INFORMATION GOVERNANCE
TRAINING BOOKLET & ASSESSMENT PAPER
2017 - 2018
NHS standards and statutory guidance
for
Chaplaincy, Volunteers & Contractors
Please read the booklet then answer the questions in the assessment paper
This training booklet and assessment paper is intended for thechaplaincy, volunteers and contractors providing secondary support to members of staff and patients on the wards and in the community.
Information Governance
Information Governance is concerned with the rules and regulations for handling patient information of a personal and/or sensitive nature and how that information is kept safe and confidential.
Confidential patient information is governed by the Data Protection Act 1998 which controls the way in which organisations use personal information. (For more information, see below on page 3). There are strict rules which must be followed when using personal data. Information should only be used for specified purposesand must not be kept for longer than is necessary in connection with those purposes.
There is a risk that an individual may be identified from personalinformation e.g. name, date of birth, home address,and everyone working for the Trust is responsible for maintaining confidentiality in respect of this type of data.
Confidentiality – Disclosing information
Confidential information must not be shared unless a patient has given permission or the need to protect an individual from harm (safeguarding).
However, if a patient on the ward or in clinic complains about an aspect of their care andyoutell a member of staff about it, you are not breaching confidentiality, you arehelping the patient. It also gives the opportunity for staff to improve standards of care.
If a patient confides in you that they are being abused or hurt in any way by someone, you must report it to a member of staff regardless of whether the patient has asked you to keep it secret or not. This is a safeguarding issue and will be passed to the relevant authorities to take action.
If you overhear staff members talking about a patient or you read information about a patient, you must not repeat any of this information to anyone outside the hospital, to your family or to your friends. If you were to do so, this would be a breach of confidentiality and could have serious consequences. It is also a breach of confidentiality to access your own hospital records. If you want copies of any of your records, you would have to make a subject access request to the Trust.
You must also be careful not to talk to acquaintances you meet by chance in hospital or in clinic unless they speak to you first. They may not wishanyone to know they are in hospital.
If you believe that there has been a breach of confidentiality, you should report it to a member of staff who will log it on Datix, the Trust’s incident reporting system so that it can be investigated.
Destroying information
If you make notes about a patient on a ward or in clinic for any reason, you must ensure that you dispose of them in the confidential waste, not in the waste paper or recycling bins.
Sending information
If you need to email patient information, you must ensure you are using a secure NHS email account and emailing another NHS email account. Personal email addresses must not be used to send or receive patient information as the security of external computers cannot be guaranteed.
Caldicott Principles
One of the key recommendations of the 1997 Caldicott Report was the creation of the Caldicott Guardian throughout the NHS to act in an advisory role and provide a focal point for patient confidentiality and information sharing issues. The Caldicott Guardian is responsible for agreeing and reviewing policy governing the protection of patient identifiable information. Ideally, the Caldicott Guardian is a senior professional in the organisation
The Caldicott Guardian at East Cheshire NHS Trust is Dr Susan Knight
The Data Protection Act
There are eight data protection principles which must be adhered to when handling personal information. Confidential information must be:-
- Processed fairly and lawfully
- Obtained for specified and lawful purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept any longer than necessary
- Processed in accordance with the rights of the individual or ‘data subject’
- Kept securely
- Not transferred to any other country outside the EU without adequate protection in place
The Information Commissioner’s Office has the power to fine organisations up to a maximum of £500,000.00 for breaches of the Data Protection Act.
The Freedom of Information (FOI) Act 2000
The FOI Act came into force in 2005. Members of staff dealing with freedom of information requests should havespecific training to understand more about the process.
The FOI Act:-
- Gives the public the right to access/view all non-personal public authority information upon request
- Requests must be in writing
- All staff must know who their FOI lead is and be able to access and confirm their contact details
- The requester does not need to refer to the FOI Act in their correspondence
- The organisation must respond to a request within 20 working days
- Exemptions may apply for non-disclosure which will be determined by the relevant FOI lead
Information Governance Assessment Paper
2017/2018
Full NameJob Title
Department/Work Base
Telephone number
Email Address
Line Manager
Line Manager’s Email Address
Please attempt all the questions in the workbook. All questions are multiple choice and you have to select one answer. The Information Governance Team will mark the assessment and let your line manager know the result.
For Information Governance Department use only
Marks out of 16Percentage score
Date updated on relevant database/spreadsheet
Question One: Who is responsible for the security of confidential information in your organisation? Tick one option from the answers listed below.
A / All staff with access to computers
B / Only clinical staff
C / Only security management staff
D / Only line managers
E / Everyone
Question Two: Which of the following statement relating to personal information is correct? Tick one optionfrom the answers listed below.
A / A person’s name and address are needed for them to be identified
B / An unusual name will not identify an individual
C / Anonymised information cannot be personal or confidential
Question Three: You enter a lift where two doctors are discussing a patient. What do you think they should do? Tick one option from the answers listed below.
A / Stop talking until they are somewhere more private
B / Carry on talking. It’s all right because everyone working in the NHS has a duty of confidentiality
Question Four: Which of the following statements about the Data Protection Act 1998 is correct? Tick one optionfrom the answers listed below.
A / The Act only applies to personal information in digital form
B / The Act prevents information being shared for health and care purposes
C / Organisations can be fined for breaching the principles of the Act
Question Five: Which of the following statements about the Freedom of Information Act is correct? Tick one option from the answers listed below.
A / The Act places a duty on organisations to supply information to individuals who make a written request
B / Individuals can submit a request for information in writing or over the telephone
C / Organisations must respond to a valid request within 10 working days
Question Six: Volunteers, contractors and the chaplaincy are subject to the same rules as employees of the Trust in all matters relating to patient confidentiality and sensitive data? Tick one option from the answers listed below.
A / True
B / False
Question Seven: Which of the following represents an example of good practice in physical security? Tick one option from the answers listed below.
A / Having a sign-in procedure for visitors
B / Sharing your ID badge with a colleague who has forgotten to bring his own to work
C / Propping open fire doors when the weather is warm
D / Leaving service user records on your desk in case you need them later
Question Eight: You find some notes about a patient on a desk near the entrance to a ward. What should you do? Tick one option from the answers listed below.
A / Leave them where they are
B / Put them in the confidential waste
C / Report the incident on the Datix Incident Reporting Form
Question Nine: Which of the following does NOT need to be securely destroyed when no longer required? Tick one option from the answers listed below.
A / Character references of unsuccessful job applicants
B / Posters/leaflets advertising smoking cessation clinics
C / Patient appointment lists
D / Cassette tapes once used for dictating letters to patients
E / A list of patients who took hospital transport the previous week
Question Ten: If you are called away from your desk, what should you remember to do? Tick one option from the answers listed below.
A / Press Control + Alt + Delete to lock your computer screen
B / Leave a note of your password on the desk in case someone needs to use your completer
Question Eleven: A volunteer is asked to file some patient records and recognises his own name on ones of the files. Is it a breach of confidentiality to read the contents of the file even though it relates to him?
A / Yes
B / No
Question Twelve: Which of the following is characteristic of a secure password? Tick one option from the answers listed below.
A / Five characters or less in length
B / Contains your user name
C / Contains a mix of character types
D / Similarity to previous passwords
Question Thirteen: You have a friend who is anxious about her daughter’s test results and asks you to look on the hospital computer system to see what they say. What do you do? Tick one option from the answers listed below.
A / Look at the results and tell her what they say to put her mind at rest
B / Tell her it would be a breach of confidentiality because NHS employees are only allowed to look at their own records
C / Tell her it would be a breach of confidentiality because NHS employees are only allowed to access patient records if it is part of their job
Question Fourteen: Which of the following is the best course of action if you receive a suspicious email ie one you are not expecting or have never received an e-mail from the address before? Tick one option from the answers listed below.
A / Reply to the email
B / Forward the email to your colleagues
C / Notify your IT department/provider
D / Click on the links in the email
Question Fifteen: NHS.net to NHS.net is a secure e-mail system for sending personal or sensitive information? Tick one option from the answers listed below.
A / Yes
B / No
Please send your completed Workbook Assessment to the Information Governance Department by:-
Email :
Post : Information Governance Department
Second Floor
New Alderley House
Macclesfield District General Hospital
Victoria Road
Macclesfield
Cheshire
SK10 3BL
1
Information Governance Training Booklet & Assessment Paper for Contractors & Chaplaincy April 2017