Information Governance Strategy and Management Framework

Similar documents
Information Governance Management Framework

Information Governance Management Framework

Data Quality Policy

NHS Sunderland Clinical Commissioning Group. Information Governance Strategy 2016/17

Information Governance Strategic Management Framework

IG01 Information Governance Management Framework

INFORMATION GOVERNANCE STRATEGY

West Kent Clinical Commissioning Group

IGPr002 - Information Governance Management Framework

INFORMATION GOVERNANCE STRATEGY AND STRATEGIC VISION

Information Governance Management Framework Version 6 December 2017

INFORMATION GOVERNANCE STRATEGY. Documentation control

Information Governance Policy

Information Governance Policy

Information Governance Assurance Framework

Information Security Risk Management Programme and Strategy

Information Governance Policy

INFORMATION GOVERNANCE STRATEGY IMPLEMENTATION PLAN

Information Governance Policy and Management Framework

DATA QUALITY POLICY. Version: 1.2. Management and Caldicott Committee. Date approved: 02 February Governance Lead

RISK MANAGEMENT COMMITTEE TERMS OF REFERENCE

Information Governance Policy

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK

INFORMATION GOVERNANCE POLICY

Overarching Information Governance Policy

INFORMATION GOVERNANCE POLICY

Information Governance Policy

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY

NHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY

Information Asset Management Policy

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2017/18

Minor adjustments from IG Steering Group 0.3 Neil Taylor September 2013

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK POLICY

The Royal Wolverhampton NHS Trust

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK

Heart of England NHS Foundation Trust

Information governance strategy

Policy:E7. Escalation Policy N/A. Appended below at Appendix B. Version: E7/01

INFORMATION GOVERNANCE POLICY

Hours of Work: 37.5 hours per week (part time hours negotiable)

Training and Development Policy

Information Asset Management Procedure

TRUST GOVERNANCE POLICY (formerly referenced as the CMFT Governance Strategy) - UPDATED NOVEMBER

JOB DESCRIPTION per week.

Identifies the risk management structure, roles, responsibilities and authority of staff, committees and groups with responsibility for risk

Author s job title Head of Clinical Coding and Data Quality Directorate IM&T

Information Governance Management Framework 2016/17

Records management policy. Document author Assured by Review cycle. Audit and Risk Committee. 1. Introduction Purpose or aim Scope...

United Lincolnshire Hospitals NHS Trust. Governance Statement 2015/16. Scope of responsibility. The governance framework of the organisation

Initiative: Information Governance Management

Information Governance, Management & Technology Committee Terms of Reference

Information Sharing Policy

Privacy Impact Assessment Policy and Procedure

Information Governance Policy

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST STRENGTHENING GOVERNANCE ARRANGEMENTS. Report to the Trust Board 24 May 2016

THE IPSWICH HOSPITAL NHS TRUST. Divisional Board. TERMS OF REFERENCE Version 1.0

Business Continuity Management Policy

INDUCTION, MANDATORY AND STATUTORY TRAINING POLICY

Records Management Policy

Information Governance Management Framework 2017/18 Reference: IG12

DATA QUALITY POLICY Review Date: CONTENT

Information Assets: Security and Risk Management Policy. Choice, Responsiveness, Integration & Shared Care

Information Governance User Handbook

Information Risk Policy

Information Governance Strategic Management Framework (Including Policy and Strategy)

Burton Hospitals NHS Foundation Trust. On: 22 January Review Date: December Corporate / Directorate. Department Responsible for Review:

The Information Commissioner s Office, the Information Governance Alliance and several other organisations are issuing guidance on an on-going basis.

INFORMATION GOVERNANCE POLICY AND FRAMEWORK

RECRUITMENT AND SELECTION POLICY

Draft Internal Audit Plan 2012/13 Audit Committee (September 2012) Airedale NHS Foundation Trust

PRIVACY IMPACT ASSESSMENT (PIA) TEMPLATE

The UK legislation is wholly retrospective and applies to all information held by public authorities regardless of its date.

NHS DIGITAL Records and Document Management Policy

Records Management Policy

This Policy supersedes the following Policy, which must now be destroyed:

Findings from ICO audits of 16 local authorities

EMPLOYMENT BREAK SCHEME. 1 SUMMARY Employment Break Scheme Jennie Williams, Executive Nurse and. Governance. Governance HR, NEL CSU

GENERAL DATA PROTECTION REGULATION

Information Governance Training Plan

SERVICE EQUIPMENT DISPOSAL POLICY

Role Title: Chief Officer Responsible to: CCG chairs - one employing CCG Job purpose/ Main Responsibilities

Lisa Quinn Executive Director of Performance and Assurance. Lead Officer

INFORMATION GOVERNANCE ASSURANCE FRAMEWORK

This Policy supersedes the following Policy, which must now be destroyed:

Head of Organisational Effectiveness and Staff Engagement and Wellbeing

GOVERNANCE STRATEGY October 2013

DATA QUALITY POLICY. Ref No:

NHS Lambeth Clinical Commissioning Group Constitution

Information Governance Strategic Management Framework

HSCIC Audit of Data Sharing Activities:

THE GENERAL DATA PROTECTION REGULATION: GUIDANCE ON THE ROLE OF THE DATA PROTECTION OFFICER

The review demonstrated that the Trust has taken appropriate steps and put plans in place to address the requirements of the Undertaking.

Honorary Contracts Procedure

NHS BARNSLEY CCG DATA QUALITY POLICY SEPTEMBER 2016

Future-Focused Finance Accreditation

Data Protection Policy

Information Security Policy

DATA PROTECTION POLICY

For: Information Assurance Discussion and input Decision/approval. Ellen Bull, Deputy Director of Quality Author Contact Details: 3531

Transcription:

Information Governance Strategy and Management Framework Summary: This strategy sets out the framework, structure, system and accountabilities for Information Governance Management within NHS Eastbourne, Hailsham and Seaford Clinical Commissioning Group (CCG) and NHS Hastings and Rother CCG. APPROVED BY: Ratified by the Governing Bodies January 2017 EFFECTIVE FROM: 1 st February 2017 REVIEW DATE: 1 st November 2017

1. INTRODUCTION. 1.1. Eastbourne Hailsham and Seaford (EHS) Clinical Commissioning Group (CCG) and Hastings and Rother (HR) CCG have a joint staff structure. This policy covers both organisations and they are referred to jointly as the CCG. 1.2. This document sets out the approach to be taken within the CCG to provide a robust Information Governance (IG) framework for managing personal and organisational information. 1.3. The purpose of this document is to detail how the CCG will ensure that clear and effective management and accountability structures, governance processes, documented policies and procedures, trained staff and resources are in place to ensure that all legal obligations are met and information is managed efficiently and effectively. 1.4. All statutory NHS organisations are required to ensure that information is managed in such a way that it supports and enables the organisation to hold, obtain, record, use and share information across the organisation to support its business objectives, in line with legal requirements. 2. KEY ACTIONS. 2.1. IG will be considered regularly at the CCG Quality and Governance Committees. 2.2. Information Governance Policies will be refreshed in line with best practice guidance from the Commissioning Support Unit as part of the annual policy review process. 2.3. A full submission of the IG toolkit for the CCG will be made by 31 st March each year. As activity moves from creation of a sound IG infrastructure towards effective audit and monitoring of its effectiveness, it is planned to increase the number of requirements against which level three is reached. The Risk and Business Planning Manager will monitor progress against these plans and report any exceptions to the Quality and Governance Committee. 2.4. All staff will be required to complete IG training annually, either by attendance at face to face training or by completing equivalent online training. If a specific need is identified, specialist training face to face training will be provided. 2.5. The production and annual review of a comprehensive set of IG policies and procedures. The management and accountability structures reflect the legal and operational IG requirements. 2.6. All staff within the CCG will receive information regularly concerning IG. This will promote information being held, obtained, recorded, used, shared and destroyed in line with all relevant legal and ethical requirements. It will include learning from the CCGs and other organisations. 2017 IG Strategy and Management Framework Page 2 of 5

Information Governance Framework Information Governance Roles Key Information Governance Policies Senior Information Risk Owner (SIRO) Overall responsibility for IG management IG Lead (Day to Day) Caldicott Guardians IG support Registration Authority Manager(s) Chief Operating Officer Information Governance Policy Information Security Policy Head of Governance and Business Planning Risk and Business Planning Manager Chair (EHS) and a GP Governing Body Member (HR) Commissioned function from South Central and West Commissioning Support Unit (SCW CSU) Head of Information Management and Technology Records Management and Information Lifecycle Policy Data Protection Policy Confidentiality Policy Freedom of Information Policy Key Information Governance Group Resources Quality and Governance Committees (supported by the Information Governance Steering Group). Senior Information Risk Owner accountable for ensuring that all information risks are identified and managed in line with legal and organisational requirements. Caldicott Guardian provides specialist advice on patient records including confidentiality and information sharing. Head of Governance and Business Planning has day to day responsibility for providing IG advice and support (utilising expertise from the CSU). Head of Strategic IM&T has lead responsibility for Information Security. Training resources - E-learning IG training tool, will be available to all staff early 2017. IG element of mandatory induction training. Direct training available to meet specialist, identified need. 2017 IG Strategy and Management Framework Page 3 of 5

Governance Framework Freedom of Information and Subject Access Request activities are supported by SCW CSU. This service is overseen by the Head of Governance and Business Planning. Overall accountability for ensuring safe practice and adherence to the Data Protection Act 1998 and the Caldicott Principles lies with the Chief Officer and is delegated to the Chief Operating Officer. Every member of staff and all contracted staff are responsible for ensuring that information governance standards including confidentiality and records management are met. This is a contractual requirement. Information Risk Annual Governance Statements Assurance Frameworks (AF) and Risk Registers Annual reports Records Management and Audit Subject Access monitoring Privacy Impact Assessment (PIA) monitoring Information Security All information assets within the CCG are documented and an information asset owner has been identified. The role of the information asset owner is to ensure that all information assets are held in line with legal and organisational requirements. Information Risk is managed within the overall risk strategy. A data flows exercise is undertaken annually and when a new information flow is set up. A risk assessment of each of these flows is undertaken. Contain annual statements of the organisational approach to the management of IG and its position with regard to its IG Toolkit submission and IG Statements of Compliance (IGSOC). Contain any high level IG risks that may affect the delivery of the CCG strategic objectives. Contain statements of Serious Incidents involving Data Loss or Breach of Confidentiality. A records management plan is being developed to ensure consistency of approach across the CCG in line with the Records Management Information Lifecycle Policy. A robust system is in place to ensure all subject access requests are documented and responded to in line with the Data Protection Act 1998. Subject Access Requests and Access to Health Records processes are supported by a CSU and monitoring information is reported to the CCG. This data will be included within the annual Information Governance report produced every April. Ensure that a PIA is completed for projects, new initiatives or substantially revised working practices, policies and processes. PIAs will be considered and approved by the Information Governance Steering Group [IGSG]. The CSU will provide recommendations for changes to proposed processes to ensure they are in line with statute. The CCG is responsible for ensuring the highest standards of Information Security. The tasks within this service will be supported by a CSU. 2017 IG Strategy and Management Framework Page 4 of 5

Asset Register Training and Guidance Incident Management A register of all information assets held by the CCG is maintained. Information Governance training is available quarterly for all staff to complete face to face. Alternative training is available to all staff via e-learning. A minimum target of 95% of all staff having completed IG training is required and a higher level of compliance is aimed for and monitored by the Organisational Development team. A CSU will provide targeted training for individual staff members or groups of staff who have a specialist requirement, e.g. specific sessions will be arranged for Governing Body members and for Continuing Healthcare Staff. A Confidentiality Code of Practice is included in every contract of employment to ensure that all personal and organisational information is kept safely and secure and only shared if legally permissible and there is an organisational reason to do so. Information incidents are managed in line with the overall Incident Reporting Policy and specialist support received from a Commissioning Support Unit. 3. IG Training Training requirements, by staff role, are set out within the Information Governance policy. 4. Review and Monitoring This framework will be reviewed annually by the Risk and Business Planning Manager and the outcome of the review reported to the Quality and Governance Committees. 2017 IG Strategy and Management Framework Page 5 of 5

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback