NIGB NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB Building information governance for personal health information Karen Thomson Information Governance Lead 19 March 2010 BCS ISSG Conference NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB Role of the NIGB Definitions What are the issues with building Information Governance for personal health information NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB The role of the NIGB To support improvements in information governance in health and social care To advise on the use of powers under section 251 of the NHS Act 2006 NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE The NIGB as a Statutory Body The NIGB is an Advisory Non-departmental Public body Reports to the Secretary of State and of Health Its Statutory powers support it in delivering its terms of reference
NIGB The Care Record Guarantees NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB The NIGB has provided advice and guidance on: Information governance during the swine flu pandemic The implications of the Coroners and Justice Bill Parental controls on information sharing for children Access to clinical information by social workers The use of third parties to support collaborative care NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB The NIGB Ethics and Confidentiality Committee Provides a legal basis for the use of information in medical research and other NHS activities without consent Administers applications for support from section 251 of the NHS Act 2006 and advises on its use NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB What is information governance? Information governance describes the structures, policies and practices which are used to ensure the confidentiality and security of records of patients and service users. Correctly developed and implemented it enables the appropriate and ethical use of information for the benefit of individuals and the public good. NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB What is personal health information? DPA definition of Personal data Data which relate to a living individual who can be identified – a)From those data, or b)From those data and other information, which is in the possession of, or is likely to come into the possession of the data controller… NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB DPA definition of Sensitive personal data Personal data consisting of information as to – (e) His physical or mental health or condition Or racial or ethnic origin, political opinions, religious or other beliefs, membership of a trade union, sexual life, the commission of any offence or court proceedings related to any offence. NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB NHS Act 2006 definition of Patient information S251(10)(a)Information (however recorded) which relates to the physical or mental health or condition of an individual, to the diagnosis of his condition or to his care or treatment, and (b) Information (however recorded) which is to any extent derived from, directly or indirectly, from such information, whether or not the identity of the individual in question is ascertainable from the information. NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB Definition of Confidential patient information S251(11) Patient information where- a)The identity of the individual in question is ascertainable – i.From that information, or ii.From that information and other information which is in the possession of, or likely to come into the possession of, the person processing the information, and b)That information was obtained or generated by a person who, in the circumstances, owed an obligation of confidence to that individual. NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB Personal = Identifiability Health Information in broadest terms includes derived data & could just be demographic information Two sets of definitions whilst subtly different do reflect one another. Information governance – how to use and handle data appropriately to keep it confidential and secure. NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB Information Governance might be divided into a number of areas: Data Protection & Confidentiality Information security & risk management Records management & information quality NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB Confidentiality & Data Protection Policies & procedures to cover: –Consent for use & disclosure –De-identification processes –Information sharing protocols –Fair & lawful processing & DP notification –SARs & other DP requirements –Offshore processing –Confidentiality Code of Conduct & demonstrate compliance with the Confidentiality Code of Practice & NHS Care Record Guarantee NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
Legal requirements NIGB Legal requirements for processing confidential personal data Common law duty of Confidentiality Data Protection Act 1998Human Rights Act 1998 NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
Common Law of Confidentiality NIGB Information must be confidential in nature Information that is communicated as part of a relationship where there is an expectation of confidentiality May be limited by the circumstances –Consent –Statute/Court order –Public interest favours disclosure Legal and DH policy requirements are set out in The NHS Confidentiality Code of Practice NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
Human Rights Act 1998 NIGB Right to freedom from interference by the State in ones privacy (Article 8) BUT breaches may be justified provided they are necessary [for]…public safety… [and] the protection of health Disclosures must be proportionate based on the particular circumstances of individuals 3 tests – has there been interference with privacy? is there justification? is the justification proportionate to the breach? NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
Data Protection Act - 8 principles NIGB 1)Fairly and lawfully; 2)Obtained for specific purposes and only used for compatible purposes; 3)Adequate, relevant & not excessive; 4)Accurate NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
Data Protection Act - 8 principles NIGB 5)Only kept for as long as necessary for the agreed purpose; 6)In accordance with the rights of the subject; 7)Kept securely; 8)Only transferred outside EEA with equivalent protections. NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB Information security & risk management Policies & procedures to cover: –Business continuity & disaster recovery –Physical & Network security –Remote working & secure data transfer –Access controls & management –Data & media destruction –Local data warehousing –Cross boundary information sharing To demonstrate compliance with the IS CoP NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB Records Management & Information quality Policies & procedures to cover: –Record management –Data flow mapping –Retention & archiving –Data quality including NHS number implementation –Freedom of Information Act –Environmental Information Regulations –Re-use of public sector information regulations. NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB Building information governance for personal health information Reliable information available at the point of care is essential to supporting quality care Information governance is about making it available where and when it is needed to support care whilst also protecting patient and service users confidentiality and privacy NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB Information security is not really the problem Most of the data losses and breaches due to carelessness, stupidity or wrongdoing of people, not weaknesses in systems IG is about helping humans to use systems effectively and efficiently Technology supporting people NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB Technology becomes a problem when clunky or where changes to business processes are necessary but not supported through training, encourages workarounds Technology supporting people Staff supported through training –Every level –Specialist capacity to provide advice – IG managers, SIROs, IAO. NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB Technology can support people Allowing or preventing access & managing where uncertain Prompts – do you need to access? why do you need to access? Audit trails – not just where made changes but where viewed Alerts – direct reports & unusual patterns analysis NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB Supporting secondary uses of data De-identification tools - Data derivation -Pseudonymisation Electronic recording of consents & dissents NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB Key Messages IG - Making personal health information available where it is appropriate & necessary Preventing inappropriate access Transforming personal health information into de-identified information for secondary uses or recording consent to allow its use in identifiable form Technology supporting people NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB Contact details Phone us – us – Write to us: NIGB, Floor 7, New Kings Beam House 22 Upper Ground London SW1 9BW NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE Questions?