Presentation is loading. Please wait.

Presentation is loading. Please wait.

INFORMATION GOVERNANCE

Published byEzra Harper Modified over 6 years ago

Similar presentations

Presentation on theme: "INFORMATION GOVERNANCE"— Presentation transcript:

1 INFORMATION GOVERNANCE
Joyce Green Helen Williams

2 What is Information Governance?
The way that information is used, kept secure and overseen is known as ‘Information Governance (IG)’ It is the term used to describe the principles, processes and legal and ethical responsibilities for managing and handling information. It sets the requirements and standards that need to be achieved in order to ensure that personal information is handled legally, securely, efficiently and effectively. Responsibilities under Information Governance: Provision of a confidential service to both patients and staff Recording of Information accurately Respecting the rights of individuals

3 CQC Information Governance: to be included in inspections;
issues can be indicative of broader organisational issues; Improved understanding of how Information Governance issues impact on the quality and safety of care; Final submission Information Governance Toolkit assessment scores are accessed, and used.

4 Core Legislation Legislation covering personal information:
Data Protection Act 1998 (DPA), The Common Law Duty of Confidentiality Human Rights Act 1998 Plus other standards and initiatives

5 It just makes them follow rules.
How the DPA works The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give legal rights to people who have information stored about them. Basically it works by: setting up rules that people have to follow having an Information Commissioner to enforce the rules It does not stop organisations storing and using information about people. It just makes them follow rules.

6 The Data Protection Act has two aspects:
Giving people the ‘right to know’ what information organisations hold about them; Providing a framework for organisations handling personal data. The primary purpose of data protection legislation is to protect individuals against possible misuse of personal information about them, held by others. The Act is underpinned by eight straightforward, common-sense principles.

7 DPA Principle 1 Personal information must be processed (used) fairly and lawfully: There should be no surprises. Inform the public why you are collecting their personal information, what you are going to do with it and who you may share it with. Be open, honest and clear.

8 DPA Principles 2, 3 & 4 2. Processed for specified purposes
only used for the purpose it was collected 3. Personal information must be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed. 4. Personal information must be accurate and, where necessary, up to date. Letters Telephone Calls

9 DPA Principle 5 Not kept for longer than necessary

10 Good Record Keeping Record keeping is an integral part of professional practice; Demonstrates high standards of care; Ensures openness and transparency for patients; Decisions taken can be justified if challenged; Promotes better communication and sharing of information between members of the Care team; The quality of the record is a direct reflection of the standard of working practice; Incomplete record keeping will create a poor representation of work practice.

11 Poor Record Keeping Undermines patient care;
Makes you vulnerable to legal and professional problems; Difficulty in responding to complaints; Generates questions when patients/carers/relatives/solicitors request a copy; Increases your workload.

12 DPA Principle 6 Personal information must be processed in accordance with the rights of data subjects (patient/staff have the right to view, or obtain a copy, of any information that an organisation holds about them). Be aware that people have a right to know what information is held about them and why. Timeliness – only 40 calendar days to respond

13 Fine for GP surgery that failed to protect patient’s personal data
A GP practice that revealed confidential details about a woman and her family to her estranged ex-partner has been fined £40,000 by the Information Commissioner. A GP Practice in Hertfordshire, gave out the information despite express warnings from the woman that staff should take particular care to protect her details. The information was provided after the ex-partner made a request for the medical records of the former couple’s son. Staff at the GP practice responded with 62 pages of information that included the woman’s contact details as well as those of her parents and an older child the man was not related to.

14 DPA Principle 8 Not transferred outside the European Economic Area without adequate protection check where your information is going e.g. where are your suppliers based?

15 DPA Principle 7 Ctrl, alt, delete
Appropriate technical and organisational measures must be taken against unauthorised or unlawful processing of personal information and against accidental loss or destruction of, or damage to personal information. Ctrl, alt, delete

16 You need to remember these points
Do not leave personal information visible; Lock filing cabinets/cupboards (where is the key); Do not leave computers logged on and unattended; Never send anything by fax or that you would not put on the back of a postcard; Do not disclose any personal information without the data subject’s consent; Sending a letter? Whose information is enclosed? Sending information via – how do you secure it? What part of an encrypted is not secure? What else do you need to think about?

