Ratified By / NHS Knowsley CCG Governing Body
Date Ratified / 5 February 2015
Original Author / Suzanne Crutchley
Senior Governance Manager (Information Governance)Cheshire Merseyside Commissioning Support Unit
Telephone: 01244 650551
Email:
Responsible
Committee / Officers / Knowsley Clinical Commissioning Group:
Audit Committee
Date Issue / 6 February 2015
Review Date / February 2018
Intended Audience / All CCG staff
Impact Assessed / Yes
Further information about this document:
Document name / Information Governance PolicyPolicy for the local management of information
Category of Document in The Policy Schedule / Corporate
Contact for further information about this document / Dawn Boyer
Head of Corporate Services
Telephone: 0151 244 3149
Email:
This document should be read in conjunction with / Information Governance Strategy
Published by / Knowsley Clinical Commissioning Group
Copies of this document are available from / Website: www.knowsleyccg.nhs.uk
Version Control:
Version History:Version Number / Reviewing Committee / Officer / Date
1.0 / Knowsley Clinical Commissioning Group Governing Body / 21 March 2013
1.1 / Information Governance Management Group (addition of ‘IG related incidents scoring 2 or above will be reported on the Information Governance Incident Reporting Tool to NHS England and the Information Commissioner at item 3.8). / 4 November 2013
1.2 / Audit Committee reviewed and approved / 9 December 2013
2.0 / Approved by Governing Body / 6 February 2014
2.1 / Reviewed and Updated by STHK IG and CCG Corporate Services Teams and changes reviewed by IGMG 19.11.14.
Addition s to 3.9 and 5.2. Further information section at item 6 moved from Information Governance Strategy as more appropriate to include in this one. / 29 October 2014
2.2 / Submitted to Audit Committee for review prior to seeking ratification by the Governing Body / 10 December 2014
2.3 / Submitted to the Governing Body for approval following review and approval by the Audit Committee / 5 February 2015
3.0 / Approved by Governing Body / 5 February 2015
Contents
/ Page /1 / SUMMARY / 1
2 / KEY PERFORMANCE INDICATORS / 1
3 / PRINCIPLES / 1
3.6 / Openness / 2
3.7 / Legal Compliance / 2
3.8 / Information Security / 2
3.9 / Information Governance Training / 3
3.10 / Quality Assurance / 3
4 / RESPONSIBILITIES / 3
5 / POLICY APPROVAL / 4
6 / Further Information / 4
1. Summary
1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient management of services and resources. It plays a key part in clinical governance, service planning and performance management.
1.2 It is therefore of paramount importance to ensure that information is efficiently managed, and that appropriate policies, procedures and management structures provide a robust governance framework for information management.
1.3 Knowsley CCG will be supported by its Commissioning Support Provider in ensuring compliance with this Policy.
2. Key Performance Indicators
2.1 The following key performance indicators have been identified to measure the effectiveness of this document:
a) annual Information Governance Toolkit scores;
b) staff will know who and where to direct information governance concerns to;
c) percentage of incidents / complaints that might contravene the policy.
3. Principles
3.1 The CCG recognises the need for an appropriate balance between openness and confidentiality in the management and use of information. The CCG fully supports the principles of corporate governance and recognises its public accountability, but equally places importance on the confidentiality of, and the security arrangements to safeguard, both personal information about patients, staff, and contractors and also corporately and commercially sensitive information.
3.2 The CCG also recognises the need to share patient information with other health organisations and other agencies in a controlled manner consistent with the interests of the patient and, in some circumstances, the interest of the public.
3.3 The CCG believes that accurate, timely and relevant information is essential to deliver the highest quality health care. As such it is the responsibility of all healthcare professionals and managers to ensure and promote the quality of information and to actively use information in decision-making processes.
3.4 This policy should be read in conjunction with:
a) Information Governance Strategy
b) Confidentiality and Data Protection Policy
c) Freedom of Information Policy
d) Corporate Records and Retention Policy
e) The suite of IT security policies
f) Subject Access Request Policy
3.5 There are 4 key interlinked strands to the Information Governance Policy:
a) Openness;
b) Legal Compliance;
c) Information Security;
d) Quality Assurance.
3.6 Openness
a) Non-confidential information concerning the CCG and its services should be available to the public through a variety of media, in line with the CCG’s spirit of openness;
b) The CCG will establish and maintain policies to ensure compliance with the Freedom of Information Act;
c) The CCG will undertake annual assessments and audits of its policies and arrangements for openness;
d) Patients should have ready access to information relating to their own health care, their options for treatment and their rights as patients;
e) The CCG will have clear procedures and arrangements for liaison with the press and broadcasting media;
f) The CCG will have clear procedures and arrangements for handling queries from patients and the public.
3.7 Legal Compliance
a) The CCG regards all identifiable personal and sensitive information relating to patients as confidential;
b) The CCG will undertake annual assessments and audits of its compliance with legal requirements, including corporate record keeping; compliance with Freedom of Information Act requests; and assessing staff Information Governance training outcomes;
c) The CCG regards all identifiable personal information relating to staff as confidential except where national policy on accountability and openness requires otherwise;
d) The CCG will establish and maintain policies to ensure compliance with the Data Protection Act, Human Rights Act and the NHS Confidentiality Code of Practice;
e) The CCG will establish and maintain policies for the controlled and appropriate sharing of patient information with other agencies, taking account of relevant legislation (e.g. Health and Social Care Act, Crime and Disorder Act, Protection of Children Act).
3.8 Information Security
a) The CCG will establish and maintain policies for the effective and secure management of its information assets and resources, and will ensure appropriate business continuity plans and disaster recovery plans are in place;
b) The CCG will ensure annual assessments and audits of its information and information technology security arrangements;
c) The CCG will promote effective confidentiality and security practice to its staff through policies, procedures, training, and staff briefings;
d) The CCG will establish and maintain incident reporting procedures and will ensure that all reported instances of actual or potential breaches of confidentiality and security are monitored and investigated.
e) IG related incidents scoring 2 or above will be reported on the Information Governance Incident Reporting Tool to NHS England and the Information Commissioner.
3.9 Information Governance Training
a) The CCG will ensure that all staff have completed Information Governance training, on at least an annual basis;
b) Information Governance training will be delivered via the Information Governance Online Training Tool;
c) Staff who have not received Information Governance training previously will be required to complete the module ‘Introduction to Information Governance’. Staff who have completed the ‘Introduction to Information Governance’ module in previous year’s, will be required to complete ‘Information Governance: The Refresher module’;
d) Additional training will be provided to staff who request it. Additional training will also be provided to appropriate staff at the CCG who have responsibility for supporting the CCG Information Governance Agenda;
e) It is the responsibility of Line Managers to ensure that their staff are compliant with the Information Governance training requirements.
3.10 Quality Assurance
a) The CCG will establish and maintain policies and procedures for information quality assurance and the effective management of records;
b) The CCG will undertake or commission annual assessments and audits of its information quality and records management arrangements;
c) Managers will take ownership of, and seek to improve, the quality of information within the organisation and their area of responsibility;
d) Wherever possible, the accuracy of information should be assured at the point of collection;
e) Data standards will be set through clear and consistent definition of data items, in accordance with national standards;
f) The CCG will promote information quality and effective records management through policies, procedures, user manuals and training.
4. Responsibilities
4.1 It is the role of the CCG Governing Body to approve the CCG arrangements in respect of Information Governance, taking into account legal and NHS requirements. The Governing Body is also responsible for ensuring that sufficient resources are provided to support the requirements of the Policy.
4.2 The CCG Audit Committee (hereafter referred to as the Committee) is responsible for monitoring compliance with the Information Governance Policy and Strategy, and for ensuring appropriate controls and assurances are in place, in accordance with National Healthcare Standards.
4.3 The Committee will monitor the performance of Information Governance, and will receive reports and other papers as necessary.
4.4 The Committee will be supported in its work by the Information Governance Management Group which is responsible for the implementation of the Information Governance Policy.
4.5 Managers within the CCG are responsible for ensuring that the Policy and its supporting standards and guidelines are built into local processes and that there is on-going compliance.
4.6 All staff, whether permanent, temporary or on contract to the CCG including the CCG’s Commissioning Support, are responsible for ensuring that they are aware of the requirements incumbent upon them and for ensuring that they comply with these on a day to day basis.
5. Policy Approval
5.1 The CCG acknowledges that information is a valuable asset, therefore it is wholly in its interest to ensure that the information it holds, in whatever form, is appropriately governed, protecting the interests of all of its stakeholders.
5.2 This Policy, and its supporting work instruction, are fully endorsed by the CCG Governing Body, through the minuted approval from the Audit Committee to the CCG Governing Body.
5.3 All staff will, therefore, ensure that Information Governance requirements are observed, in order that we may contribute to the achievement of the CCG objectives and the delivery of effective healthcare to the local population.
6. Further Information
6.1 Detailed guidance on Information Governance can be obtained from the Health and Social Care Information Centre. website at: http://systems.hscic.gov.uk/infogov
6.2 The Information Governance Toolkit can be found at: https://nww.igt.hscic.gov.uk/
Confidentiality
Standards of practice for confidentiality and patient consent to information sharing.
Information Governance Statement of Compliance
Updated IG requirements for organisations accessing NHS digital services, including N3
Information Security
The technical assurance of the safeguards protecting patient data, through clear guidelines.
NHS Codes of Practice and legal obligations
For confidentiality, information security management and NHS records management.
NHS Records Management
Records Management Roadmap and the NHS Records Advisory Group
More about Information Governance
· Caldicott Guardians
· Information Governance Assurance Framework
· Information Governance FAQs
· Information Quality Assurance Programme (IQAP)
· Infrastructure Security
· Publications and related links
· Registration Authorities and Smartcards
(All web links live as at 2 December 2014)
5