Information Governance Policy

Similar documents
Information Governance Policy

Information Governance Policy

INFORMATION GOVERNANCE POLICY

Information Governance Policy

Information Governance Policy and Management Framework

Information Governance Policy

IGPr002 - Information Governance Management Framework

Data Protection Policy

INFORMATION GOVERNANCE POLICY

Information Sharing Policy

INFORMATION GOVERNANCE STRATEGY AND STRATEGIC VISION

NHS Sunderland Clinical Commissioning Group. Information Governance Strategy 2016/17

INFORMATION GOVERNANCE POLICY AND FRAMEWORK

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE STRATEGY

Information Governance Management Framework

Data Quality Policy

INFORMATION GOVERNANCE STRATEGY IMPLEMENTATION PLAN

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY

Information Governance Strategic Management Framework

INFORMATION GOVERNANCE STRATEGY. Documentation control

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK POLICY

IG01 Information Governance Management Framework

Information Governance Management Framework Version 6 December 2017

Information Governance Management Framework

Information Governance Strategy and Management Framework

Information Governance Assurance Framework

Date: INFORMATION GOVERNANCE POLICY

DATA QUALITY POLICY. Version: 1.2. Management and Caldicott Committee. Date approved: 02 February Governance Lead

Managing personal relationships in the workplace

Overarching Information Governance Policy

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2017/18

This Policy supersedes the following Policy, which must now be destroyed:

Identifies the risk management structure, roles, responsibilities and authority of staff, committees and groups with responsibility for risk

Leeds Interagency Protocol for Sharing Information

Data protection (GDPR) policy

Humber Information Sharing Charter

This Policy supersedes the following Policy, which must now be destroyed:

NHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY

Information Governance Policy

Information governance strategy

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK

Information Security Risk Management Programme and Strategy

Information Security Policy

MOBILE AND REMOTE WORKING POLICY

TRUST GOVERNANCE POLICY (formerly referenced as the CMFT Governance Strategy) - UPDATED NOVEMBER

DATA PROTECTION POLICY

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK

Information Governance Clauses Clinical and Non Clinical Contracts

The UK legislation is wholly retrospective and applies to all information held by public authorities regardless of its date.

HSCIC Audit of Data Sharing Activities:

Minor adjustments from IG Steering Group 0.3 Neil Taylor September 2013

Breakthrough Data Protection Policy Approved by Lead Organisation: November 2017 Next Review Date: November 2018

Data Protection Policy

JOB DESCRIPTION: DIRECTORATE MANAGER LEVEL 3. Job Description. Directorate Manager Level 3 Emergency Medicine Directorate

Security of Personal Data Policy and Guidelines

Humber Information Sharing Charter

Job Description. Operations Manager. Scheduled Care. Band 8A. Centre Manager. Centre Manager

Records management policy. Document author Assured by Review cycle. Audit and Risk Committee. 1. Introduction Purpose or aim Scope...

Human Resources. Data Protection Policy IMS HRD 012. Version: 1.00

PHWIGC framework that addresses the issues raised by the Francis Report. Author: John Morley & Jane Evans Information Governance Managers

Tourettes Action Data Protection Policy

Information Assets: Security and Risk Management Policy. Choice, Responsiveness, Integration & Shared Care

Director of Partnership Commissioning. Vulnerable Adults and Children s Commissioning Unit

Job Title: Head of Retail Department: Income Generation

NHS DIGITAL Records and Document Management Policy

Policy:E7. Escalation Policy N/A. Appended below at Appendix B. Version: E7/01

Information Governance Strategic Management Framework (Including Policy and Strategy)

Privacy Impact Assessment Policy and Procedure

Leicester, Leicestershire, and Rutland Facilities Management Collaborative (LLR FMC) Job Description. Director of Performance, Quality & Assurance

Heart of England NHS Foundation Trust

Information Governance User Handbook

Risk Assessment Procedure

Consulted With Post/Committee/Group Date Eileen Hatley Data Quality Manager 15 th March 2016