17 Enforcement of Act Information Commissioner’s Office
Has specific responsibilities set out in the Data Protection Act 1998 and the Freedom of Information Act 2000. Monetary Penalties This can be as much as £500,000; due to rise to £1 million or, if a ‘for profit’organisation, 2% of profit. Audits & Visits Can make unannounced visits to inspect the organisation’s management of personal information.

18 Fine but Fine Serious breaches The breach was deliberate
knew there was a risk of a breach Likely to cause substantial damage or substantial distress Serious breaches  You failed to take reasonable steps to prevent it Fine but should have known there was a risk of a breach

19 Sept 2015; Findings from the Advisory Visit by the Information Commissioner
There was little if any formal training for data protection and associated issues such as security of personal data and records management; The use of shared generic accounts to gain access to IT systems was widespread. Where system access was password protected these were seldom complex; Passwords were also not changed regularly; Encryption of personal data held on portable devices was often not implemented; There was little in the way of formal policies and procedures in place for data protection and even less for data sharing specifically;

20 Sept 2015; Findings from the Advisory Visit by the Information Commissioner
Retention schedules were seldom in place and often only applied to manual records. Adequate information for individuals about how the organisations were going to process their personal data was not always supplied. There were instances of where processing information was written, but was not communicated to residents as well as it could have been.

21 Training for Staff Face to face sessions Annually

22 How can you demonstrate that you recognise the value of the personal information you are responsible for?

23 Nursing Home Fined August 2016
A nursing home has been fined £15,000 for breaking the law by not looking after the sensitive personal details in its care. An investigation by the Information Commissioner’s Office (ICO) found widespread systemic failings in data protection at Whitehead Nursing Home at the time of a data breach. Our investigation revealed major flaws in the nursing home’s approach to data protection. The breach came when a member of staff took an unencrypted work laptop home, which was stolen during a burglary overnight. The laptop contained sensitive personal details relating to 46 staff including reasons for sickness absence and information about disciplinary matters. It also held some details about 29 residents including their date of birth, mental and physical health and ‘do not resuscitate’ status.

24 Information Governance Toolkit
Care/Residential Homes to complete in 2016/17; A performance tool which provides the basis for assuring information handling in accordance with the law, guidance and best practice; A set of mandatory requirements, within 4 initiatives, submitted annually; Information Governance Management Confidentiality and Data Protection Assurance Information Security Assurance Clinical Information Assurance

25 Information Governance Toolkit
Responsibility for Information Governance has been assigned to an appropriate member, or members, of staff 14-115 There is an information governance policy that addresses the overall requirements of information governance 14-116 All contracts (staff, contractor and third party) contain clauses that clearly identify information governance responsibilities 14-117 All staff members are provided with appropriate training on information governance requirements

26 Information Governance Toolkit
Access to the IGT via the web link

Download ppt "INFORMATION GOVERNANCE"

Similar presentations

Introduction to Information Governance (IG)

Introduction to Information Governance (IG)
Principle 1 Principle 1 Processed fairly and lawfully + only with a legitimate basis There should be no surprises, so … inform data subjects why you are.

Principle 1 Principle 1 Processed fairly and lawfully + only with a legitimate basis There should be no surprises, so … inform data subjects why you are.
Confidentiality & Records Management. What is Information Governance? What is Records Management?

Confidentiality & Records Management. What is Information Governance? What is Records Management?
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
An overview of the Data Protection Act 1998. Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.

An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
The Data Protection Act

The Data Protection Act
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
Practical Information Management

Practical Information Management
The Information Commissioner’s Office David Evans.

The Information Commissioner’s Office David Evans.
Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.

Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.
Health & Social Care Apprenticeships & Diploma

Health & Social Care Apprenticeships & Diploma
Elma Graham. To understand what data protection is To reflect on how data protection affects you To consider how you would safeguard the data of others.

Elma Graham. To understand what data protection is To reflect on how data protection affects you To consider how you would safeguard the data of others.
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.

Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
Data Protection Act AS Module 1 10.8 Heathcote Ch. 12.

Data Protection Act AS Module Heathcote Ch. 12.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.

Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.

Similar presentations

Ads by Google