INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK

Similar documents
INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK

IG01 Information Governance Management Framework

IGPr002 - Information Governance Management Framework

Information Governance Strategic Management Framework

Information Governance Assurance Framework

Information Governance, Management & Technology Committee Terms of Reference

Privacy Impact Assessment Policy and Procedure

This Policy supersedes the following Policy, which must now be destroyed:

Information Governance Policy and Management Framework

This Policy supersedes the following Policy, which must now be destroyed:

NHS Sunderland Clinical Commissioning Group. Information Governance Strategy 2016/17

INFORMATION GOVERNANCE STRATEGY

Information Governance Training Plan

Information Governance Management Framework

Information Security Risk Management Programme and Strategy

INFORMATION GOVERNANCE STRATEGY AND STRATEGIC VISION

Information Governance Strategy and Management Framework

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2017/18

INFORMATION GOVERNANCE POLICY

Minor adjustments from IG Steering Group 0.3 Neil Taylor September 2013

Information Governance Policy

INFORMATION GOVERNANCE POLICY

West Kent Clinical Commissioning Group

Privacy Impact Assessment. Integrated Personal Commissioning (IPC) Programme

Governing Body 24 July 2018

This Policy supersedes the following Policy which must now be destroyed:

INFORMATION GOVERNANCE POLICY

Equality & Diversity Policy

NHS BARNSLEY CCG DATA QUALITY POLICY SEPTEMBER 2016

NHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY

Flexible Working Policy

POLICY MANAGEMENT FRAMEWORK

Information Governance Policy

SECONDARY EMPLOYMENT POLICY

Information Governance Management Framework Version 6 December 2017

HUMAN RESOURCES POLICY

Business Continuity Management Policy

Lead Employer Flexible Working Policy. Trust Policy

Overarching Information Governance Policy

Data Protection Policy

INFORMATION GOVERNANCE POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGY IMPLEMENTATION PLAN

Equality and Diversity Policy

Information Governance Management Framework

CCG Governance Structure

Information Governance Policy

INDUCTION POLICY. Version: Version 1 Supersedes: Author (inc Job Title): Ratified by: (Name of responsible Committee) Remuneration Committee

Controlled Document Number: Version Number: 002. On: October Review Date: October 2020 Distribution: Essential Reading for: Page 1 of 12

Information Governance Strategic Management Framework (Including Policy and Strategy)

Policy for the Development, Approval, Management and Dissemination of Trust Controlled Documents

Executive Director of Workforce and Organisational Development. Workforce Projects Manager. Date ratified January Implementation Date

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY

HUMAN RESOURCES POLICY

Equality and Diversity Policy

Moving and Handling Policy

RECRUITMENT AND SELECTION POLICY

CCG CO12 Policy and Framework for Partnership Governance

Performance Development Review (Appraisal) Policy

Information Governance Management Framework 2016/17

POLICY Detective Career Pathway. Number: C 2200 Date Published: 28 April 2016

MANUAL HANDLING POLICY

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK POLICY

Information Assets: Security and Risk Management Policy. Choice, Responsiveness, Integration & Shared Care

Executive Director of Nursing and Chief Operating Officer. Lead Officer. Tony Gray Head of Safety, Security and Resilience

Document Title: Annual Progress Reports (APRs) Document Number: 056

Information Governance Policy

The Newcastle Upon Tyne Hospitals NHS Foundation Trust. Aggregating Data and Learning from Incidents, Complaints and Claims Policy

Dated 26 th February 2016 DIVERSITY POLICY & PROCEDURE RV1

62 GB Long Service and Achievement Awards Policy

Date ratified June, Implementation Date August, Date of full Implementation August, Review Date Feb, Version number V02.

Lisa Quinn Executive Director of Performance and Assurance. Lead Officer

Performance and Development Review (PDR) Policy

Mandatory Training Policy. Printed copies must not be considered the definitive version

Induction policy and procedure HR08

NORTH EAST HAMPSHIRE AND FARNHAM CLINICAL COMMISSIONING GROUP POLICY FOR THE MANAGEMENT OF POLICIES AND CORPORATE DOCUMENTS

Organisational Change Policy

Induction Policy. Document author Assured by Review cycle. 1. Introduction Policy Statement Purpose or Aim Scope...

Mansfield & Ashfield Clinical Commissioning Group Newark & Sherwood Clinical Commissioning Group SPECIAL LEAVE POLICY

LONG SERVICE AWARD POLICY

DATA QUALITY POLICY. Version: 1.2. Management and Caldicott Committee. Date approved: 02 February Governance Lead

Data Quality Policy

BARNSLEY CLINICAL COMMISSIONING GROUP LONG SERVICE AWARD POLICY

Equality and Diversity Policy

Information Governance Management Framework

Information Governance Management Framework 2017/18 Reference: IG12

Suspension, Exclusion or Transfer Policy

HUMAN RESOURCES POLICY

STAFFORD & SURROUNDS RECRUITMENT AND

Identifies the risk management structure, roles, responsibilities and authority of staff, committees and groups with responsibility for risk

Lead Employer Annual Leave Policy. VERSION V11 January 2018

Nottinghamshire Better Care Fund (BCF) Plan 24 February 2016

Contents. 1. Introduction. 2. Policy context. 3. Strategic context. 4. The BAFA equality and diversity vision. 5. Actions

Equality Impact Assessment of the

Equality, Diversity & Inclusion Policy

Recruitment & Selection Policy

BARNSLEY CLINICAL COMMISSIONING GROUP STUDY LEAVE POLICY

Workforce Development, Employee Induction, Essential Training & Study Leave 10.28

Unique Identifier: Document Type: POLICY Title: Corporate and Local Induction CORP/POL/045

Equality and Diversity Policy

Transcription:

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK Document History Document Reference: IG33 Document Purpose: The document complements all other Information Governance policies and sets out the management arrangements for information governance for NHS Nottingham North and East CCG, NHS Nottingham West CCG and NHS Rushcliffe CCG (collectively the South Nottinghamshire CCG s). Date Approved: 25 th Approving Committee: Information Governance Management and Technology Committee Version Number: Version 4.0 Status: APPROVED Next Revision Due: September 2016 Developed by: Information Governance, Greater East Midlands Commissioning Support Unit (GEM CSU) Reviewed and refreshed by Head of Information Governance and the Information Governance Officer for NHS Nottingham City CCG on behalf of the South Nottinghamshire CCG s. Policy Sponsor: Director of Outcomes and Information, Nottinghamshire CCGs Target Audience: All Staff Associated Documents: All Information Governance Policies and the Information Governance Toolkit standards

Revision History Version Revision date Summary of Changes 1.0 July 2012 Approved by the Information Governance and Management Technology Committee 2.0 August 2013 Revised in line with NHS England Policies and updated to reflect version 11 of the Information Governance Toolkit 2.1 July 2014 Review for comment 3.0 September 2014 Approved by Information Governance Management and Technology Committee 4.0 Revised Section 8: Training Guidance Inserted an updated version of the IGM&T terms of reference and membership Amended framework to reflect service level agreement with CCG for IG support. Policy Dissemination information Reference Number Title Available from Information Governance Management Framework CCG Intranet

Section Page 1 Introduction 4 2 Purpose & Scope 4 3 Policy Statement 4 4 Organisation Roles & Accountabilities 5 5 Key Policies 6 6 Governance Arrangements 7 7 Resources 8 8 Training Guidance 8 9 Incident Management 8 10 Equality & Diversity 8 11 Monitoring & Compliance 9 12 Further Information or Guidance 9 13 References 9 14 Appendix 1- Information Governance Reporting Framework 10 Appendix 2 Information Governance Operational Structure 11

1 Introduction This framework applies to the three South Nottinghamshire Clinical Commissioning Groups (CCGs), subsequently referred to in this document as the CCGs. They include: NHS Nottingham North and East CCG NHS Nottingham West CCG NHS Rushcliffe CCG Robust information governance requires clear and effective management and accountability structures, governance processes, documented policies and procedures, trained staff and adequate resources. Delivery against these requirements will be carried out in line with the standards documented within the Information Governance Toolkit. The IGT can be accessed via https://nww.igt.hscic.gov.uk using the designated organisational code, user name and password. This Framework must be documented, approved at the most appropriate senior management level in the organisation (e.g. a member of the Executive Team) and reviewed annually. This document sets out the CCG s approach to embedding robust information governance throughout each organisation. This framework is a standalone document and provides a summary/overview of how the CCG is addressing the IG agenda and reflects the capacity and capability of the CCG. 2. Purpose and scope The purpose of this framework is to establish employee responsibility and the rules of conduct for all members of staff regarding the CCG s information governance framework and assurance process. This policy applies to all staff within the CCG whether operating directly or providing services to other organisations under a service level agreement or joint agreement and to non-executive directors, contracted third parties (including agency staff), Governing Body members, locums, students, volunteers, trainees, visiting professionals or researchers, seconded and other staff on temporary placements within the organisation. 3. Policy Statement The Health & Social Care Information Centre (HSCIC) mandates that the Information Governance Toolkit (IGT) version 13 is completed by all organisations that commission or provide services within and to the NHS. An (IGMF) is required to be in place to ensure that the information governance agenda is owned and implemented in a structured manner. Version 4.0 4

4. Organisational Roles & Accountability The CCG will: Appoint a Head of Information Governance, an internal IG Lead, Senior Information Risk Owner (SIRO) and Caldicott Guardian. These designated roles will be reported in the CCG IG Toolkit return under Update Information Governance Senior Management Details once appointed. The roles of Caldicott Guardian and Senior Information Risk Owner (SIRO) will be at Executive level. The Accountable Officer has overall accountability and responsibility for information governance and is required to provide assurance through the Statements on Internal Control that all risks to the CCG, including those relating to information, are effectively managed and mitigated. Maintain policies and procedures to ensure compliance with requirements contained in the NHS Information Governance Toolkit. The SIRO will: Take ownership of the organisation s information risk policy and information risk management strategy. All key information assets will be identified and their details included in an Information Asset Register. Ensure that Information Asset owners will be identified for each key information asset. Ensure that all staff assigned responsibility for co-ordinating and implementing information risk management will be appropriately trained to carry out their role Ensure that Information Asset Owners carry out risk reviews of the assets, for which they are accountable, the frequency of review depending upon the importance of the asset and the nature of the risk environment. The Caldicott Guardian will: Be added to the National Register of Caldicott Guardians. Identify the support necessary to ensure work related to confidentiality and data protection is appropriately carried out. Ensure all staff assigned responsibility for co-ordinating and implementing the confidentiality and data protection work programme have been appropriately trained to carry out their role. Advise and support CCG staff on enabling appropriate information sharing in line with the Caldicott Review recommendations. The Head of Information Governance will: Provide expert support, advice and guidance to the strategic and technical information governance arrangements within each of the CCG s. Version 4.0 5

This will include; Supporting the achievement of satisfactory compliance (level 2 or above) in all Information Governance Toolkit requirements. This will include the provision of specific advice and guidance regarding consent issues, information sharing across partner organisations, and the legal basis for processing information. As part of this, standardised templates will be provided for contracts and agreements in support of information sharing agreements. Produce appropriate information governance training materials and deliver faceto-face training sessions as and when required. Have a monthly meeting with the CCG s IG Leads to discuss and review progress against information governance improvement plans. Prepare and present quarterly information governance update reports to the CCG s IGM&T committee regarding compliance with IG Toolkit requirements. This will include the provision of updates and briefings on all relevant legislative and national developments/guidance. Work collaboratively with the IG leads to map information governance risks for inclusion on the organisational risk register. To include Chairing the bi monthly Information Governance Operational Leads meeting. The Information Governance, Management and Technology committee will: Ensure that an appropriate comprehensive information governance framework and systems are in place throughout the constituent organisations in line with national standards. The specific responsibilities of this Committee are outlined in its terms of reference. 5. Key Policies The CCG will provide the following policies (or equivalent) to set out scope and intent in terms of embedding Information Governance processes throughout the Organisation: A Confidentiality and Data Protection Policy An Information Security Policy A Corporate Governance Policy (which covers FOI) An Information Lifecycle Management Policy (Records Management and Information Quality) In particular the CCG will implement policies as required to support confidentiality, security and records management processes in addition to this The CCG IG Lead Link roles will: Version 4.0 6

Develop and maintain comprehensive and appropriate documentation that demonstrates commitment to and ownership of IG responsibilities, e.g. an overarching high level strategy document supported by corporate and/or directorate policies and procedures. Ensure that there is senior management awareness and support for IG resourcing and implementation of improvements. Provide direction in formulating, establishing and promoting IG policies. Establish working groups, if necessary, to co-ordinate the activities of staff given IG responsibilities and progress initiatives. Ensure that assessment and improvement plans are prepared for approval by the senior level of management in a timely manner and in line with national reporting requirements. Ensure that the approach to information handling is communicated to all staff and made available to the public. Ensure that appropriate training is made available to staff and completed as necessary to support their duties and in line with IGT requirements. Liaise with other committees, working groups and programme boards in order to promote and integrate IG standards Monitor information handling activities to ensure compliance with law and guidance. Provide a focal point for the resolution and/or discussion of IG issues escalating issues to the Head of Information Governance where necessary. 6. Governance Arrangements The following governance arrangements have been agreed: The CCG Governing Body will receive periodic assurance that management and accountability arrangements are adequate and are informed in a timely manner of future changes in the IG agenda by IG updates within the corporate report. The CCG will be represented at the Information Governance Management and Technology Committee, which has delegated authority from each of the CCG Governing Bodies for IG compliance. The shared CCG Information Governance Management and Technology Committee (or equivalent) will have responsibility for the information governance agenda supported by identified senior roles i.e. Caldicott Guardian, SIRO, and IG Lead. Under a service level agreement, the CCG will obtain information governance support from NHS Nottingham City CCG, including, the Head of Information Governance function. Responsibility and accountability for information governance will be cascaded through the organisation via staff contracts, contracts with third parties, Information Asset Owner arrangements and departmental leads. Version 4.0 7

Key information governance messages will be developed by NHS Nottingham City CCG through a Service Level Agreement and made available to the CCGs for onward dissemination. 7. Resources Key staff involved in the information governance agenda, below those at Executive Team level, will be provided to the CCG through a Service Level Agreement between the CCGs and NHS Nottingham City CCG. 8. Training Guidance It is recognised that information governance education, training and awareness are essential for developing and improving staff members Information governance knowledge and skills. Staff need to understand the value of information and their responsibility for it, including data quality, information security, records management, confidentiality, legal duty, information law, rights of access and patients rights in terms of a right of privacy and choice. The completion of annual information governance training is mandatory for all staff, whether permanent, temporary or contracted. Initially, all new starters will complete their information governance training via the HSCIC Information Governance online training tool as part of their induction programme. Refresher information governance training can be completed via the HSCIC information governance training tool, Electronic Staff Record or via face-to-face sessions delivered by the appropriate IG Lead NHS Nottingham City CCG. Information governance services will assist the CCG in achieving 95% take up of mandatory information governance training and advise/manage staff to undertake further specialist information governance training as required. Mandatory annual information governance training should be completed by all third party contractors. 9. Incident Management Clear guidance on reporting of information incidents and their management will be documented and staff will be made aware of their existence, where to find them and how to implement them. 10. Equality & Diversity The CCG aims to design and implement policy documents that meet the diverse needs of the services, population and workforce, ensuring that none are placed at a disadvantage over others. It takes into account current UK legislative requirements, including the Equality Act 2010 and the Human Rights Act 1998, and promotes equal opportunities for all. This document has been designed to ensure that no-one receives less favourable treatment due to their personal circumstances, i.e. the protected characteristics of their age, disability, sex (gender), gender reassignment, sexual orientation, marriage and civil partnership, race, religion or belief, pregnancy and maternity. Appropriate Version 4.0 8

consideration has also been given to gender identity, socio-economic status, immigration status and the principles of the Human Rights Act. 11. Monitoring and Compliance The IGMF will be reviewed at least annually in line with IG Toolkit requirements or amended as required to reflect changes in organisational ownership. The CCGs will monitor the staff compliance with the policy internally. 12. Further Information or Guidance Paul Gardner, Head of Information Governance, NHS Nottingham City CCG, paul.gardner@nottinghamcity.nhs.uk 13. References NHS Code of Confidentiality https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/200146/confidentiality_ -_NHS_Code_of_Practice.pdf The IG Toolkit.https://www.igtt.hscic.gov.uk/igte/index.cfm Checklist for Reporting, Managing and Investigating Information Governance Serious Untoward Incidents (Gateway reference 13177) http://www.connectingforhealth.nhs.uk/systemsandservices/infogov/links/suichecklist.pdf NHS Information Risk Management http://www.connectingforhealth.nhs.uk/systemsandservices/infogov/security/risk/inforiskmgtgpg.pdf The Caldicott Review: Information Governance in the Health and Social Care System https://www.gov.uk/government/publications/the-information-governance-review Version 4.0 9

Appendix 1 NOTTINGHAMSHIRE CLINICAL COMMISSIONING GROUP (CCG) INFORMATION GOVERNANCE REPORTING FRAMEWORK CCG GOVERNING BODY Receives minutes and highlight report Risk and Information Security Advisory Group (RISAG) INFORMATION GOVERNANCE, MANAGEMENT AND TECHNOLOGY COMMITTEE NHIS Group East Midlands Strategic Information Governance Committee RECORDS AND INFORMATION GROUP (RIG) (Local Health Community IG Leads) IG LEADS MEETING Nottinghamshire CCG Operational IG Leads/GEM IG Lead SIRO and CALDICOTT Advice The Information Governance, Management & Technology Committee is managed by Rushcliffe Clinical Commissioning Group on behalf of Nottingham West CCG, Nottingham North and East CCG, Mansfield and Ashfield CCG and Newark and Sherwood CCG

Appendix 2 Information Governance Operational Structure Accountable Officer Caldicott Guardian SIRO IG Lead Link role (internal) Information Asset Owner s Information Asset Support Staff Head of IG NHS Notts City CCG

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback