Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Information Governance (IG) Mark Scallan – Head of IG/Data Protection Officer Angela Kaye – IG Officer.

Similar presentations


Presentation on theme: "Introduction to Information Governance (IG) Mark Scallan – Head of IG/Data Protection Officer Angela Kaye – IG Officer."— Presentation transcript:

1 Introduction to Information Governance (IG) Mark Scallan – Head of IG/Data Protection Officer Angela Kaye – IG Officer

2 Key Learning Points  What is Information Governance?  What do YOU need To Do to make this work? Follow the Caldicott Guidelines Provide a confidential service Comply with the Law Understand the Data Protection Act Principles Recognise a Freedom of Information Act request Follow the Records Management NHS Code Keep Information Secure Input Quality Information

3 Information means: E.g. Name, Date of Birth, Home address, IP Address, a photo, email address Personal – anything that can be used to directly, or indirectly identify a person Access to Staff and Guest Wi-Fi

4 Mark Scallan who was attending the meeting on behalf of the Director of Health Informatics. www.rcht.nhs.uk/DocumentsLibrary/RoyalCornwallHospitalsTrust/ChiefExecutive/Minutes/... · PDF file Mark Scallan - Email, Address, Phone numbers, everything! www... Everything you need to know about Mark Scallan Email addresses, Phone numbers, Biography, Transaction, Mazda Mark Scallan - UK address and phone number - 192.com We have found 6 people in the UK with the name Mark Scallan. Click here to find personal data about Mark Scallan including phone numbers, addresses, directorships, electoral... Mark Scallan | Inmate Arrest Record | Miami-Dade County, Florida... Mark Scallan was arrested in Miami, FL on 12/02/2011 for Cocaine/possession

5 Remove This Mugshot Information: Name: Mark Scallan Location: Miami, Florida

6 Conditions for processing personal data The individual who the personal data is about has consented to the processing. The processing is necessary: - in relation to a contract which the individual has entered into; or - because the individual has asked for something to be done so they can enter into a contract. The processing is necessary because of a legal obligation that applies to you (except an obligation imposed by a contract). The processing is necessary to protect the individual’s “vital interests”. This condition only applies in cases of life or death, such as where an individual’s medical history is disclosed to a hospital’s A&E department treating them after a serious road accident. The processing is necessary for administering justice, or for exercising statutory, governmental, or other public functions. The processing is in accordance with the “legitimate interests” condition.

7 Information means: E.g. Name, Date of Birth, Home address, Photo, IP address E.g. ethnicity, disease, medical condition, sexual life Personal Sensitive

8 Conditions to process sensitive data The individual who the sensitive personal data is about has given explicit consent to the processing. The processing is necessary so that you can comply with employment law. The processing is necessary to protect the vital interests of: - the individual (in a case where the individual’s consent cannot be given or reasonably obtained), or - another person (in a case where the individual’s consent has been unreasonably withheld). The processing is carried out by a not-for-profit organisation and does not involve disclosing personal data to a third party, unless the individual consents. Extra limitations apply to this condition. The individual has deliberately made the information public. The processing is necessary in relation to legal proceedings; for obtaining legal advice; or otherwise for establishing, exercising or defending legal rights. The processing is necessary for administering justice, or for exercising statutory or governmental functions. The processing is necessary for medical purposes, and is undertaken by a health professional or by someone who is subject to an equivalent duty of confidentiality. The processing is necessary for monitoring equality of opportunity, and is carried out with appropriate safeguards for the rights of individuals.

9 Public opinion According to a survey of 1,001 patients across the UK, 97 percent say NHS managers should have a legal and ethical duty to protect their data; 87 per cent felt that managers should be sacked or fined if they were aware of risks but failed to act upon them, leading to a serious breach;

10 Handling information means H olding it securely and confidentially O btaining it fairly and efficiently R ecording it accurately and reliably U sing it effectively and ethically S haring it appropriately and lawfully

11 DPA Principles Personal data shall be processed fairly and lawfully Personal data shall be obtained only for one or more specified and lawful purposes Personal data shall be adequate, relevant and not excessive Personal data shall be accurate and, where necessary, kept up to date. Personal data shall must be destroyed once its specific purpose expires Personal data shall be processed in accordance with the rights of data subjects Appropriate technical and organisational measures shall be taken to protect data Personal data shall not be transferred to a country outside the UK

12 Core elements of IG  Data Protection Act 1998  Freedom of Information Act 2000  Information Security Standards  The NHS Confidentiality Code of Practice  The Records Management NHS Code of Practice  Information Quality Assurance

13 What is IG? Information Governance provides a framework to bring together all the legal rules, guidance and best practice that apply to the handling of information Information Governance ensures necessary safeguards for, and appropriate use of, patient and personal information.

14 Follow the Confidentiality Caldicott Guidelines 1.Justify the purpose of using confidential information 2.Only use it when absolutely necessary 3.Use the minimum required 4.Allow access on a strict need-to-know basis 5.Understand your responsibility 6.Understand and comply with the law 7.The duty to share information is as important as patient confidentiality

15 Caldicott 2 Report - ?? The limits of sharing for direct care. Only relevant information about a patient should be shared between professionals in support of their care…..

16 A penalty, of £100,000, was issued to Hertfordshire County Council for two serious incidents where council employees faxed highly sensitive personal information to the wrong recipients. The first case, involving child sexual abuse, was before the courts, and the second involved details of care proceedings. Central London Community Healthcare (CLCH) NHS Trust has been fined £90,000 following a serious breach of the Data Protection Act. This following the wrongful transmission of faxes on a number of occasions. The Information Commissioner’s Office (ICO) served Surrey County Council with a monetary penalty of £120,000 for a serious breach of the Data Protection Act after sensitive personal information was emailed to the wrong recipients on three separate occasions

17 Croydon Council has been handed a penalty of £100,000 after a bag containing papers relating to the care of a child sex abuse victim was stolen from a London pub. The Nursing and Midwifery Council was issued a £150,000 civil monetary penalty for losing three DVDs related to a nurse’s misconduct hearing, which contained confidential personal information and evidence from two vulnerable children. An ICO investigation found the information was not encrypted. Leeds City Council was served a monetary penalty of £95,000, Plymouth City Council £60,000 and Devon County Council £90,000 after separate incidents saw details of child care cases sent to the wrong recipients, while the London Borough of Lewisham was issued a penalty of £70,000 after social work papers were left on a train

18 Freedom of Information Act 2000 What information does it cover?

19 What you need to know about FOI Gives the public the right to access/view all non-personal public authority information upon request Requests must be in writing All staff must know who their FOI Lead is and be able to access/refer to their contact details. The requester may not and need not quote the FOI Act The organisation must respond within 20 working days Exemptions may apply for non disclosure – FOI Lead will determine this.

20 Follow the Records Management NHS Code of Practice Best Practice guidance states: All Staff have a legal and professional obligation to be responsible for any records which they create or use in the performance of their duties. Any record created by an individual, up to the end of its retention period, is a public record and subject to Information requests (FOI and Subject Access). Subject Access Request?

21 Record Quality Information Keep all types of information:  Accurate  Up to date  Complete – Including NHS Number  Quick and easy to find  Free from duplication ree from fragmentation } Better Healthcare

22 Keep Information Secure  Follow Organisation Policies Acceptable Use Policy, E-mail Policy, Data Protection Policy, Safe Haven Policy, Health Records Policy, Medical Photography Policy  Protect Information Physically  Transfer Information Securely  Report Breaches of Security to Management It is your responsibility to keep all personal and sensitive information secure


Download ppt "Introduction to Information Governance (IG) Mark Scallan – Head of IG/Data Protection Officer Angela Kaye – IG Officer."

Similar presentations


Ads by Google