more effectively managed in the Trust. Each year the policy will be reviewed and a revised work programme developed against the IG Toolkit attainment levels and scores, thus identifying the key areas for a programme of continuous improvement. IG Strategy Page 5 of 6
6 EQUALITY IMPACT ASSESSMENT STAGE 1 - SCREENING Name & Job Title of Assessor: Nic McCullagh, Information Governance Manager Policy or Function to be assessed: Information Governance Strategy Yes/No Date of Initial Screening: Comments 1. Does the policy, function, service or project affect one group more or less favourably than another on the basis of: Race & Ethnic background No This policy is applied equally to all groups Gender including transgender No This policy is applied equally to all groups Disability No This policy is applied equally to all groups Religion or belief No This policy is applied equally to all groups Sexual orientation No This policy is applied equally to all groups Age No This policy is applied equally to all groups 2. Does the public have a perception/concern regarding the potential for discrimination? No This policy is applied equally to all groups If the answer to any of the questions above is yes, please complete a full Stage 2 Equality Impact Assessment. Signature of Assessor: Nic McCullagh, Information Governance Manager Date: Signature of Line Manager: Barbara Cummings, Director of Performance & Informatics Date: