Information Governance Who Cares Alistair Stewart Information Governance

Information Governance – Who Cares? Alistair Stewart Information Governance Co-ordinator

Key Learning Points § What is Information Governance? § What do YOU need To Do to make this work? ü Follow the Caldicott Guidelines ü Provide a confidential service – Corporate and staff responsibility ü Comply with the Law ü Understand the Data Protection Act Principles ü Recognise a Freedom of Information Act request ü Follow the rules set out in Policies ü Keep Information Secure as you would your own personal details ü Strive for accuracy in recording and using information

Information Governance “Information governance aims to support the provision of high quality care by promoting the effective and appropriate use of information. ” • • • Confidentiality Data Protection Information Security Records Management Freedom of Information Data Quality Assurance IG is to do with how the NHS handles information

Handling information means: • Holding it securely and confidentially • Obtaining it fairly and efficiently • Recording it accurately and reliably • Using it effectively and ethically • Sharing it appropriately and lawfully

Caldicott Principles • Principle 1 - Justify the purpose(s) • Principle 2 - Don’t use patient-identifiable information unless it is absolutely necessary. • Principle 3 - Use the minimum necessary patient‑identifiable information. • Principle 4 - Access to patient‑identifiable information should be on a strict need to know basis. • Principle 5 - Everyone should be aware of their responsibilities. • Principle 6 - Understand comply with the law

Data Protection Principles 1. 2. 3. 4. 5. 6. Fairly and lawfully processed Processed for limited purposes Adequate, relevant and not excessive Accurate and up to date Not kept for longer than is necessary Processed in line with rights of the individual 7. Kept Secure, and 8. Not transferred to countries without adequate protection.

Keep Information Secure It is your responsibility to keep all personal and sensitive information secure § Adhere to all Organisation Policies § Adhere to all local and national Information Security Policies § Protect Information Physically § Practice Password Management § Transfer Information Securely § Report all actual and attempted breaches of Security to Management immediately

Primary Care IG Baseline Benchmarking Information Governance and Data Quality Standards, Directed Enhanced Service, circular PCA(M)(2007)11 All practices should: – be compliant with a basic list of standards for information governance – have completed and implemented an action plan (agreed with the host NHS Board) on how they will improve data quality and information governance

Regulator powers: Data Protection • Privacy Impact Assessment (PIA) • DP registration changes • Extended Powers & Penalties – Fines – up to £ 500, 000 for reckless breaches – Enhanced powers of inspection – Prosecution - prison sentences for s 55 offences – Wilful or reckless breach of the DP Principles leading to damage or distress http: //www. ico. gov. uk

Regulator changes: Freedom of Information • Model Publication Scheme consultation • Sets out types of information routinely made available by a public authority. • Should specify classes of information, how available, and if charge. • Extension of the Act consultation • Review of exemption briefings http: //www. itspublicknowledge. info

NHS Scotland IG programme Developing & Implementing Changes Implemented Continuous Improvemen t Cycle Evaluation & Monitoring • Standards & Toolkit • Communications & Networks • Education & Training • Knowledge Base • National IG Framework of Policies & Guidelines Fully Implemented

National IG Guidance • NHS Scotland Code of Protecting Patient Confidentiality (reviewed) • Caldicott Guardians Manual (reviewed) • Caldicott Guardians Website available at http: //www. knowledge. scot. nhs. uk/caldicottguardians. aspx • Looking After Information: Staff Awareness leaflet produced • Refreshed NHS Scotland Code of Practice in Records Management -Health and administrative records into single document IG is a series of best practice guidelines and principles of the Law to be followed by the NHS

Ongoing national IG activities • Training requirements and awareness raising tools for NHSS staff • Information Sharing Protocol (review) • Evidence base for IG Standards • Forum networking meetings IG is the core foundation for high quality healthcare using good quality information

Training and Awareness • • • Looking after information leaflet DOTS module – scenario based Flying Start – modular based Medical Records material On-line package

Further Information Specialist e-Library – Knowledge Network http: //www. knowledge. scot. nhs. uk IG Portal - IG Bulletin http: //www. elib. scot. nhs. uk/portal/ig/pages/index. aspx e. Health Website http: //www. ehealth. scot. nhs. uk/

Contacts NHSS IG Team: NSS. infogov@nhs. net Alistair Stewart, Information Governance Co-ordinator, NHSS Alistairstewart@nhs. net Kim Kingan, Information Governance Lead, SGHD Kim. Kingan@scotland. gsi. gov. uk David Armstrong, Enterprise Architect-Security, SGHD David. Armstrong@scotland. gsi. gov. uk Robert Bryden, Records Management Lead, SGHD Robert. Bryden@scotland. gsi. gov. uk

Could This Happen To You? • Records stored in corridors • Patient records removed from premises • Password attached to IT equipment • Computers stolen from Office • Disc lost in mail containing personal information • Lost Payslips • Lost memory stick

Potential Breaches

Discussion Consider your workplace in relation to the breaches shown and highlight any potential problem area. What solutions are available to you to reduce the risk?

Information Governance Is the responsibility of every NHS Employee so let’s aim together to be 100% compliant and show that WE CARE

Question time….