INFORMATION GOVERNANCE POLICY Prepared by:
Health Informatics Service, Eve Scott
Responsible Area:
Corporate Services Date Approved: COMMITTEE:-
28th March 2007 Trust Board
Approved By:
Sign
Approval Information:
Print Name Version No. Approved:
One
Review Date:
March 2009
Helena Corder
Reference to Standards for Better Health Domain
Standard for Better Health Third domain: Governance Connecting for Health Information Goveranance Toolkit
Core/Development standard
Core Standard C9, C13
Performance indicators
1. 2
History of Document
PCT is compliant with criteria of the Information Governance Toolkit PCT is compliant with above Standards for Better Health
CONTENTS Page Policy Statement
3
1.
Introduction
3
2.
Associated Policies and Procedures
3.
Aim & Objectives
4.
Scope
3
5.
Openness
4
6.
Integrity of information
4
7.
Information Security
4
8.
Information Quality Assurance
5
9.
Training
5
10.
Year on Year Improvement Plan and Assessment
5
11.
Committee Structure for assuring Information Management
12.
References & Bibliography
Approval Committee: Version No: Date Approved:
3
3
Governance
5 5
Policy Statement. Kirklees PCT will have a robust Information Governance framework to ensure that the way it manages information meets national requirements for Information Governance as set out in the Data Protection Act, The Freedom of Information Act, the Information Governance Toolkit and the C9 Standard for Better Health.
1.
Introduction This policy underpins and operationalises the Information Governance Strategy and should therefore be used in conjunction with this document.
2.
Associated Policies and Procedures This policy should be read in accordance with the following PCT polices • Incident reporting policy • Communications Policy • Counter Fraud Policy • Records Management Policy • Confidentiality Code of Practice • Information Security Policy • Network Security Policy • Internet Use Policy • Email Use Policy • Remote Access Policy • Guidance for the safe transmission of faxes (Safe Haven)
3.
Aim & Objectives This document sets out the requirement to maintain policies and procedures in order to be compliant with the criteria of the National Information Governance Toolkit and Standard for Better Health Core Standard C9.
5.
Scope This policy covers: all aspects of information within the organisation, including (but not limited to): o Patient/Client/Service User information o Personnel/Staff information o Organisational information all aspects of handling information, including (but not limited to): o Structured record systems - paper and electronic o Transmission of information – fax, e-mail, post and telephone all information systems purchased, developed and managed by/or on behalf of the organisation It must be followed by all staff employed by the PCT on a permanent, temporary or voluntary placement or undertaking work on behalf of the PCT.
Approval Committee: Version No: Date Approved:
6.
Openness There must be an appropriate balance between openness and confidentiality in the management and use of information. The PCT’s Confidentiality Policy defines which categories of information should be maintained in a confidential manner and how this should be managed in order to be compliant with the underpinning principles of Caldicott, the regulations outlined in the Data Protection Act and the common law duty of confidentiality. Individuals have a right of access to information held about them, eg that relating to their health care or as members of staff. Access to clinical records is managed through the PCT Handling Access Requests for a Health Record Procedure. Non-confidential information about the PCT and their service is available to the public through the Freedom of Information Act. The PCT has a Freedom of Information Policy and Procedure. The PCT’s Communications Policy and Procedure sets out a clear framework for liaison with the press and broadcasting media.
6.
Integrity of information Systems will be developed to ensure that the integrity of information is monitored and maintained in order that it is appropriate for the purposes intended. Information required for operational purposes is maintained within set parameters relating to its importance via appropriate procedures and computer system resilience. The Records Management Policy sets out an archiving process and the need to work in accordance with the retention and destruction schedule set out within the Department of Health’s Records Management: NHS Code of Practice Part 2.
7.
Information Security The PCT has the following policies in order to ensure the effective and secure management of its information assets and resources. • Confidentiality Code of Practice • Information Security Policy • Network Security Policy • Internet Use Policy • Email Use Policy • Remote Access Policy • Guidance for the safe transmission of faxes (Safe Haven) Risk assessment will be undertaken in conjunction with overall priority planning of organisational activity to determine that appropriate, effective and affordable information governance controls are in place.
Approval Committee: Version No: Date Approved:
The PCT Incident Reporting system must be used to report, monitor and investigate all breaches of confidentiality and security. Periodic audits will be undertaken at least annually in order to assess information and IT security arrangements. 8. Information Quality Assurance Managers will be expected to take ownership of, and seek to improve, the quality of data within their services. Audits must be undertaken regarding the quality of data and records management arrangements, and improvement plans will be drawn up and implemented. It is the responsibility of senior operational managers to organise these. The PCT has the following policy to promote data quality: Data and Information Quality Policy. The need to ensure data quality will also be promoted via training. 9.
Training Induction training includes a session on information governance and the need for the maintenance of confidentiality. The PCT will also provide biannual mandatory training in records management.
10.
Year on Year Improvement Plan and Assessment An assessment of compliance with requirements, within the Information Governance Toolkit (IGT), is undertaken each year. Annual reports and proposed work programmes are presented to the PCT Information Governance Group for approval prior to submission.
11.
Committee Structure for assuring Information Governance Management The PCT has an Information Governance Group. This group is accountable to the Trust Board via the Governance Committee. Its term of reference are appended to this policy
12.
• • • • • • • •
References & Bibliography Professional codes of conduct from the BMA, GMC and NMC and others including Allied Health professionals, Finance Professionals and NHS Managers Data Protection Act 1998 Human Rights Act 1998 Freedom of Information Act 2000 Reuse of Public Sector Information (SI 2005 1515) Access to Health Records Act 1990 (where not superseded by the Data Protection Act) Computer Misuse Act 1990 Copyright, designs and patents Act 1988 (as amended by the Copyright Computer programs regulations 1992) Crime and Disorder Act 1998
Approval Committee: Version No: Date Approved:
•
Electronic Communications Act 2000
Approval Committee: Version No: Date Approved: