Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Governance

Published byPearl Hoover Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Governance"— Presentation transcript:

1 Information Governance

2 Recent Headlines

3 What is a breach of confidentiality?

4 Confidentiality Breaches
Accessing records you have no legitimate reason to see, for example your own, your relatives and friends health records, even with their consent (unless it is within your job role to deal with such requests) Displaying or leaving records open, unattended or insecure Giving out information over the telephone, by fax or to inappropriate people Holding conversations about individuals where others are likely to overhear

5 Reporting and Accountability
The Information Commissioner’s Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals The Information Commissioner governs the provisions of the Data Protection Act 1998 and the Freedom of Information Act The ICO has the power to serve monetary penalties of up to £500,000 on data controllers (such as Barts Health)

6 Potential Penalties Penalty fines issued for:
Brighton and Sussex University Hospitals NHS Trust: 10,000s of highly sensitive personal patients and staff found on hard drives bought off the Internet in Autumn £325,000 Belfast Health and Social Care Trust: serious breach of 1000s of patients’ and staff sensitive personal data being compromised. Failure to report the incident to the ICO - £225,000 Stockport Primary Care Trust: new purchaser found 1000 highly sensitive records regarding 200 patients left in decommissioned NHS building - £100,000 Deliberate actions – staff disciplined Loss of patient trust and public confidence

7 Information Governance Incident and Risk Reporting
Please immediately report Information Governance incidents to your Line Manager/senior person on duty and the Information Governance Team, and enter the incident on Datix. If you identify an Information Governance risk please discuss this with your Line Manager and risk assess if appropriate.

8 Senior Information Risk Owner (SIRO)
Barts Health NHS Trust SIRO: Ian Walker, Director of Corporate Affairs and Trust Secretary Oversees all aspects of Information Governance, promoting a culture that fosters good values in protecting and using information Reviews and agrees action plans in respect of identified information risks Ensures that the Trust’s approach to information risk is effective in terms of resource, commitment and execution and that this is communicated to all staff Provides a focal point for the resolution and/or discussion of information risk issues Ensures the Board is adequately briefed on information risk issues

9 Caldicott Confidentiality Guidelines
Justify the purpose of Only use it when absolutely necessary Use the minimum required Allow access only on a strict need-to-know basis Understand your responsibility Understand and comply with the law The duty to share may be as important as the duty to protect confidentiality (NEW)

10 Caldicott Guardian and Confidentiality
Barts Health NHS Trust Caldicott Guardian: Dr Steve Ryan, Medical Director Responsible for protecting the confidentiality of patient and service user information Enabling appropriate information sharing Ensuring high standards when handling patient identifiable information

11 Data Protection Act 1998 Legal obligations
Inform people how we use information Comply with individuals rights – Subject Access How data is used and shared Practical obligations Accurate Up to date Not kept longer than necessary Keep secure

12 Data Protection Act 1998 “Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes” What is your justification or reason for using personal data? Where are you getting the data from? Have you sought informed consent?

13 Freedom of Information Act 2000
Freedom of Information (FoI) requests: Can be made to any member of staff; all staff have a legal duty to assist individuals to obtain information Can require the release of s Do not need to refer to or mention the FoI Act Must be made in writing giving a name and address The Trust must respond within 20 working days If you receive an FoI request, please immediately contact the FOI Coordinator

14 Information Security Issues
Data disclosed to the wrong people Check entitlement and identity. If unsure, neither confirm or deny and take callers contact details Staff accessing data about their relatives, colleagues or friends There must be a work-related justification Data/files/equipment not disposed of correctly Follow the Records Retention and Disposal Policy Information Governance spot checks

15 ICT Related Information Security Issues
Unauthorised access to confidential data Lock unattended computers and keep passwords private Personal Identifiable Data (PID) discovered on personal devices (home PC or mobile phone) Only use Trust encrypted laptops, VPN or USB drives for opening or storing patient data

16 Risks of Transferring Information
Loss of data/files/equipment while travelling between sites Keep information on your person within a marked envelope in inconspicuous and secure bag Transport information by secure , courier, Safe Haven FAX, post or internal mail s/faxed documents sent to the wrong place Send securely, minimise, password protect, encrypt and check recipient details. Use rather than fax and Secure File Transfer

17 Records Management Ensure that records are:
Clearly titled and given logical names Stored in secure structured manual or electronic central filing systems Secured and easy to locate (tracked) The Trust’s Records Retention and Disposal Policy provides record management guidance and states the length of time records must be kept. The Corporate Records Team can advise on general record management issues. The Trust’s Corporate Records Centre provides storage for some types of corporate/administrative records.

18 Further Information Information Governance Code of Conduct
Information Governance Guidance Barts Health Intranet Sites: Information Governance Records Management Freedom of Information Act

19 Your Information Governance Team
Matthew Hall Information Governance Manager Martyn Steers Deputy Information Governance Manager James Cook Information Governance Officer Corporate Records Daniel Scott-Davies Corporate Records Manager Laura Hynds Assistant Corporate Records Manager Pam Wood Freedom of Information Coordinator

Download ppt "Information Governance"

Similar presentations

Information Governance An Introduction. Information Governance Outline What is Information Governance What initiatives does IG cover.

Information Governance An Introduction. Information Governance Outline What is Information Governance What initiatives does IG cover.
Introduction to Information Governance (IG)

Introduction to Information Governance (IG)
Principle 1 Principle 1 Processed fairly and lawfully + only with a legitimate basis There should be no surprises, so … inform data subjects why you are.

Principle 1 Principle 1 Processed fairly and lawfully + only with a legitimate basis There should be no surprises, so … inform data subjects why you are.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Confidentiality & Records Management. What is Information Governance? What is Records Management?

Confidentiality & Records Management. What is Information Governance? What is Records Management?
Critical Data Management Indiana University HR Summit April 24, 2014.

Critical Data Management Indiana University HR Summit April 24, 2014.
How to Find Your Way Around… SEPT - MANDATORY TRAINING 1. You can play the PowerPoint, and find the Test here EXAMPLE COURSE.

How to Find Your Way Around… SEPT - MANDATORY TRAINING 1. You can play the PowerPoint, and find the Test here EXAMPLE COURSE.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales  2074 6677  2074 5626 

DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
Practical Information Management

Practical Information Management
Information Governance Jym Bates Head of Information Assurance.

Information Governance Jym Bates Head of Information Assurance.

Similar presentations

Ads by Google