IGPr002 - Information Governance Management Framework

Similar documents
Information Governance Policy

Information Governance Policy

INFORMATION GOVERNANCE STRATEGY AND STRATEGIC VISION

Information Governance Assurance Framework

Fit and Proper Person s Policy CRM011

This Policy supersedes the following Policy, which must now be destroyed:

This Policy supersedes the following Policy, which must now be destroyed:

Overarching Information Governance Policy

Information Governance Policy and Management Framework

Information Governance Policy

Information Governance Policy

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK

INFORMATION GOVERNANCE STRATEGY IMPLEMENTATION PLAN

Information Governance Policy

INFORMATION GOVERNANCE POLICY

Information Governance Strategy and Management Framework

INFORMATION GOVERNANCE STRATEGY

NHS Sunderland Clinical Commissioning Group. Information Governance Strategy 2016/17

Information Security Policy

Information Governance Management Framework

INFORMATION GOVERNANCE POLICY AND FRAMEWORK

Information Governance Strategic Management Framework

Information governance strategy

Privacy Impact Assessment Policy and Procedure

NHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY

Data Protection Policy

EQUALITY AND DIVERSITY COMMITTEE. Terms of Reference

INFORMATION GOVERNANCE POLICY

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2017/18

Information Security Risk Management Programme and Strategy

INFORMATION GOVERNANCE POLICY

Information Governance Management Framework Version 6 December 2017

IG01 Information Governance Management Framework

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK POLICY

INFORMATION GOVERNANCE POLICY

Information Sharing Policy

INFORMATION GOVERNANCE STRATEGY. Documentation control

Information Governance Management Framework 2016/17

POLICY MANAGEMENT FRAMEWORK

INFORMATION GOVERNANCE POLICY

Induction Policy. Document author Assured by Review cycle. 1. Introduction Policy Statement Purpose or Aim Scope...

Information Assets: Security and Risk Management Policy. Choice, Responsiveness, Integration & Shared Care

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK

HR PROCEDURE: BUYING AND SELLING ANNUAL LEAVE (ADDENDUM TO FLEXIBLE WORKING HRP001)

Data protection (GDPR) policy

Dated 26 th February 2016 DIVERSITY POLICY & PROCEDURE RV1

Data Quality Policy

Records management policy. Document author Assured by Review cycle. Audit and Risk Committee. 1. Introduction Purpose or aim Scope...

Freedom of Information (FOI) Policy

DATA QUALITY POLICY. Version: 1.2. Management and Caldicott Committee. Date approved: 02 February Governance Lead

Information Governance Policy

Lisa Quinn Executive Director of Performance and Assurance. Lead Officer

Minor adjustments from IG Steering Group 0.3 Neil Taylor September 2013

Equality and Diversity Policy

Information Governance Management Framework 2017/18 Reference: IG12

Information Governance Management Framework

West Kent Clinical Commissioning Group

NHS BARNSLEY CCG DATA QUALITY POLICY SEPTEMBER 2016

Policy for the Development, Approval, Management and Dissemination of Trust Controlled Documents

CCG CO12 Policy and Framework for Partnership Governance

EMPLOYEE CAPABILITY POLICY & PROCEDURE

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST STRENGTHENING GOVERNANCE ARRANGEMENTS. Report to the Trust Board 24 May 2016

Findings from ICO audits of 16 local authorities

NORTH EAST HAMPSHIRE AND FARNHAM CLINICAL COMMISSIONING GROUP POLICY FOR THE MANAGEMENT OF POLICIES AND CORPORATE DOCUMENTS

Author s job title Head of Clinical Coding and Data Quality Directorate IM&T

Information Governance Strategic Management Framework (Including Policy and Strategy)

Executive Director of Workforce and Organisational Development. Workforce Projects Manager. Date ratified January Implementation Date

Date: INFORMATION GOVERNANCE POLICY

This Policy supersedes the following Policy which must now be destroyed:

Sponsorship of Clinical Research Studies

Colchester Hospital University NHS Foundation Trust. Equality Act Equality Delivery System Equality Objectives April March 2016

Hours of Work: 37.5 hours per week (part time hours negotiable)

Data Protection Impact Assessment Policy

Date ratified June, Implementation Date August, Date of full Implementation August, Review Date Feb, Version number V02.

Records Management Policy and Strategy

HR Procedure: HRP037 Probationary Periods

Performance Development Review (Appraisal) Policy

Document History Version Date Significant Changes

Operational Executive

Equality & Diversity Policy

Workforce Equality and Diversity Policy

Managing Stress at Work Policy

Job Description FOSTERING BRANCH MANAGER. Appropriate designated staff as the service develops

TRUST-WIDE NON-CLINICAL POLICY DOCUMENT. Date Ratified: February 2015 Next Review Date (by): Interim Review August 2017 Version Number: 2015 Version 1

INFORMATION GOVERNANCE ASSURANCE FRAMEWORK

RECRUITMENT AND SELECTION POLICY

RISK MANAGEMENT COMMITTEE TERMS OF REFERENCE

Performance and Development Review (PDR) Policy

JOB DESCRIPTION. E-Commerce and Merchandise Manager

Volunteer Services Policy

Information Governance Clauses Clinical and Non Clinical Contracts

Communications and Engagement Strategy

Equality and Diversity Policy

HCUC CORPORATION EQUALITY AND DIVERSITY POLICY

Directorate of Finance, Information & Performance Management DATA QUALITY POLICY

h. Is the policy relevant to the General Duty to eliminate discrimination? advance equality of opportunity? foster good relations?

PROCEDURE Data Quality. Number: W 2020 Date Published: 19 March 2015

JOB DESCRIPTION. Director of Primary and Out of Hospital Care

The Newcastle upon Tyne Hospitals NHS Foundation Trust. Sustainability Policy

Business Continuity Management Policy

Transcription:

IGPr002 - Information Governance Management Framework Page 1 of 10

Table of Contents Information Governance Management Framework... 1 Why we need this Framework... 3 What the Framework is trying to do... 3 Which stakeholders have been involved in the creation of this Framework... 3 Any required definitions/explanations... 3 Key duties... 4 Framework detail... 6 Training requirements associated with this Framework... 8 How this Framework will be monitored for compliance and effectiveness... 9 For further information... 9 Equality considerations... 9 Document control details... 10 Page 2 of 10

Why we need this Framework This document is needed to provide individuals assurance that personal information is dealt with legally, securely, efficiently and effectively, in order to deliver the best possible patient care. The Trust will establish and maintain policies and procedures to ensure compliance with requirements contained in the Northamptonshire Healthcare Foundation Trust, Information Governance Toolkit. What the Framework is trying to do This framework document sets out the approach that The Trust will take to improve and assure its Information Governance related activities and to deliver year on year assurance through the Information Governance Toolkit scores. The strategy within this framework has been developed taking into consideration: The implications of the Trust s performance against national Information Governance requirements as identified in the Information Governance Toolkit (2). The relevant legislative framework. Guidelines for Caldicott Guardians. The requirements and potential requirements of the latest version of the Information Governance Toolkit year on year. Health and Social Care Information Centre priority areas for Information Governance including compliance with the NHS Care Record Guarantee. National and local initiatives around reducing the risk of data, confidentiality and security breaches. Which stakeholders have been involved in the creation of this Framework Information Governance Planning Group IM&T Programme Board Any required definitions/explanations Trust The Trust relates to Northamptonshire NHS Foundation Trust IG Framework The IG framework describes the approach to handling information in a confidential and secure manner to appropriate legislative and best practice standards. Principles The high level principles set out in this procedure are relevant to a wide range of legislation and NHS Policy Guidance relating to the processing of information. Processing Page 3 of 10

Within the context of this procedure, means any activity performed on information (collecting, storing, handling, disclosing etc). Laws and codes of Practice The relevant information governance laws include, but are not limited to, the following: Common law duty of Confidence Data Protection Act 1998 Human Rights Act 1998 Mental Health Act 1983 Mental Capacity Act 2005 Freedom of Information Act 2000 and Environmental Information Regulations 2004 Access to Health Records Act 1990 (where not superseded by the Data Protection Act) Computer Misuse Act 1990 (amended in 2005) Copyright, Designs and Patents Act 1988 Children Act 2004 and the Children and Young Person Act 2008 NHS Trusts and PCT s (Sexually Transmitted Diseases Regulations) 2000 Crime and Disorder Act 1998 Electronic Communications Act 2000 Regulation of Investigatory Powers Act 2000 Re-Use of Public Sector Information Regulations Records Management NHS Code of Practice 2006 Confidentiality NHS Code of Practice 2003 Information Security Management NHS Code of Practice Information Governance Assurance The Information Governance Toolkit is a performance tool produced by NHS Digital. It draws together the legal rules and central guidance set out above and presents them in one place as a set of information governance requirements. The Trust is required to carry out self-assessments of its compliance against the 45 requirements for mental health trusts (2). Key duties Northamptonshire Healthcare Foundation Trust Board It is the role of the Trust Board to define the Trust s policy in respect of information Governance, taking into account legal and NHS requirements. The Board is also responsible for ensuring that sufficient resources are provided to support the requirements of the policy and to support any Service Level Agreements between the Trust and other organisations. Information Governance within the Trust is an organisation wide responsibility providing a focus for the safe, secure and appropriate processing of information across all formats and at all levels within the organisation. The Trust will ensure that the following roles are in place across the organisation. Page 4 of 10

Senior Information Risk Owner (SIRO) The SIRO is responsible for: Overseeing the development of an Information Risk Policy, and a Strategy for implementing the policy within the existing Information Governance Framework. Taking ownership of the risk assessment process for information risk, including review of the annual information risk assessment to support and inform the Statement of Internal Control. Reviewing and agreeing action in respect of identified information risks. Ensuring that the Trust s approach to information risk is effective in terms of resource, commitment and execution and that this is communicated to all staff. Providing a focal point for the resolution and/or discussion of information risk issues. As Chair of the IM&T Programme Board, ensure the Trust Board is adequately briefed on information risk issues. Ensuring the Board is adequately briefed on information risk issues. Deputy SIRO To provide support to the SIRO function Caldicott Guardian The Caldicott Guardian is responsible for: Acting as the conscience of an organisation, actively supporting work to facilitate and enable information sharing, advising on options for lawful and ethical processing of information as required. Providing a strategic role representing and championing confidentiality requirements and issues at Board level and, where appropriate, at a range of levels within the organisations overall governance framework. Ensuring that confidentiality issues are appropriately reflected in organisational strategies, policies and working procedures for staff, and oversee all arrangements, protocols and procedures where confidential patient information may be shared. Deputy Caldicott Guardian The Deputy Caldicott Guardian provides support to the Caldicott Function and deputise where necessary. Information Security Officer (ISO) The Information Security Officer (ISO) is responsible for; Developing, implementing, and enforcing policies and procedures to protect information assets. Managing risk management and business continuity. Reporting to the Forum for Information Governance & Assurance on the information security status of the organisation by means of regular reports and presentation. Page 5 of 10

Information Asset Owners (IAO) Information Asset owners (IAO) are responsible for; Addressing risks to the information assets they own and to provide assurance to the SIRO on the security and use of these assets Ensuring that changes to the information asset are documented with a formal sign off from the IG department following the undertaking of a Privacy Impact Assessment. Being aware what information is held and who has access to it for what purpose Taking steps to ensure compliance with the Trust s Information Governance Management Framework and associated policies. Clinical Safety Officer The Clinical Safety Officer is responsible for ensuring that the Trust has an IT Clinical Safety Management system and it is audited and reviewed throughout the year. Information Governance Planning Group The Information Governance group is responsible for reporting to the IMT board on the implementation, development, and monitoring of the strategic framework. Data Protection Officer The Data Protection Officer is responsible for managing the organisations Information Governance function, including setting and implementing appropriate policy, procedures and codes of conduct; end user training awareness and campaigns; ensuring appropriate audits and monitoring mechanisms and supporting year on year improvements across the Trust. These activities will be reported through the IG Group internally and, externally, through the IG Toolkit and IM&T Programme board. All Staff All staff, whether permanent, temporary or contracted are responsible for ensuring that they are aware and they comply with information governance requirements at all times. This is a legal and professional obligation, which is also set out in Trust employment contracts. Framework detail Information Sharing Information will be used proactively within the Trust, both for patient care and service management as determined by law, statute and best practice. Information will be used proactively between the Trust, other NHS and partner organisations to support patient care as determined by law, statute and best practice. Information sharing protocols setting out formalised mechanisms for the sharing of information with Trust partners will be agreed in line with requirements of the Information Page 6 of 10

Governance Toolkit. Agreed protocols will be placed on the intranet site for staff to access. Robust mechanisms will be used to support the ongoing capture and mapping of data flows into, across and out of the Trust. Openness and Confidentiality Non-confidential information on the Trust and its services should be available to the public through a variety of media, in line with the Trust s policy for the Freedom of Information act (FOI). The Trust will establish and maintain policies to ensure compliance with the FOI. Patients should have ready access to information relating to their own health care, their options for treatment and their rights as patients. The Trust will have clear procedures and arrangements for liaison with the press and broadcasting media. The Trust will have clear procedures and arrangements for handling queries from patients and the public. The Trust will include details of any serious untoward incidents associated with information governance within its public Annual Report. The Trust will pseudonymise information where necessary or use the safe haven approach where not practicable. Information Quality Assurance The Trust will establish and maintain policies and procedures for the effective management of records and Information Quality Assurance, clinical and non-clinical, in line with legislation and codes of practice. Information within the Trust should be of the highest quality in terms of accuracy, timeliness and relevance. Managers are expected to take ownership of and seek to improve the quality of information within their services. The Trust will undertake or commission annual assessments and audits of the Trust s quality of data and records management. Data standards will be set through clear and consistent definition of data items, in accordance with national standards. The Trust will promote information quality and effective records management through policies, procedures/user manuals and training. The Trust uses the Records Management Code of Practice for Health and Social Care 2016(3) as its standard for records management. Legal Compliance Page 7 of 10

The Trust regards all identifiable personal information relating to patients as confidential. The Trust regards all identifiable personal information relating to staff as confidential except where national policy on accountability and openness requires otherwise The Trust will establish and maintain policies to ensure compliance with the DPA, Human Rights Act, the Common Law Duty of Confidentiality and the Caldicott Principles The Trust will establish and maintain policies for the controlled and appropriate sharing of personally identifiable information with other agencies, taking account of relevant legislation (e.g. Health and Social Care Act, Mental Health Act, Mental Capacity Act, Crime and Disorder Act, Protection of Children Act). Policies will be available on the staff intranet. Information Security The Trust will establish and maintain policies for the effective and secure management of its information assets and resources. The Trust will undertake or commission annual assessments and audits of its information and IT security arrangements. The Trust will promote effective confidentiality and security practice to its staff through policies, procedures and training. The Trust will establish and maintain incident reporting procedures and will monitor and investigate. Information assets and information flows will be mapped and recorded to assess and prevent the unlawful and unnecessary use of person identifiable information. Contractors and Support Organisations The Trust will work to strengthen current arrangements with contractors and support organisations to maintain the security of Trust information. The Trust will undertake a privacy impact risk assessment prior to entering into an agreement with an external party to process Trust information. Utilise the information Governance Toolkit for third parties where practicable to provide assurance that the third party has appropriate controls, policies and training in place. Training requirements associated with this Framework Information Governance training has been integrated into NHFT s induction programme for all new staff. For existing staff, an ongoing programme of training will be delivered as part of NHFT s Information Governance training programme. Additional campaigns and awareness raising will be undertaken as appropriate. Page 8 of 10

It is the responsibility of all managers to ensure attendance at induction and training programmes and to obtain feedback from staff regarding the knowledge and understanding they have obtained. Individuals have an obligation to seek training, advice and support where uncertain in order to improve information governance practices appropriately. Ad hoc training sessions will be made available based on an individual s training needs as defined within their annual appraisal or job description. How this Framework will be monitored for compliance and effectiveness This framework will be made available to the Public through the Trust Internet site in supporting documentation and upon application. New employees will be made aware of this procedure through the Induction process. Information Governance activity will be reported monthly in Information Governance Highlight Reports to the Information Governance Group and the IMT Programme Board. For further information Please contact the Information Governance Team by emailing information.governance@nhft.nhs.uk Equality considerations The Trust has a duty under the Equality Act and the Public Sector Equality Duty to assess the impact of Framework changes for different groups within the community. In particular, the Trust is required to assess the impact (both positive and negative) for a number of protected characteristics including: Age; Disability; Gender reassignment; Marriage and civil partnership; Race; Religion or belief; Sexual orientation; Pregnancy and maternity; and Other excluded groups and/or those with multiple and social deprivation (for example carers, transient communities, ex-offenders, asylum seekers, sex-workers and homeless people). The author has considered the impact on these groups of the adoption of this Framework and identified that the advice and guidance service offered to patients and staff and reported IG Page 9 of 10

incidents will be monitored. Reference Guide 1. Data Protection Act 1998, http://www.legislation.gov.uk/ukpga/1998/29/contents 2. Information Governance Toolkit, https://www.igt.hscic.gov.uk/ 3. Records Management Code of Practice for Health and Social Care 2016, http://systems.digital.nhs.uk/infogov/iga/rmcop16718.pdf 4. NHS Care Record Guarantee, National Information Governance Board, 2011 5. Guidance for NHS Boards: Information Governance, August 2011 Freedom of Information Act 2000, 6. http://www.legislation.gov.uk/ukpga/2000/36/contents 7. http://www.ico.gov.uk/what_we_cover/freedom_of_information/publicatio n_schemes.aspx 8. Caldicott Review 2013, https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/192572/2 900774_InfoGovernance_accv2.pdf Document control details Author: Approved by and date: Responsible committee: Any other linked Policies: Framework number: Version control: V.2 Information Governance Team The Information Governance Planning Group IM&T Programme Board IGIS001 Use of Information & Communications Technology Policy IGP107 Health Records Management Policy Version No. Date Ratified/ Amended Date of Implementation Next Review Date Reason for Change (eg. full rewrite, amendment to reflect new legislation, updated flowchart, minor amendments, etc.) V.1 04.11.2014 04.11.2014 04.11.2016 IGP101 has been reclassified as a procedure and has been reformatted in the new structure. Page 10 of 10

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback