Introduction
NHS East Midlands recognises the importance of reliable information, both in terms of the clinical management of individual patients and the efficient management of services and resources.
Information governance plays a key part in supporting clinical governance, service planning and performance management. It also gives assurance to NHS East Midlands and to individuals that information is dealt with legally, securely, efficiently and effectively, in order to deliver the best possible care and to meet NHS East Midlands legal and good practise responsibilities.
NHS East Midlands will establish and maintain policies and procedures to ensure compliance with requirements contained in the Connecting for Health Information Governance Toolkit.
Scope
This policy covers all aspects of information within the organisation, including (but not limited to):
This policy covers all aspects of handling information, including (but not limited to):
This policy covers all information systems purchased, developed and managed by/or on behalf of, the organisation and any individual directly employed or otherwise by the organisation.
Principles
Openness
NHS East Midlands recognises the need for an appropriate balance between openness and confidentiality in the management and use of information.
Information will be defined and where appropriate kept confidential, underpinning the principles of Caldicott and the regulations outlined in the Data Protection Act and the Freedom of Information Act. Non-confidential information on NHS East Midlands and services will be available to the public through a variety of means. There will be clear procedures and arrangements for handling queries from patients and the public.
Integrity of information will be developed, monitored and maintained to ensure that it is appropriate for the purposes intended.
Availability of information for operational purposes will be maintained within set parameters relating to its importance via appropriate procedures and computer system resilience.
NHS East Midlands regards all identifiable personal information relating to patients as confidential, compliance with legal and regulatory framework will be achieved, monitored and maintained.
NHS East Midlands regards all identifiable personal information relating to staff as confidential except where national policy on accountability and openness requires otherwise.
NHS East Midlands will establish and maintain policies and procedures to ensure compliance with the Data Protection Act, Human Rights Act, the common law duty of confidentiality and the Freedom of Information Act, and Environmental Information Regulations.
Awareness and understanding of all staff, with regard to responsibilities, will be routinely assessed and appropriate training and awareness provided.
Risk assessment, in conjunction with overall priority planning of organisational activity will be undertaken to determine appropriate, effective and affordable information governance controls are in place.
Information Security
NHS East Midlands will establish and maintain policies for the effective and secure management of its information assets and resources.
Audits will be undertaken or commissioned to assess information and IT security arrangements.
NHS East Midlands Incident Reporting system will be used to report, monitor and investigate all breaches of confidentiality and security
Information Quality Assurance
NHS East Midlands will establish and maintain policies for information quality assurance and the effective management of records.
Audits will be undertaken or commissioned of the NHS East Midlands quality of data and records management arrangements.
Wherever possible, information quality will be assured at the point of collection.
NHS East Midlands will promote data quality through policies, procedures/user manual and training.
Legal and NHS East Midlands Related Policies
NHS East Midlands has a comprehensive range of policies supporting the information governance agenda. Legal and professional guidance should also be considered where appropriate.
Year on Year Improvement Plan and Assessment
An assessment of compliance with requirements, within the Information Governance Toolkit (IGT), will be undertaken each year. Annual reports and proposed action/development plans will be presented to the Executive Team for approval.
The annual assessment and action plan will inform the Audit Committee of the performance of NHS East Midlands and if there are areas of concern to be addressed.
Information Governance Management
Information governance management across the organisation will be co-ordinated by the IG Steering Group. The responsibilities will include (but not be limited to):
-
Recommending for approval to the Executive Team related policies and procedures.
-
Recommending for approval to the Executive Team the annual submission of compliance with requirements in the IG Toolkit and related action plan.
-
To co-ordinate and monitor the Information Governance Strategy across the organisation.
The development of Information Governance Champions throughout the organisation will be central to the delivery of the information governance strategy.
Training
All staff should attend, as part of their induction, a training session on Information Governance. Top–up training will be provided; this can be requested by an individual wanting personal development or arranged at the discretion of a manager.