West Kent Clinical Commissioning Group

Information Governance Management Framework 2016/17

Policies, Procedures, Guidelines and Protocols. Document Details

Health, Safety & Wellbeing Policy

DATA QUALITY POLICY Review Date: CONTENT

Lisa Quinn Executive Director of Performance and Assurance. Lead Officer

Executive Director of Workforce and Organisational Development. Workforce Projects Manager. Date ratified January Implementation Date

Job Description Support Clerical Assistant. Essential: Administrative Experience Experience:

Freedom of Information (FOI) Policy

TRUST-WIDE NON-CLINICAL POLICY DOCUMENT. Date Ratified: February 2015 Next Review Date (by): Interim Review August 2017 Version Number: 2015 Version 1

Records Management Policy

NHS BARNSLEY CCG DATA QUALITY POLICY SEPTEMBER 2016

Data Protection Policy

Directorate of Finance, Information & Performance Management DATA QUALITY POLICY

Staff Counselling Service

Volunteer Services Policy

General Data Protection Regulation (GDPR) Strategy

Business Continuity Management Policy

This Policy supersedes the following Policy which must now be destroyed:

Northumbria Healthcare NHS Foundation Trust

CLINICAL & PROFESSIONAL SUPERVISION POLICY (replacing 033/Workforce)

RISK MANAGEMENT COMMITTEE TERMS OF REFERENCE

Volunteers within the shop Location: Wordsley Green, Lower Gornal, Shifnal and Wombourne

Directorate of Strategy & Planning DATA QUALITY POLICY

INFORMATION GOVERNANCE ASSURANCE FRAMEWORK

Transcription:

Author Darren Rigg Head of Information Governance Corporate Lead Bryan Machin Executive Director of Finance and Resources Document Version 1 Date ratified by Quality Committee 24 th October 2014 Date issued 31 st October 2014 Review date October 2017 Policy Number PL317

Executive summary Information Governance ensures that information and in particular, confidential, sensitive or identifiable information is dealt with legally, securely, efficiently and effectively thus protecting the Trust its employees and most importantly its patients. The following document sets out the Trusts accountability and responsibility structure, the aims and purpose of Information Governance and outlines the importance of ensuring compliance. The document intends to provide and guidance for staff to follow and compliments existing Trust policies and procedures. Equality Analysis Leeds Community Healthcare NHS Trust's vision is to provide the best possible care to every community. In support of the vision, with due regard to the Equality Act 2010 General Duty aims, Equality Analysis has been undertaken on this policy and any outcomes have been considered in the development of this policy. Page 2 of 10

Contents Section Page 1 Introduction 4 2 Aims and Objectives 4 3 Definitions 4 4 Responsibilities 5 5 Principles 5 6 Risk Assessments 7 7 Training Needs 7 8 Monitoring Compliance and Effectiveness 7 9 Approval and Ratification process 7 10 Dissemination and implementation 7 11 Review arrangements 8 12 Associated documents 8 Policy Consultation Process 9 Page 3 of 10

1 Introduction This document focuses on the data handling elements of Information Governance (IG). It also incorporates policy statements and the Trusts strategic direction regarding information governance compliance. Information is a vital asset, both in terms of the clinical management of individual patients and the efficient management of services and resources. IG is a framework that brings together all of the requirements, standards and best practice that apply to the handling of personal information. It is therefore of paramount importance to ensure that information is efficiently managed, and that appropriate policies, procedures, management accountability and structures are in place to provide a robust governance framework for information management. This policy gives assurance to Leeds Community Healthcare NHS Trust (LCH) and individuals that personal information is dealt with legally, securely, efficiently and effectively, in order to deliver the best possible care. Compliance with this policy will be managed through the IG Strategy to ensure the requirements of Connecting for Health s IG Toolkit are met. 2 Aims and Objectives This policy covers: all aspects of information within the organisation, including (not limited to): Patient information Personnel information Organisational information all aspects of handling information, including (but not limited to): Structured record systems - paper and electronic. Transmission of information fax, e-mail, post, telephone and by removable media. all information systems purchased, developed and managed by/or on behalf of, the organisation and any individual directly employed or otherwise by the organisation. 3 Definitions Confidentiality Sometimes referred to as the duty of confidence exists in English Common Law to protect information that has been given on the understanding that it will be kept confidential. If confidential information is disclosed unlawfully, to another person who does not have a right to know, it could constitute a breach of confidence which is actionable in law if it can been shown that some detriment has occurred. Record - A "record" is information created, received, and maintained as evidence by an organization or person in the transaction of business, or in the pursuance of legal obligations, "regardless of media". Movable media any information held in digital form outside of the network drives. Safe Haven - A Safe Haven is a term used to explain either a secure physical location or the agreed set of administration arrangements that are in place within the Trust to ensure confidential patient or staff information is communicated safely and securely. Page 4 of 10

