Introduction to information governance The legal framework governing the use of personal confidential data in health care is complex. It includes the NHS Act 2006, the Health and Social Care Act 2012, the Data Protection Act, and the Human Rights Act. The law allows personal data to be shared between those offering care directly to[…]

Why is information governance so important? For patients and service users: Information is critical for safe, timely and effective care Information is sensitive Excellent healthcare is built on a foundation of confidence & trust For an employee: Sensitive information Ethical and legal responsibility of every employee Information must be: accessed, used & shared appropriately For a health or social[…]

What is information?  Type of Information   Examples Personal information Name, Address, Date of Birth, Next of Kin  Sensitive information Ethnicity, Diagnosis,  Illness & Disorders,  Sexual Orientation Corporate information Minutes of Meetings,  Employee Details, Financial Information. Information Governance is about how health and social care organisations and their employees must handle sensitive information What is information governance? Information governance[…]

Sources of information for further support with information governance Further Advice needed? Contact your local Information Governance Manager or Lead Useful Links Information Commissioners Office  www.ico.org.uk Information Governance Tool kit  www.igt.hscic.gov.uk

What is information?  Type of Information   Examples Personal information Name, Address, Date of Birth, Next of Kin  Sensitive information Ethnicity, Diagnosis,  Illness & Disorders,  Sexual Orientation Corporate information Minutes of Meetings,  Employee Details, Financial Information. Information Governance is about how health and social care organisations and their employees must handle sensitive information What is information governance? Information governance[…]

Information Governance – Online CPD Course – Summary We have now completed this online information governance CPD training course. Here is a reminder of what we have covered so far: ✓ Introduction to information governance ✓ Why is information governance important? ✓ Information requirements for health and social care organisations ✓ What law and standard codes of practice[…]

Sources of information for further support with information governance Further Advice needed? Contact your local Information Governance Manager or Lead Useful Links Information Commissioners Office  www.ico.org.uk Information Governance Tool kit  www.igt.hscic.gov.uk

Your responsibilities DO DON’T Protect an individual’s information Send confidential, person-identifiable data without applying the required encryption/security measures Be aware of national & local information, Policy & Procedures Store Personal/Sensitive information on unencrypted  and unauthorised portable devices Inform patients how information  is used and when it may be disclosed Disclose confidential information with unauthorised people[…]

Information security  Information security is about ensuring information is: Your responsibilities are to ensure: Protected and secure Reliable Available to authorised users only   Records are correctly stored Passwords are kept secure Report inappropriate disclosures Safe Haven processes when faxes are used Delete spam mail without opening You don’t download unauthorised software You use IT equipment correctly[…]

Good quality record keeping It is important to check the following: Does a record already exist? Records must be clear, factual, accurate &  complete Can everybody else read them? Complete them quickly! Make sure they are dated, timed and signed Keep information up-to-date Store them safely Read them, check them, then check again! Check the[…]

Duty of confidence You have a legal duty to protect and maintain confidentiality There’s a confidentiality clause in your contract of employment You have a professional duty of confidence It’s in your Code of Professional Conduct Be careful and cautious when answering the telephone: Callers request information under false pretences   Requests for information need to be[…]

Freedom of Information A request for official information held by Public Bodies  such as hospital trusts Public have a right to access / view all non-personal, public authority information Purpose is to promote openness & accountability Requests must be made in writing There are Exemptions Law requires that any FOI request must receive a response  within[…]

Subject access requests Individuals have the right to access sensitive information including paper, computer records and other related information Patients can request access to their medical records Employees can request access to their personal records

The Caldicott Principles The Caldicott principles must be used when accessing and using Patient Identifiable Information (PID) or confidential information and which must be maintained by all healthcare organisations. There are 7 Caldicott information management principles: Justify the purpose of using confidential information Only use it when absolutely necessary Use the minimum information required Allow access on[…]

The law regarding information governance  Standard codes of practice: Information Security Standards – ISO/IEC 17799: 2005 and IS Management NHS Code of Practice The NHS Confidentiality Code of Practice The Records Management NHS Code of Practice Information Quality Assurance   Common law duty of confidentiality People have legal rights through common law to confidentiality Computer[…]

Requirements for health and social care organisations H O R U S All information must be: Held securely and confidentially Obtained fairly and efficiently Recorded accurately and reliably Used effectively and ethically Shared appropriately and lawfully

Why is information governance so important? For patients and service users: Information is critical for safe, timely and effective care Information is sensitive Excellent healthcare is built on a foundation of confidence & trust For an employee: Sensitive information Ethical and legal responsibility of every employee Information must be: accessed, used & shared appropriately For a health or social[…]

Introduction to information governance The legal framework governing the use of personal confidential data in health care is complex. It includes the NHS Act 2006, the Health and Social Care Act 2012, the Data Protection Act, and the Human Rights Act. The law allows personal data to be shared between those offering care directly to[…]

  ……. Organisations have systems in place to monitor the access, use of systems and information by staff Failure to comply with legal obligations or organisational policy & guidelines could mean disciplinary and legal action being taken

  …………. Check the minimum period records have to be retained  Are you deleting records? If so check the organisation’s Disposal of Records Policy and Procedures  

  ……………….. Does a record already exist? Records must be clear, factual, accurate &  complete Can everybody else read them? Complete them quickly! Make sure they are dated, timed and signed Keep information up-to-date Store them safely Read them, check them, then check again!  

  …….. Be careful and cautious when answering the telephone: Callers request information under false pretences   Requests for information need to be verified If possible, always obtain requests in writing Are you unsure? Don’t disclose Ask your manager or the Caldicott Guardian who’s responsible for ensuring confidentiality  

  ………   Who is a Caldicott Guardian? A senior person in the organisation responsible for ensuring  the Caldicott principles are applied and maintained    If you are unsure whether to disclose information or not, what should you do?  If you are unsure, don’t disclose Ask your manager or the Caldicott Guardian

    For a health or social care organisation: Ethical and legal responsibility of every organisation Breaches of confidentiality costs money and reputation

    For an employee: Sensitive information Ethical and legal responsibility of every employee Information must be: accessed, used & shared appropriately

    For patients and service users: Information is critical for safe, timely and effective care Information is sensitive Excellent healthcare is built on a foundation of confidence & trust

        Examples Personal Name, Address, Date of Birth, Next of Kin     Sensitive Ethnicity, Diagnosis,  Illness & Disorders,  Sexual Orientation Corporate Minutes of Meetings,  Employee Details, Financial Information

Seven pillars of clinical governance The five principles noted above provide firm foundations for the seven activities that form the ‘pillars’ of clinical governance. Over the past decade, the components of the seven pillars have been refined but maintain the same essence. These pillars include: Clinical effectiveness and research Clinical audit Risk management Education and[…]

Freedom of Information A request for official information held by Public Bodies  such as hospital trusts Public have a right to access / view all non-personal, public authority information Purpose is to promote openness & accountability Requests must be made in writing There are Exemptions Law requires that any FOI request must receive a response  within[…]

Information security  Information security is about ensuring information is: Protected and secure Reliable Available to authorised users only Your responsibilities are to ensure: Records are correctly stored Passwords are kept secure Report inappropriate disclosures Safe Haven processes when faxes are used Delete spam mail without opening You don’t download unauthorised software You use IT equipment correctly .Any breaches of[…]

When should health records be updated? As noted in the previous section, health records should be contemporaneously written. The longer you leave the gap between delivering care or a consultation and recording it, the higher the risk that you may forget important information. There may also be a likelihood that information relating to one patient[…]

Legislation The legal framework is primarily underpinned by the Human Rights Act 1998 and other key legislation. “Every breach of human dignity not only affects the individual victim, but also society as a whole, by raising the question of how we choose to live (and die) and relate to each other. It thereby calls into[…]

The law regarding information governance  Standard codes of practice: Information Security Standards – ISO/IEC 17799: 2005 and IS Management NHS Code of Practice The NHS Confidentiality Code of Practice The Records Management NHS Code of Practice Information Quality Assurance   Common law duty of confidentiality People have legal rights through common law to confidentiality Computer[…]

Subject access requests Individuals have the right to access sensitive information including paper, computer records and other related information Patients can request access to their medical records Employees can request access to their personal records           ……..

Requirements for health and social care organisations H O R U S All information must be: Held securely and confidentially Obtained fairly and efficiently Recorded accurately and reliably Used effectively and ethically Shared appropriately and lawfully

The Caldicott Principles The Caldicott principles must be used when accessing and using Patient Identifiable Information (PID) or confidential information and which must be maintained by all healthcare organisations. There are 7 Caldicott information management principles: Justify the purpose of using confidential information Only use it when absolutely necessary Use the minimum information required Allow access on[…]

Information Governance – Online CPD Course – Summary We have now completed this online information governance CPD training course. Here is a reminder of what we have covered so far: ✓ Introduction to information governance ✓ Why is information governance important? ✓ Information requirements for health and social care organisations ✓ What law and standard codes of practice[…]

Good quality record keeping It is important to check the following: Does a record already exist? Records must be clear, factual, accurate &  complete Can everybody else read them? Complete them quickly! Make sure they are dated, timed and signed Keep information up-to-date Store them safely Read them, check them, then check again! Check the[…]

Your responsibilities DO Protect an individual’s information Be aware of national & local information, Policy & Procedures Inform patients how information  is used and when it may be disclosed Help to  improve the way   organisation protects information Report any suspected or actual breaches of information security Seek advice from the appropriate leads if you[…]

The local Executive Management Team (EMT) is responsible for the overall management of incidents within the local NHS Trust or private hospital. The EMT are responsible for reviewing Trust-wide incident reports and individual Serious Untoward Incidents using locally agreed risk management strategies.  Individual Business Delivery Units or clinical departments  monitor incidents and commission investigations within operational[…]