Information Governance Management– Primary Care Trusts

Knowledge base guidance

Requirement 101
Does the PCT have adequate governance in place to support the current and evolving Information Governance agenda?
Organisations should establish clear lines of management and accountability for Information Governance that includes setting up a forum for handling Information Governance issues. This Forum should include senior managers and representative personnel from appropriate sectors of the organisation.

Accountability and Performance

Organisational and managerial structures that support appropriate consideration of Information Governance issues are essential to a properly managed Information Governance work programme that sustains continual improvement.

To achieve this requirement the organisation should establish clear lines of accountability throughout the organisation for Information Governance management that lead directly to the Board.

Arrangements include appointing an organisational Information Governance Lead(s) – a senior manager(s) with Board Level responsibilities. It is unlikely that one senior manager will assume responsibility for the entire Information Governance agenda within an organisation. For example, the Caldicott Guardian should continue to lead on patient information and confidentiality issues, perhaps the IM&T Director, should lead on broader issues Corporate Governance issues.

Therole of the Information Governance Lead(s)

The Lead is not required to carry out all the work necessary to meet all information handling work area. However, they should be able to supervise and direct the work of others where appropriate.

Key Tasks

  1. Establish an Information Governance Steering Group.
  2. Review the PCT’s current management and accountability arrangements for Information Governance.
  3. Obtain Board approval for and Implement any measures required to strengthen current governance arrangements.
  4. Oversee the PCT’s Information Governance work programme
  5. Sign off the annual Information Governance assessment.
  6. Ensure the Board is adequately briefed on Information Governance issues and the broader Information Governance agenda.

Key responsibilities of the Information Governance Steering Group

  • To inform the review of the PCT’s management and accountability arrangements for Information Governance.
  • To develop an IG policy and associated IG implementation strategy and/or maintain the currency of the policy.
  • To prepare the annual Information Governance assessment for sign off by the Board.
  • To develop the PCT’s Information Governance work programme.
  • To ensure that the PCT’s approach to information handling is communicated to all staff and made available to the public
  • To coordinate the activities of staff given data protection, confidentiality, security, information quality, records management and Freedom of Information responsibilities.
  • To monitor the PCT’s information handling activities to ensure compliance with law and guidance
  • To ensure that training made available by the PCTis taken up by staff as necessary to support their role.
  • Provide a focal point for the resolution and/or discussion of Information Governance issues.

Improvement plans

  • Level 1

The PCT should nominate a senior manager with Board level responsibilities to lead the Information Governance work area, specifically the review of current governance arrangements.

  • Level 2

The PCT should document it’s current Information Governance management and accountability arrangements and identify gaps or weaknesses. The Board has signed off these arrangements and any measures identified to strengthen them.

The PCT should build the organisational the managerial teams and structures needed to implement the Board approved plans.

  • Level 3

The PCT Board should annually review governance arrangements to ensure adequacy.

Management and Accountability Checklist

Does the PCT have a Senior Manager with Board Level responsibility for Information Governance?
Does the PCT have an IG Steering Group?
Has the PCT carried out a review of IG management and accountability arrangements that has been agreed by the Board?
Does the PCT have a Board endorsed IG work programme?
Are the PCT’s Chief Executive and Board Members been effectively briefed and supported on Information Governance?
Supporting Groups and functions (including but not exclusive)
Does the PCT have an active management forum for patient/public representation that provides direction and visible support for initiatives relating to communicating with patients?
Does the PCT have a Health Records Committee accountable to the PCT Board?
Do the PCT’s senior management monitor the Information Governance agenda?

Key Guidance Documents

DH: NHS Confidentiality Code of Practice

DH: Patient and public involvement website

The NHS Records Management Code of Practice

The Code is a guide to the required standards of practice in the management of records for those who work within or under contract to NHS organisations in England. It is based on current legal requirements and professional best practice. The guidance applies to all NHS records and contains details of the recommended minimum retention period for each record type. HSC 1999/053 has now been superseded.

The Department for Constitutional Affairs

The Department has policy responsibility for upholding information rights law such as those under the Freedom of Information Act 2000. In its former role as the Lord Chancellor’s Department, it published two codes of practice:

The Lord Chancellor’s Code of Practice on the Management of Records, issued under section 46 of the Freedom of Information Act

This Code sets out the practices that organisations should follow in relation to the creation, keeping, management and destruction of their records.

The Lord Chancellor’s Code of Practice on the Discharge of Public Authorities Functions, issued under section 45 of the Freedom of Information Act 2000

This Code covers such issues as public authorities' duties in providing advice and assistance to applicants, charging fees, timeliness in answering requests, and transferring requests to other public authorities.

The National Archives

The National Archives (TNA) has developed and published a significant amount of guidance for use by records managers within the public sector. Although some of the earlier publications were written specifically for a central government audience, a lot of the guidance is generic and should assist records managers in the health and social care setting. For example, The National Archives: Complying with the Records Management Code: evaluation workbook and methodology, has been developed to assist public authorities in assessing conformance of their record management systems to the Lord Chancellor’s Records Management Code

NHS Freedom of Information website

Audit Commission

Setting the Record Straight - A review of Progress in Health Records Services 1999

Exemplar materials

Protocol for establishing a HealthRecordsCommittee

Information Governance Policy– an example

Information Governance Strategy

Information Governance and Shared Services Teams

“Working with Information Governance in a Shared Services environment” – PowerPoint presentation file on Information Governance

Example PID for an Information Governance project

Example PID for an Information Governance Sub-Project on Data Protection

Information Governance Policy – example 1

Information Governance Policy – example 2

Model information security policy

Bradford IS Policy Statement.doc