Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Governance

Published byBram Smit Modified over 5 years ago

Similar presentations

Presentation on theme: "Information Governance"— Presentation transcript:

1 Information Governance
Pauline Nordoff-Tate – Information Assurance Manager Dr. Andrew Loughney– Caldicott Guardian David Walliker – Senior Information Risk Owner (SIRO)

2 What is Information Governance and Data Security?
Good information underpins good care. Patient and service user safety is supported when the confidentiality of personal information is maintained, its integrity is protected against loss or damage and the information is accessible by those who are authorised. Everyone who uses health and care services should be able to trust that their personal sensitive information is protected. People should be assured that those involved in their care, and in running and improving the services, are using such information appropriately and respecting patient choices where allowed. Information Governance

3 What is Information Governance and Data Security?
Information Governance is about how Health & Social care organisations and their employees must handle sensitive information. Technology and systems must be designed with privacy in mind to ensure that safe and effective use of information that does not pose an unacceptable risk to our hospital or our patients. We all have a duty to protect public information in a safe and secure manner Information Governance

4 General Data Protection Regulations
(GDPR) On 25th May 2018 the General Data Protection Regulation (GDPR) came into force, this was designed to modernise laws and protect the personal information of individuals. As well as putting new obligations on organisations collecting personal data, GDPR also gives individuals a lot more power to access the information held about them. One of the biggest and most talked about elements of GDPR has been the increase in the level of fines that can be imposed on organisations that have serious breaches. These fine can now be up to €20 million which has increased from £500,000 Information Governance

5 The Six Principles of the General Data Protection Regulations
All data shall be processed lawfully, fairly and in a transparent manner. All data shall be processed for specified, explicit and legitimate purposes. All data shall be adequate, relevant necessary for it purpose. All data shall be accurate. All data shall be not be kept for any longer than is necessary. All data shall be processed to ensure security against unauthorised or unlawful processing and against loss, destruction and damage. Information Governance

6 Types of Information In a hospital setting we come into contact with various types of personal information about people. It is important to be able to identify these different types of information so that they can be appropriately protected when they are used and shared. The two categories of information and examples are identified below: Personal Data Name D.O.B Address RQ6 Number NHS Number Sensitive Data Race or Ethnic Origin Religion Sexual Orientation Medical History Trade Union Membership Information Governance

7 The Caldicott Principles
The Caldicott principles must be used when accessing and using Patient Identifiable Information (PII) or confidential information and which must be maintained by all healthcare organisations. Justify the purpose of using confidential information Only use it when absolutely necessary Use the minimum information required Allow access on a strict need-to-know basis Always understand your responsibility Understand and comply with the law The duty to share information can be as important as the duty to protect patient confidentiality Information Governance

8 Incident Reporting (Datix)
All incidents should be reported on the Trust Incident reporting system (Datix) on the Staff Intranet. Report incidents on Datix within 48 hours. Personal data should not be included on the Datix. If advice is needed when completing an Information Governance incident, contact the IG Team (ext: 3671) Information Governance

9 Cyber & Data Security Malware
Malicious software (Malware) can reside on your computer and evade detection, making it easier for someone to be active on your system without you noticing. Malware can make computers run slowly or perform in unusual ways. If you suspect that your computer is not performing as it normally does, contact the IT department on 5499. Computer Security You should lock your PC or device as soon as you stop using it. All mobile phones, laptops, PCs and tablets whether personal or not, should have a password set. If you see a colleague’s device open and unlocked, lock it for them and gently remind them to do so in future. Tip: Press the Windows key + L on your keyboard to quickly lock your laptop or PC. Information Governance

10 Password Management Password Security Tips:
It is important to use strong passwords on all of your devices to prevent unauthorised access. You should also use different passwords for personal and work related accounts. Passwords should not be written down on sticky notes or bits of paper. Password Security Tips: Use separate words, Capital letters and add numbers or symbols Change passwords on a regular basis (90 days or less) Avoid using personal dates or names Tip: Example Strong Password: Fan5Crisps!Dog Information Governance

11 Forward suspicious emails to:
Phishing Phishing is the biggest and easiest form of social engineering. Criminals use phishing s and websites to scam people on a regular basis. They are hoping that users will click on fake links to sites or open attachments so that they can steal data or install malicious software. The aim of phishing s is to force users to make a mistake for, example, by imitating a legitimate company’s s or by creating a time-limited or pressurised situation. Common Phishing Identifiers: Misspellings - custmers Generic and not user focused – Dear Customer Link or file to download Time pressure – must be done in 24hours Forward suspicious s to: Information Governance

12 Social Engineering & Tailgating
Social Engineering involves phone calls from people pretending to be someone else to gain information. A Social Engineer might call and pretend to be a fellow employee, for example from the IT dept. or a supplier. Tailgating involves someone following another person/people through a door into a restricted area. Authorised people should have an ID badge on display Information Governance

13 Social Media Revealing any information about your organisation on social media can be valuable to a social engineer. Criminals can use the information available on social media for social engineering. The data from social media can be used to find out what department the person works in, other people they work with and most likely where the person lives. Information Governance

14 Usage Staff must not send any Personal Identifiable Data (PID) or Commercially Sensitive Data insecurely. s sent within the trust (internal) are automatically secure but external addresses are not. Should you need to send information to external recipients you will need to encrypt your s. Information Governance

15 Email Usage RLBUHT – RLBUHT – Secure 
Staff must not send out any Personal Identifiable Data (PID) or commercially sensitive data insecurely. Here are some of do’s and don’ts RLBUHT – RLBUHT – Secure  RLBUHT – another Trust – NOT Secure  RLBUHT – NHS.net Mail (vice versa) – NOT Secure  NHS.net Mail – NHS.net Mail – Secure  NHS.net Mail – following domains: .gsi.gov.uk; gse.gov.uk; gsx.gov.uk; pnn.police.uk; csjm.net; scn.gov.uk; gcsx.gov.uk; mod.uk  Information Governance

16 PGP – Email Encryption Within Outlook select Tags
Select Sensitivity Drop-down Change Normal to Confidential Select Close Send as normal Recipient gets re-directed to RLBUHT portal Recipient enters passphrase. Information Governance

17 Information Security –
A Serious Matter The Trust has systems in place for monitoring and auditing access and their use of by staff. and Internet monitoring (Data Loss Prevention & Websense). Failure to comply with legal obligations or organisational policy & guidelines could mean disciplinary and legal action being taken. Information Governance

18 Subject Access Requests
Individuals have the right to access personal and sensitive information stored and processed in any form Patients can request access to their health record without cost and within one month. Staff can request access to their personal record without cost and within one month. Any requests should be sent to Tip: Staff should not view their own medical records or patients unless they are involved in their care. Information Governance

19 What is a Freedom of Information (FOI) Request
A request for official information held by Public Bodies such as hospital trusts. Public have a right to access/ view all non-personal public authority information. Purpose is to promote openness & accountability. Requests must be made in writing. There are Exemptions. Law requires that any FOI request must receive a response within 20 working days. All FOI requests should be sent to the FOI Team as soon as they are received. Information Governance

20 James Forshaw - Information Security Officer – EXT 3671
Daniel Kay - Information Security Officer – EXT 3671

Download ppt "Information Governance"

Similar presentations

Introduction to Information Governance (IG)

Introduction to Information Governance (IG)
Confidentiality & Records Management. What is Information Governance? What is Records Management?

Confidentiality & Records Management. What is Information Governance? What is Records Management?
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Information Governance

Information Governance
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.

CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
Practical Information Management

Practical Information Management
Handling information 14 Standard.

Handling information 14 Standard.
Health & Social Care Apprenticeships & Diploma

Health & Social Care Apprenticeships & Diploma
DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.

DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.

Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
Data Protection Corporate training 2012. Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
The Data Protection Act 1998. What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.

Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
CALDICOTT PRESENTATION. History Caldicott report published in 1997 and implemented in 1999 Inquiry chaired by Dame Fiona Caldicott.

CALDICOTT PRESENTATION. History Caldicott report published in 1997 and implemented in 1999 Inquiry chaired by Dame Fiona Caldicott.

Similar presentations

Ads by Google