Personal Information - Personal information is information which can identify a person in which the person is the focus of the information and which links that individual to details which would be regarded as private e.g. name and private address, name and home telephone number etc. Sensitive personal information -Sensitive personal information is where the personal information contains details of that person s: Health or physical condition Sexual life Ethnic origin Religious beliefs Political views Criminal convictions For this type of information even more stringent measures should be employed to ensure that the data remains secure. Movable Media- sometimes called removable media is defined as all electronic information that is not held on the Trust network drives. This includes information held on USB memory sticks, CDs, DVDs, desktops, local hard drives, floppy disks, diagnostic equipment. 4 Responsibilities The IG Group is responsible for overseeing day to day IG issues; developing and maintaining policies, standards, procedures and guidance, coordinating and raising awareness of IG in LCH. Managers within LCH are responsible for ensuring that the policy and its supporting standards and guidelines are built into local processes and that there is on-going compliance. All staff, whether permanent, temporary or contracted, and contractors are responsible for ensuring that they are aware of the requirements incumbent upon them and for ensuring that they comply with these on a day to day basis. Some NHS records are public records under the terms of the Public Records Act 1958 and are legal documents. The Chief Executive and senior managers are personally accountable for the records in their care and the quality of records management within their organisation. 5 Principles LCH believes that accurate, timely and relevant information is essential to deliver the highest quality health care. LCH fully supports the principles of corporate governance and recognises its public accountability, but equally places importance on the confidentiality of, and the security arrangements to safeguard, both personal information about patients and staff and commercially sensitive information. LCH also recognises the need to share patient information with other health organisations and other agencies in a controlled manner consistent with the interests of the patient and, in some circumstances, the public interest. There are 4 key interlinked strands to the information governance policy: Page 5 of 10

Openness and Transparency Legal compliance Information security Quality assurance Information Governance Policy Openness and Transparency The Trust recognises the need for an appropriate balance between openness and confidentiality in the management and use of information. Information will be defined and where appropriate kept confidential, underpinning the principles of Caldicott and the regulations outlined in the Data Protection Act. Nonconfidential information on the Trust and its services will be available to the public through a variety of means, in line with the Freedom of Information Act 2000. LCH will undertake annual assessments and audits (through the IG Toolkit) of its policies and arrangements for openness. Patients will have ready access to information relating to their own health care under the Data Protection Act 1998 using the Trust s Subject Access Request procedure. LCH will have clear procedures and arrangements for handling queries from patients and the public. LCH will have clear procedures and arrangements for liaison with the press and broadcasting media. Legal Compliance LCH regards all identifiable personal information relating to patients as confidential. Compliance with legal and regulatory requirements will be achieved, monitored and maintained. LCH regards all identifiable personal information relating to staff as confidential except where national policy on accountability and openness requires otherwise. LCH will establish and maintain policies to ensure compliance with the Data Protection Act, Human Rights Act, Freedom of Information Act and the common law duty of confidentiality. IG training including awareness and understanding of Caldicott principles and confidentiality, information security and data protection will be mandatory training for all staff. Information Governance will be included in induction training for all new staff. The necessity and frequency of any further training will be appraisal based. LCH will undertake annual assessments and audits of its compliance with legal requirements. LCH has established and maintains a Pan Leeds Information Sharing Protocol to inform the controlled and appropriate sharing of patient information with other agencies, taking account of relevant legislation (e.g. Data Protection Act, Crime and Disorder Act, Children Act). Information Security LCH will establish and maintain policies for the effective and secure management of its information assets and resources. This includes staff not leaving PC s unlocked when unattended and all PC s will have an automatic lock applied of a maximum period of five minutes. LCH will undertake annual assessments and audits of its information and IT security arrangements. Page 6 of 10

