Overarching Information Governance Policy

Similar documents
Records management policy. Document author Assured by Review cycle. Audit and Risk Committee. 1. Introduction Purpose or aim Scope...

INFORMATION GOVERNANCE STRATEGY AND STRATEGIC VISION

IGPr002 - Information Governance Management Framework

Information Governance Policy

Information Governance Policy

Information governance strategy

INFORMATION GOVERNANCE STRATEGY IMPLEMENTATION PLAN

INFORMATION GOVERNANCE POLICY

Data Protection Policy

IG01 Information Governance Management Framework

Information Governance Policy

Information Governance Strategy and Management Framework

Information Governance Policy

INFORMATION GOVERNANCE POLICY

Information Sharing Policy

Information Governance Strategic Management Framework

Information Governance Policy and Management Framework

Information Governance Management Framework

INFORMATION GOVERNANCE POLICY

Data protection (GDPR) policy

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK

Information Governance Clauses Clinical and Non Clinical Contracts

Information Governance Management Framework

DATA QUALITY POLICY. Version: 1.2. Management and Caldicott Committee. Date approved: 02 February Governance Lead

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK

Information Governance Assurance Framework

Information Security Policy

NHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY

NHS DIGITAL Records and Document Management Policy

Job Description. Operations Manager. Scheduled Care. Band 8A. Centre Manager. Centre Manager

Date: INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE ASSURANCE FRAMEWORK

Privacy Impact Assessment Policy and Procedure

This Policy supersedes the following Policy, which must now be destroyed:

This Policy supersedes the following Policy, which must now be destroyed:

INFORMATION GOVERNANCE POLICY AND FRAMEWORK

Human Resources. Data Protection Policy IMS HRD 012. Version: 1.00

INFORMATION GOVERNANCE STRATEGY

NHS Sunderland Clinical Commissioning Group. Information Governance Strategy 2016/17

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK POLICY

Data Protection Act Policy Statement Status/Version: 0.1 Review Information Classification: Unclassified Effective:

TRUST GOVERNANCE POLICY (formerly referenced as the CMFT Governance Strategy) - UPDATED NOVEMBER

TECHNICAL RELEASE TECH 05/14BL. Data Protection Handling information provided by clients

INFORMATION GOVERNANCE STRATEGY. Documentation control

Information Governance Policy

Information Security Risk Management Programme and Strategy

Information Governance Management Framework 2016/17

Information Governance Management Framework 2017/18 Reference: IG12

Induction Policy. Document author Assured by Review cycle. 1. Introduction Policy Statement Purpose or Aim Scope...

INFORMATION GOVERNANCE POLICY

RISK MANAGEMENT STRATEGY

Controlled Document Number: Version Number: 7 Controlled Document Sponsor: Controlled Document Lead:

Information Governance Management Framework Version 6 December 2017

Humber Information Sharing Charter

Records Management Policy

PROCEDURE (Essex) / Linked SOP (Kent) Information Sharing Agreements. Number: W 1014 Date Published: 23 June 2017

Data Quality Policy

Information Governance and Records Management Policy March 2014

Information Governance Policy

Information Asset Management Policy

Information Management Policy CCMT Sponsor Director of Information Department/Area Joint Information Management Unit

Recruitment, Selection and Appointment

Records Management Plan

Identifies the risk management structure, roles, responsibilities and authority of staff, committees and groups with responsibility for risk

Policy for the Development, Approval, Management and Dissemination of Trust Controlled Documents

Information Governance Strategic Management Framework (Including Policy and Strategy)

DATA QUALITY POLICY Review Date: CONTENT

Directorate of Strategy & Planning DATA QUALITY POLICY

Records Management Policy

THE IPSWICH HOSPITAL NHS TRUST. Divisional Board. TERMS OF REFERENCE Version 1.0

HEALTH AND SAFETY STRATEGY

INFORMATION GOVERNANCE POLICY

JOB DESCRIPTION. To be responsible for supervising the day to day operations of the cross site Café Bistro outlets.

Freedom of Information/Environmental Information Regulations Policy and Procedure

Organisational Change Policy P078. Version Date Revision Description Editor Status

Findings from ICO audits of 16 local authorities

Author s job title Head of Clinical Coding and Data Quality Directorate IM&T

The UK legislation is wholly retrospective and applies to all information held by public authorities regardless of its date.

Information Assets: Security and Risk Management Policy. Choice, Responsiveness, Integration & Shared Care

Documented and publicly available procedures are in place to ensure compliance with the Freedom of Information Act 2000

Risk Management Strategy, Policy and Guidance

Anti-Fraud, Bribery and Corruption Policy. Document author Assured by Review cycle. Audit and Risk Committee. 1. Executive summary...

AUDIT COMMITTEE. Terms of Reference

For: Information Assurance Discussion and input Decision/approval. Ellen Bull, Deputy Director of Quality Author Contact Details: 3531

at work Health and safety p o l i c y d o c u m e n t

Honorary Contracts Procedure

POLICY ON MANAGING POLICIES, PROCEDURES AND GUIDANCE DOCUMENTS

Policies, Procedures, Guidelines and Protocols. Document Details

Policy Document Control Page

Date of review: Policy Category:

JOB DESCRIPTION OPHTHALMOLOGY OUTPATIENTS DEPARTMENT

Job Description Support Clerical Assistant. Essential: Administrative Experience Experience:

Records Management Policy

Policy:E7. Escalation Policy N/A. Appended below at Appendix B. Version: E7/01

Lisa Quinn Executive Director of Performance and Assurance. Lead Officer

Suspension, Exclusion or Transfer Policy

Emergency Preparedness, Resilience & Response (EPRR) Policy

GENERAL DATA PROTECTION REGULATION

GOVERNANCE STRATEGY October 2013

RISK MANAGEMENT COMMITTEE TERMS OF REFERENCE

Transcription:

Document Information Board Library Reference Document Type Document Subject Original Document Author Reviewed By Review Cycle IM&T_01 Policy Information Information IGMG 3 Years Note: This document is electronically controlled. The master copy is maintained by the author department within the document library on OurSpace. Once printed, this document becomes uncontrolled. Version Tracking Version Date Revision Description Editor Approval Status 1.00 21/12/2004 Version 1 Information 1.01 12/06/2009 Administrative review Information 1.02 10/08/2009 Legal Framework updated Information Approved Approved Draft 1.03 03/11/2009 Standardisation of Archiving of Master Documents 2.00 01/12/2009 Approved by Quality and Healthcare Committee 2.01 30/09/2010 Review for compliance with Information Management Framework 2.02 22/12/2010 Incorporate comments from Executive Management Team Information Company Secretary Information Information Draft Approved Draft Draft 3.00 22/12/2010 Approved by Executive Management Team Information Approved

Table of Contents 1. Introduction... 3 2. Purpose... 3 3. Scope... 4 4. Roles and Responsibilities... 4 4.1. The Chief Executive... 4 4.2. The Senior Information Risk Owner... 4 4.3. The Caldicott Guardian... 5 4.4. The Information... 5 4.5. The Data Protection Officer... 6 4.6. The Freedom of Information Lead... 6 4.7. The Information Security Specialist... 6 4.8. Line s... 6 4.9. All staff... 6 4.10. Management Arrangements... 6 4.11. Information Management Group (IGMG)... 7 5. Policy Statement... 8 6. Implementation... 8 7. Standards... 9 8. Monitoring and Audit... 9 9. Archiving of Master Documents... 9 10. References... 10 http://ourspace/trust/policies/ 3.00 Approved 22/12/2010 2 of 11

1. Introduction 1.1. Avon and Wiltshire Mental Health Partnership NHS Trust (AWP) is bound by the provisions of a considerable number of items of legislation and regulation affecting the stewardship of data and information. 1.2. Information (IG) ensures the Trust s compliance with applicable legislation, the regulatory framework, Common Law, and mandated Best Practice. In short, IG exists to ensure the Integrity, Availability, Confidentiality of the Trust s operational, patient, staff and management information. 1.3. The AWP Overarching Information Policy defines the Trust s mandated base-line strategy for compliance and effective management in each of the following six areas of Information. 1.3.1. Confidentiality & Data Protection Assurance 1.3.2. Information Management Assurance 1.3.3. Clinical Information Assurance 1.3.4. Information Security Assurance 1.3.5. Secondary Use Assurance 1.3.6. Corporate Information Assurance 1.4. The overarching and other information governance policies constitute the top level documentation of the Trust s Information Management System (IGMS). 1.5. Compliance with all Policies, Procedures and Guidelines contained in the IGMS is mandatory for all persons and organisations operating under the auspices of, or delivering a service to the Trust, whether they are staff, students, volunteers, contractors or partner organisations. 1.6. Staff should be aware that IGMS Policies are intended to protect the Trust and staff from adverse outcomes in terms of compliance with the law. Where IGMS policies are breached by staff it may be necessary for managers to consider retraining staff, or following the Trust s Disciplinary Procedures. Staff should also note that legal penalties could also be imposed upon the Trust or its employees for non-compliance with relevant legislation and NHS guidance, and in serious cases individuals may not be immune from prosecution or civil legal action by virtue of their employment within the Trust. 2. Purpose 2.1. To set out the Trust s policy for compliance with specified and applicable national standards of Information, and, http://ourspace/trust/policies/ 3.00 Approved 22/12/2010 3 of 11

2.2. To formally document the key principles which shall be enacted through associated detailed procedures. 3. Scope 3.1. This is a Trust-wide Policy and applies to all Information and Communication Technology (ICT) systems and the data held, processed or transmitted by them, including staff, service user, management, audit and all other types of information used by the Trust. 3.2. This is a Trust-wide Policy and applies to all staff and personnel operating under the auspices of the Trust, including employees, locums, contractors, temporary staff, students, service user representatives, volunteers and partner agency staff. 3.3. Where a third party has an organisational policy that differs from this Policy, a formal agreement as to which policy statement applies shall be outlined and agreed in an appropriate protocol if necessary. In the absence of such an agreement, this Policy shall be deemed to have precedence. 4. Roles and Responsibilities 4.1. The Chief Executive 4.1.1. The Chief Executive is responsible for the Trust s compliance with applicable legislation and regulation. 4.2. The Senior Information Risk Owner 4.2.1. The Executive Director of Finance and Commerce and Deputy Chief Executive shall be the Trust SIRO and shall represent any relevant information risk issues to the Board. 4.2.2. The SIRO shall receive specialist information governance advice from Company Secretary and the Information Manger. 4.2.3. The Board shall receive an annual Information report sponsored by the SIRO. 4.2.4. Fosters a culture for protecting and using data 4.2.5. Provides a focal point for managing information risks and incidents 4.2.6. The SIRO works closely with the Caldicott Guardian to jointly deliver their respective roles. 4.2.7. Is concerned with the management of all information assets http://ourspace/trust/policies/ 3.00 Approved 22/12/2010 4 of 11

4.3. The Caldicott Guardian 4.3.1. The Caldicott Guardian role has the key role in ensuring that the Trust can satisfy the highest practical standards for handling patient-identifiable information and acts as the conscience of the organisation. 4.3.2. The Caldicott Guardian has the strategic role in representing and championing Information requirements and issues in the Board and Executive Management Team, 4.3.3. The Caldicott Guardian role is advisory and accountable for that advice. 4.3.4. The Caldicott Guardian role provides a focal point for patient confidentiality & information sharing issues 4.3.5. The Caldicott Guardian role is concerned with the management of patient/service user information. 4.3.6. The Board will receive an annual report from the Caldicott Guardian in relation to the delivery of the role. 4.3.7. The Caldicott Guardian works closely with the SIRO to jointly deliver their respective roles. 4.4. The Deputy Caldicott Guardian 4.4.1. Through delegation, supports the Caldicott Guardian in the delivery of their roles, including reporting and assurance of delivery in practice. 4.4.2. Leads the delivery of the Caldicott Guardian advisory role. 4.4.3. Acts as lead senior manager in relation to the Caldicott Guardian functions, ensuring that they are planned, delivered and reported through the Mental Health Legislation and Safeguarding Management Group. 4.5. The Information 4.5.1. Is responsible for the management of the Information Toolkit Action Plan and shall provide specialist advice to the organisation and staff regarding information governance incidents. http://ourspace/trust/policies/ 3.00 Approved 22/12/2010 5 of 11

4.6. The Data Protection Officer 4.6.1. Shall ensure that the Trust s Data Protection Notification is accurate and up to date on an annual basis and provide specialist data protection advise to the organisation and staff were necessary 4.7. The Freedom of Information Lead 4.7.1. Shall ensure that the Trust s Freedom of Information Publication Scheme is accurate and up to date. 4.7.2. Shall ensure that all requests for information are processed in accordance with the Freedom of Information Act and Trust policy and procedures 4.8. The Information Security Specialist 4.8.1. Shall manage the Trust s technical safeguards against the risks of loss, corruption, misuse or unauthorised disclosure of data and protect the systems and infrastructure used to store, process and transmit this information whilst monitoring and improving their usage and effectiveness. re and processes. 4.9. Line s 4.9.1. Line s are responsible for ensuring compliance with this policy through appropriate managerial arrangements including supervision, training, performance management and the use of disciplinary procedures where necessary. 4.9.2. It is the responsibility of Line s to enable their staff to attend suitable information governance training. 4.10. All staff 4.10.1. All users of AWP ICT systems are responsible for ensuring that their use of these systems is conducted in compliance with this policy and have a duty to report any instances of non-compliance they witness to their managers. 4.11. Management Arrangements 4.11.1. The Head of Information Systems and Technology shall be the Trust lead for the provision of Information advice and is supported the Information who is the Data Protection Officer in the provision of expert advice and guidance on standards and compliance for Information,. 4.11.2. The Medical Director and Executive Director of Strategy and Business Development is the nominated Trust Data Quality Lead, http://ourspace/trust/policies/ 3.00 Approved 22/12/2010 6 of 11

and is supported in this role by the Deputy Director of Strategy, Performance and Business Development. 4.11.3. Executive Directors and Strategic Business Unit Directors are responsible for the implementation of the standards of Information specified in the IGMS. 4.12. Information Management Group 4.12.1. The Trust shall establish an Information Management Group (IGMG) which shall: 4.12.1.1. provide the Senior Information Risk Owner (SIRO) with advice and guidance on information policy and risk management, 4.12.1.2. ensure the Trust s Information Management System, including its processes, procedures, protocols, training and awareness programmes, is in compliance with applicable Standards, Legislation, Department of Health NHS Directives, and Connecting for Health Guidelines and Policies, 4.12.1.3. monitor the implementation of the Trust s Information Management System (IGMS) and associated Information Action Plans, 4.12.1.4. monitor the Trust s achievement of compliance with the Information Toolkit and associated Key Lines of Enquiry for Care Quality Commission. 4.12.1.5. The IGMG reports to Performance EMT and to the Quality & Healthcare Committee for the purposes of reporting and approving Trust documents and policies. 4.13. Mental Health Legislation & Safeguarding Management Group 4.13.1. The Trust shall establish a Mental Health Legislation and Safeguarding Management Group which shall: 4.13.1.1. provide the Caldicott Guardian with advice and guidance on policy and management of patient/service user information 4.13.1.2. ensure the Trust s Caldicott Guardian and information systems, including processes, procedures, protocols, training and awareness programmes, is in compliance with applicable Standards, Legislation, Department of Health NHS Directives in the management of patient/service user information., http://ourspace/trust/policies/ 3.00 Approved 22/12/2010 7 of 11

4.13.1.3. monitor the delivery of the Caldicott Guardian advisory function and Caldicott Guardian Action Plans, 4.13.1.4. monitor the Trust s achievement of compliance with the relevant sections of the Information Toolkit and the relevant Care Quality Commission Quality Essential Standards of Quality and Safety 4.13.1.5. reports to Performance EMT and to the Quality & Healthcare Committee for the purposes of reporting and approving relevant Trust documents and policies. 5. Policy Statement 5.1. The Trust shall implement Information systems, measures and provisions to ensure the integrity of information and systems in compliance with the national standards defined in the Connecting for Health Information Toolkit. 5.2. The Trust shall aim to demonstrate compliance with key Information standards through achievement of at least level 2 performance and shall provide an action plan to progress beyond this minimum where this has been achieved. 5.3. This shall include a suite of policies, procedures, protocols and management responsibilities which constitute the Trust s Information Management System (IGMS). 5.4. The key Information Policies forming the procedural element of the IGMS are: 6. Implementation 5.4.1. Data Protection Policy 5.4.2. Freedom of Information Policy 5.4.3. Information Security Policy 5.4.4. Records Management Policy 5.4.5. Health and Social Care Records Policy 5.4.6. Information Sharing Agreements 5.4.7. Acceptable Use Policy 6.1. A policy alert will be issued using the Trust s standard policy alert system. http://ourspace/trust/policies/ 3.00 Approved 22/12/2010 8 of 11

6.2. Implementation of the policy in practice will be conducted by managers with responsibility for ensuring compliance. 6.3. Compliance with this policy will be monitored and assessed as described in section 7 6.4. The Policy will be made available on the Trust Intranet. 7. Standards 7.1. This policy will be assessed against the Information Toolkit standards 8. Monitoring and Audit 8.1. The Information Security Specialist is responsible for monitoring that the requirements of this policy have been met. 8.2. Compliance with this policy will be monitored and measured by: 8.3. An annual assurance report to the Information Management Group. 8.4. The Trust s arrangements for auditing records will be evaluated annually against various external standards to include the annual Information Toolkit, Care Quality Commission and National Health Service Litigation Authority (NHSLA) Risk Management Standards. 8.5. The annual assurance report will specifically provide information, critique and evaluate: 8.5.1. compliance with the IGMS 8.6. Any issues arising from auditing this policy will be added to the directorate risk register and lead to the creation of an action plan, the implementation of which will be monitored by the Information Management Group. 8.7. Any issues arising from the audit and monitoring that will aid and inform wider learning will be communicated via the Trust s programme of thematic reviews and Head of Professions. 9. Archiving of Master Documents 9.1. This policy document form part of a formal Trust record, and is to be managed in accordance with the Trust s records management policies and retention and disposal schedules. Users must familiarise themselves with the national standards defined by the Department of Health in the Records Management: NHS Code of Practice. The Code can be read online by clicking on this link which opens the Department of Health website in a web browser window (use ctrl + left-click). http://ourspace/trust/policies/ 3.00 Approved 22/12/2010 9 of 11

9.2. The Board Policy Document Library on OurSpace is the only recognised repository for master versions of policy documents. Copies of this document must therefore not be stored elsewhere on the system, e.g. in workgroups. 9.3. The OurSpace document library system shall provide records management functionality to allow for the retrieval of previous versions of policy documents for audit purposes. 10. References 10.1. Access to Health Records Act 1990 (where not superseded by the Data Protection Act 1998) 10.2. Computer Misuse Act 1990 10.3. Copyright, Designs and Patents Act 1988 (as amended by the Copyright (Computer Programs) Regulations 1992 10.4. Crime & Disorder Act 1998 10.5. Criminal Justice & Court Services Act 2000 (where Multi Agency Public Protection Panels & Information exchange is set out) 10.6. Data Protection Act 1998 10.7. Electronic Communications Act 2000 10.8. Freedom of Information Act 2000 10.9. Lawful Business Practice Regulations 2000 10.10. Regulation of Investigatory Powers Act 2000The Directive on Privacy and Electronic Communications (2002/58/EC) 10.11. A full list of legislation can be reviewed within the NHS Information Guidance on Legal and Professional Obligations at the following link: http://www.dh.gov.uk/en/publicationsandstatistics/publications/publications PolicyAndGuidance/DH_079616 10.12. Additionally, the NHS has mandated a number of relevant regulations including: 10.13. BS10012:2009 Data Protection: Specification for a Personal Information Management System 10.14. Confidentiality: NHS Code of Practice 10.15. Connecting for Health s Information Toolkit http://ourspace/trust/policies/ 3.00 Approved 22/12/2010 10 of 11

10.16. Data Quality Assurance to include NHS Data Dictionary, Hospital Episode Statistics (HES) and Mental Health Minimum Data Set (MHMDS) 10.17. Information Security Management: NHS Code of Practice 10.18. NHS Records Management: Code of Practice 10.19. The Caldicott Report 1998 10.20. The Caldicott Guardian Manual 2010 10.21. The Care Record Guarantee 10.22. The International Standards Organisation Standard for Information Security Management, http://ourspace/trust/policies/ 3.00 Approved 22/12/2010 11 of 11

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback