What you will learn in this training:
Principles of Information Governance and their application to health and social care organisations
Accessing Information Governance resources including national legislation, guidance and local policies & procedures
Health and social care organisations’ responsibilities
Protection of an individual’s confidentiality and the Caldicott Principles
How to practice and promote a confidential service
Principles of ensuring and maintaining good client records
Recognising / responding to Freedom of Information requests
Keeping Information Secure
2. What you will learn
in this session?
1. Principles of Information Governance
and their application to health and social care organisations
2. Accessing Information Governance resources including
national legislation, guidance and local policies & procedures
3. Health and social care organisations’ responsibilities
4. Protection of an individual’s confidentiality
and the Caldicott Principles
5. How to practice and promote a confidential service
6. Principles of ensuring and maintaining good client records
7. Recognising / responding to Freedom of Information requests
8. Keeping Information Secure
3. What is Information Governance?
Information Governance is
about how health and social
care organisations and their
employees must handle
sensitive information IG is to do
with how NHS/Social Care
organisations and individuals handle
information
4. Slide 4 of 21
A framework of legal
and ethical principles
that apply when
sensitive information
is collected,
processed
and shared
What is Information
Governance?
Excellent
Care is built on a
Foundation of
confidence
& trust
How
organisations
& individuals handle
personal & sensitive
information
Principles
of Law
and
best practice
Different
Data Sets:
• Personal &
Sensitive
(Healthcare records)
• Person based &
anonymous (Research data)
• Corporate (Trust
Financial Accounts)
5. What is Information?
Personal
Sensitive
Corporate
Examples
Name, Address,
Date of Birth,
Next of Kin
Ethnicity, Diagnosis,
Illness & Disorders,
Sexual Orientation
Minutes of Meetings,
Employee Details,
Financial Information
6. Why is Information Governance so
important?
For patients
and
service users
Information is critical
for safe, timely and
effective care
Information is sensitive
Excellent healthcare
is built on a foundation
of confidence & trust
7. Why is Information Governance so
important?
For an
employee
Sensitive information
Ethical and legal
responsibility
of every employee
Information must be:
accessed, used &
shared appropriately
8. Why is Information Governance so
important?
For a health or
social care
organisation
Ethical and legal
responsibility
of every organisation
Breaches of
confidentiality
costs money
and reputation
9. Information Governance
requirements for health &
social care organisations;
Trust policies, guidelines and
proceduresAll information must be:
– H eld securely and confidentially
– O btained fairly and efficiently
– R ecorded accurately and reliably
– U sed effectively and ethically
– S hared appropriately and lawfully
10. Common Law Duty
of Confidentiality
Computer Misuse
Act 1990
Data Protection
Act 1998
The Human Rights
Act 1998
The Freedom of
Information Act 2000
People have legal rights through
common law to confidentiality
It is an offence to access / attempt
to access computer systems
without appropriate authorisation
States legal obligations for the
collection, use, sharing and
disclosure of personal information
Enshrines a basic human right
for all to have the right to privacy
Allows the public to request
information held by Public
Authorities
The Law and Information
Governance
11. Information Security Standards – ISO/IEC 17799:
2005 and IS Management NHS Code of Practice
The NHS Confidentiality Code of Practice
The Records Management NHS Code of Practice
Information Quality Assurance
Standards, Policies &
Codes of Practice
12. Slide 12 of 21
The Caldicott principles must be used when accessing and using Patient
Identifiable Information (PID) or confidential information and which
must be maintained by all healthcare organisations.
Justify the purpose of using confidential information
Only use it when absolutely necessary
Use the minimum information required
Allow access on a strict need-to-know basis
Always understand your responsibility
Understand and comply with the law
The duty to share information can be as important as the duty to protect
patient confidentiality
Always follow the
Caldicott Principles
13. • Q. Who is a Caldicott Guardian?
• A. A senior person in the organisation responsible for
• ensuring the Caldicott principles are applied and
maintained
• Q. Are you unsure whether to disclose?
• A. Don’t disclose
• Ask your manager or the Caldicott Guardian
•
Caldicott Guardians
14. Individuals have the right to access sensitive
information including paper, computer records and
other related information
Patients can request access to their medical record
Employees can request access to their personal records
Subject Access Requests
15. What is a Freedom of
Information (FOI) Request?
A request for official information
held by Public Bodies such as hospital trusts
Public have a right to access/view
all non-personal, public authority information
Purpose is to promote openness & accountability
Requests must be made in writing
There are Exemptions
Law requires that any FOI request
must receive a response within 20 days
Direct Freedom of Information requests
to the Lead in your Organisation
16. Dear FOI Lead,
I have recently undergone an
operation on my hip at your
Trust and would like to see all
the notes in my health record
regarding this period of care.
Please give me an indication of
when this information can be
provided to me.
Yours sincerely
Mrs A Smith
Can you recognise a
Freedom of Information (FOI)
Request?
Dear Sir/Madam,
I would like to know how much
the Trust is spending on the new
A&E unit due to be completed in
March 2014.
I would like a list of the new
medical and non medical
equipment being purchased for
this unit.
Yours sincerely
Daniel Radcliffe MP
17. Slide 17 of 21
Duty of Confidence
You have a legal duty
to protect and maintain confidentiality
There’s a confidentiality clause
in your contract of employment
You have a professional duty of confidence
It’s in your Code of Professional Conduct
18. Duty of Confidence
Be careful and cautious when answering the telephone:
Callers request information under false pretences
Requests for information need to be verified
If possible, always obtain requests in writing
Are you unsure? Don’t disclose
Ask your manager or the Caldicott Guardian who’s
responsible for ensuring confidentiality
19. Slide 19 of 21
Good Quality
Record Keeping
Does a record already exist?
Records must be clear, factual, accurate & complete
Can everybody else read them?
Complete them quickly!
Make sure they dated, timed and signed
Keep information up-to-date
Store them safely
Read them, check them, then check again!
20. Good Quality
Record Keeping
Check the minimum period records have to be retained
Are you deleting records?
If so check the organisation’s
Disposal of Records Policy and Procedures
21. Information security
is about ensuring
information is:
Protected and secure
Reliable
Available to authorised
users only
Your responsibilities
are to ensure:
Records are correctly stored
Passwords are kept secure
Report inappropriate
disclosures
Safe Haven processes when
faxing are used
Delete spam mail without
opening
You don’t download
unauthorised software
You use IT equipment correctly
Information Security
Any breaches of
data security,
no matter how small
must be reported
22. Information Security – A serious
matter
Organisations have systems in place to monitor the
access, use of systems and information by staff
Failure to comply with legal obligations or organisational
policy & guidelines could mean disciplinary and legal
action being taken
23. Your Responsibilities
DO
Protect an individual’s information
Be aware of national & local
information, Policy & Procedures
Inform patients how information
is used and when it may be
disclosed
Help to improve the way
organisation protects information
Report any suspected or actual
breaches of information security
Seek advice from the appropriate
leads if you have any Information
Governance concerns
DON’T
Send confidential, person-
identifiable data without applying
the required encryption/security
measures
Store Personal/Sensitive
information on unencrypted and
unauthorised portable devices
Disclose confidential information
with unauthorised people
Leave person-identifiable data
(PID) unattended or in vehicles
Access inappropriate websites
Use an organisation's equipment or
information to promote private
business or for financial gain
24. Useful sources of Information and
links
Further advice
Contact your local Information Governance Manager or Lead
Useful Links
Information Commissioners Office
www.ico.org.uk/
Connecting for Health Toolkit
www.igt.hscic.gov.uk/
25. • Any questions?
• Please take some time to complete the course
evaluation - Thank you…
• patrickdoyle@traininginnovations.co.uk
• Twitter: @Traininnovate
• Facebook: https://facebook.com/pages/Training-
Innovations-Ltd
• http://www.slideshare.net/TInnovations