LCH will promote effective confidentiality and security practice to its staff through policies, procedures and training. LCH will establish and maintain incident reporting procedures and will monitor and investigate all reported instances of actual or potential breaches of confidentiality and security. LCH will appoint a Senior Information Risk Officer (SIRO) and assign responsibility to Information Asset Owners to manage information risk. A SIRO report will be issued to the Audit Committee as part of the IG Report. LCH will use pseudonymisation and anonymisation of personal data where appropriate to further restrict access to confidential information. Pseudonymisation will be the responsibility of the Senior Information Risk Officer. Information Quality Assurance LCH will establish and maintain policies and procedures for information quality assurance and the effective management of records. LCH will undertake annual assessments and audits of its information quality and records management arrangements. Managers are expected to take ownership of, and seek to improve, the quality of information within their services. Wherever possible, information quality should be assured at the point of collection. Data standards will be set through clear and consistent definition of data items, in accordance with national standards. LCH will promote information quality and effective records management through policies, procedures/user manuals and training. 6 Risk Assessments Risk assessments are completed as relevant and incidents reported via the Datix system. These documents are available on Elsie in the risk management section. 7 Training Needs IG is part of mandatory training for all staff - refer to the Statutory and Mandatory Training Policy (including Training Needs analysis). 8 Monitoring Compliance and Effectiveness An assessment of compliance with requirements, within the Information Governance Toolkit (IGT), will be undertaken each year. The Information Governance Group will ensure implementation of the Information Governance Action Plan and monitor performance. It is assumed that Internal Audit will review this and associated procedures. 9 Approval and Ratification process The policy has been approved by the Clinical and Corporate Policies Group and ratified by the Quality Committee on behalf of the Board. 10 Dissemination and Implementation Dissemination of this policy will be via the Clinical and Corporate Policy Group to services and made available to staff via the intranet. Page 7 of 10

Implementation will require: Operational Directors/ Heads of Service/General Managers to ensure staff have access to this policy and understand their responsibilities for implementing it into practice The IG Team will provide appropriate support and advice to staff on the implementation of this policy 11 Review arrangements LCH will monitor this policy every 3 years and the related strategies, policies and guidance through the IG Toolkit. This work will be co-ordinated by the IG Committee. 12 Associated documents Policies Internet Policy Disciplinary Policy Records Management Policy including Health Record Keeping Standards Network Security Policy Legislation and Codes of Practice The Data Protection Act 1998 NHS Confidentiality Code of Practice 2003 Human Rights Act 1998 Freedom of Information Act 2000 Caldicott Report 1997 Computer Misuse Act 1990 Public Records Act 1958 Records Management NHS Code of Practice 2006 Common Law Duty of Confidence NHS Information Security Management Code of Practice 2007 ISO/IEC 27001:2005 Specification for an Information Security Management system ISO/IEC27002:2005 Code of Practice for Information Security Management Care Quality Commission Standards Page 8 of 10

Policy Consultation Process Title of Document Author New / Revised Document Lists of persons involved in developing the policy List of persons involved in the consultation process Information Governance Policy Darren Rigg Revised Head of Information Governance Richard Slough Head of Informatics Susan Fielding Improvement and Development Manager Shelagh Davenport Clinical Effectiveness Facilitator Linda Dobrzanska Research and Responsible Officer Manager Janine Mellows Information Governance Officer Helen Rowland Patient Experience Lead Karen Haw Team Manager Healthy Living Campbell McNeill EPR Development Manager Ian Jones IT Helpdesk Manager David Lane Patient Services Manager Bryan Machin Interim Chief Executive Amanda Thomas Executive Medical Director Martin Harris IT Manager Sam Prince Executive Director of Operations Nick Wood Children s Services General Manager Andrea North Specialist Services General Manager Megan Rowlands Adult Services General Manager Gill Armstrong, Clinical Effectiveness Lead Page 9 of 10

Jo-anne Beresford, Wound Prevention & Management Service Nurse Specialist John Glynn Health & Safety Officer Catherine Scott Service Improvement Project Manager Kath Duggleby Administrator QPD Page 10 of 10

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback