REPORT TO TRUST BOARD

25 October 2006

Agenda No.7.3 (b)

Title of Document:

2006/7 Review of Information Governance Accountabilities
Report Author: Ade Oduntan, Clinical and Information Governance Facilitator

Lead Director: Di Caulfeild- Stoker, Director of Provider Services (Caldicott Guardian)

Contact details: 0208 812 4149

Summary:

Information Governance is the framework that integrates the various standards of practice relating to the safe and effective processing of information. NHS Standards for Information Governance are set out within a toolkit, the Information Governance Toolkit. Requirement 101 of the toolkit requires organisations to annually review their Information Governance accountabilities against specific criteria set out within a checklist in the toolkit.
This review of Information Governance accountability arrangements documents the PCT’s current governance arrangements for Information Governance and improvement actions to address identified gaps and weaknesses.
The PCT is essentially compliant with the Information Governance accountability arrangements as outlined in the checklist criterion for Requirement 101. By March 2007, when it has implemented certain improvement actions, it will be achieve a Level 3 attainment level against Requirement 101.

RECOMMENDATIONS:

The Board is requested to endorse (within it’s minutes) the PCT’s 2006/7 Review of Information Governance accountabilities and the action plan proposed to further assure its Information Governance accountabilities.
Committees which have previously agreed the report
Information Governance Steering Group
Which, if any of the core standards does this document link into? The core standards are listed here:
C8, C13b
PEC Comments where appropriate:
Financial Implications:
Other Implications including patient and public involvement/Legal/Governance/Diversity/ Staffing
Equality Impact Assessment
  • Has an EIA been carried out?NO: ……………
(If not, state reasons) An EIA is not required within the checklist set out nationally for NHS organisations to review their Information Governance accountabilities against.

2006/7 Review of Information Governance Management and Accountability Arrangements For in Wandsworth Teaching PCT

  1. Introduction and Purpose
  • This review of Information Governance accountability arrangements documents the PCT’s current governance arrangements for Information Governance and improvement actions to address identified gaps and weaknesses.
  • The review has been undertaken in order to:

Assure the PCT’s compliance (to Level 3) with assurance requirement 101 of the Information Governance Toolkit (Version 4 2006/7)“- Does the PCT have adequate governance in place to support the current and evolving Information Governance agenda?

Complement further the PCT’s assurance with Core Standard C8 of the Annual Health Check

  1. Background to the Review

National issues

  • Information Governance is the framework that integrates the various standards of practice relating to the safe and effective processing of information. It is the Information component of Clinical Governance. It currently encompasses requirements (ref. version 4 of the Information Governance toolkit) in relation to the following work areas:

  • Information Governance Management
/
  • Confidentiality and Data Protection Act Assurance

  • Corporate Information Assurance (Freedom of Information)
/
  • Connecting for Health Programme

  • Clinical Information Assurance (Information Quality Assurance and Records Management)
/
  • Information Security Assurance

  • An Information Governance Toolkit, which is an online self-assessment package, is the resource tool used for publishing the standards of practice organisations must comply with regarding Information Governance.
  • Within the toolkit, requirement 101, “Does the PCT have adequate governance in place to support the current and evolving Information Governance agenda?” establishes a checklist of important Information Governance accountabilities an NHS organisation must have in place regarding its Information Governance arrangements(see Appendix A).

The local issues involved – an earlier review undertaken in 2006

  • In March 2006, an earlier review of the PCT’s accountabilities for Information Governance at Director level was undertaken during the PCT’s restructuring process.
  • The review was undertaken in order to:
  • Ensure Information Governance accountabilities were accounted for during the PCT’s restructuring process and
  • Proactively respond to policy changes in the direction of national Information Governance policy issues i.e. the further integration of Information Governance requirements and initiatives.
  • Work towards enabling the further integration of Information and Clinical Governance leadership accountabilities.
  • The March 2006 review resulted in leadership accountabilities for Information Governance being delegated to both Levels 1 and Levels 2 of the PCT’s Director level structure. (The rationale for this as approved in March 2006 is set out in Appendix B).
  • Following its approval by both the PCT Management Team and Clinical Governance and Risk Management Committee, the March 2006 review resulted in leadership arrangements for elements of Information Governance being allocated as follows:

Table 1

March 2006 Approved Director level Accountabilities for Information Governance in Wandsworth Teaching PCT
  • Information Governance element
/
  • Assigned Leadership Accountability at Level 1 and 2 of the PCT

  • Information Governance Lead
/
  • Director of Finance (Level 1)
  • Associate Director Clinical Governance (Level 2)

  • Confidentiality and Data Protection Assurance Lead
/
  • Director of Provider services
(Level 1)
  • Corporate Information Assurance Lead
/
  • Associate Director Clinical Governance (Level 2)

  • Clinical Information Assurance Lead
/
  • Associate Director Older Peoples Services (Level 2)

  • Information Security Lead
/
  • Associate Director Information Management and Technology
  • (Level 2)

Review Outcome

  • The leadership accountabilities documented in Table 1 above are still appropriate with respect to the requirements of the Information Governance Toolkit Version 4 released in July 2006.
  1. Review of existing arrangements

Against the checklist in the 2006/7 Information Governance Toolkit

  • Appendix A sets out a detailed review and improvement plan against the criteria

documented within the Information Governance toolkit for reviewing Information Governance accountabilities in PCT organisations.

Review outcome

  • From the perspective of requirement 101’s reviewchecklist as set out in the 2006/7 Information Governance toolkit, there are no gaps in the PCT’s Information Governance accountability arrangements

From the perspective of delivering the PCT’s 2006/7 Information Governance Strategy and Action Plan

  • An important mechanism outlined in the 2006/7 Information Governance Strategy was reviewing the support arrangements that the PCT has to support the Director Leads of each element of Information Governance identified in table 1 above.
  • A review of the support arrangements the PCT has put in place for the Leads identified in Table 1 indicates there is dedicated support available for Director Level Information Governance Leads is as follows:

Table 2

Information Governance Lead / Dedicated Support
Information Governance Lead / Information
Governance Facilitator
Confidentiality and Data Protection Assurance Lead
Clinical Information Assurance / Heads of Administration Community and Non Community
Corporate Information Assurance / Patient Services Manager
Information Security / Information Security Officer (not yet in post)

Review outcome

  • The support arrangements for the other elements of Information Governance except Information Security are adequate.
  • Actions to control this gap have already been identified within the Assurance framework, and the Information Governance Action Plan 2006/7.

From the perspective of PCT Committee Issues

  • There are several other committees and sub groups which contribute to the delivery of the PCT’s Information Governance function. These are set out in the diagram below Figure 1.

Figure 1. PCT committees with core Information Governance functions

= upwards formal accountabilities and reporting responsibilities

= no accountabilities but significant communications and common membership

  • The Information Governance Steering Group is the Trust forum with delegated authority to oversee Information Governance issues in the PCT. It reports to the Clinical Governance and Risk Management Committee and to the PCT Board. Membership of the Information Governance Steering Group is diverse and multidisciplinary. It’s membership includes all the leads for Information Governance elements, Primary Care representation, Communications, as well as partner organisations such as Social Services.
  • Developments as a result of Integrated Governance arrangements such as changes in committee functions in the PCT may have reporting implications for the Information Governance Steering Group.These will be addressed when changes in committee function such as that of the Audit Committee occur.
  • The Health Records Committee is the other committee in the PCT with a significant Information Governance related function. It is accountable for Records management issues in the PCT through the Clinical Governance and Risk Management Committee to the PCT Board. It is not accountable to the Information Governance Steering group but communicates with it and is adequately represented on the Steering Group by its Lead.
  • Certain issues need to be addressed with respect to the functions of the Health Records Committee.
  • In version 4 (2006/7) of the Information Governance toolkit, Information Quality Assurance issues and Health records management issues are integrated into a new Clinical Information Assurance initiative. Another issue is that the joint leadership for Clinical Information Assurance proposed in March 2006 is no longer feasible in the current PCT structure.
  • The implication of this is that the now single lead for Clinical Information Assurance requires a greater degree of multidisciplinary information quality support from within the membership of the committee dealing with Records management issues
  • The PCT has consistently scored red (<40%) for Corporate Information Assurance (corporate records management as distinct from Health Records Management) in its last two assessments. Corporate Information Assurance is the only Information Governance element without dedicated supporting arrangements in place to resolve complex issues and take particular work programmes forward etc. For instance, the scope of the obligatory Information Audit requirement for organisations to conduct requires a dedicated operational forum to take it forward.

Review outcome

  • The functions of the Information Governance Steering Group in the PCT are appropriate as required by national NHS Information Governance policy.
  • Because of National Information Governance Policy requirements, it is recommended that the core terms of reference of the steering group remain largely unaffected.
  • The Health Records Management Committee should evolve into a Clinical Information Assurance Group and or take up more significant information quality responsibilities within its term of reference and membership.
  • A Corporate Information Assurance Project Management Sub group is required to within a set time frame formally oversee the delivery of Corporate Information Assurance issues. This group should report to the Information Governance Steering Group and have significant working relationships with the Clinical Information Assurance Committee.

5. Conclusion

  • The PCT Board can be assured that, against the checklist requirements set out in requirement 101 of the 2006/7 Version of the Information Governance Toolkit, the PCT is in compliance to Level 3.

6. Recommendation

  • The Board is requested to endorse this review and improvement actions recommended for further assuring Information Governance accountability arrangements in the PCT. Its endorsement should be conveyed through minutes of its meeting published on the PCT website.

Ade Oduntan

Clinical and Information Governance Facilitator (IGF)

2006-08-01

Yvonne Connolly

Associate Director Clinical Governance and Risk Management

2006-08-01

1

2006/7 Review of Information Governance accountabilities in Wandsworth Teaching PCT

Appendix A

Review of information Governance Management and Accountability Arrangements (using checklist set out within the toolkit)

IG Lead = Information Governance Lead IGF = Information Governance Facilitator CIA = Clinical Information Assurance Lead

Toolkit Checklist Criteria for reviewing Management and Accountability Arrangements / Can the PCT Board be assured that by 2007 March that the PCT fulfils the assurance issue / Evidence in support that existing arrangements
provide assurance against criteria?(Who, What and How) / Actions to Control gaps/Further Improve assurance by March 2007 / By who / By when
1. Does the PCT have a Senior Manager with Board Level responsibility for Information Governance? / Yes / -Job descriptions, Information Governance Policy identify the Director of Finance and Associate Director for Clinical Governance as Information Governance Leads for the PCT / -Review Information Governance content of job description(s) to be in line with Version 4 requirements / IG Lead IGF / Qtr 4
2. Does the PCT have an IG Steering Group? / Yes / -In existence since 2003/4
-Terms of Reference
-Minutes of Meeting
-Information Governance Reports
-Information Governance Action Plan / -Review Terms of Reference annually / IGSG / Qtr 4
3. Has the PCT carried out a review of it’s Information Governance management and accountability arrangements that has been agreed by the Board? / Yes / -March 2006 Review of Information Governance Accountabilities at Director level and
-This document / -Continue to undertake annually or when significant changes to PCT occurs / IG Lead IGF / Qtr 3
4. Does the PCT have a Board endorsed IG work programme? / Yes /
-2006/7 Information Governance Action Plan
/ -Provide quarterly updates of implementation against action plan / IG Lead IGF / Qtr 3
5. Are the PCT’s Chief Executive and Board Members being effectively briefed and supported on Information Governance? / Yes / -Information Governance Reports
-Clinical Governance Reports / -Communicate quarterly Information Governance Updates to Board / IGF
IG Lead / Qtr 3 and 4
Management and Accountability Criteria / Can the PCT Board be assured that by 2007 March that the PCT fulfils the assurance issue / Evidence in support that existing arrangements
provide assurance against criteria?(Who, What and How) / Actions to Control gaps/Further Improve assurance by March 2007 / By who / By when
Supporting Groups and functions (including but not exclusive) / Yes / -See 6 and 7 Below / - / IG Lead
6. Does the PCT have an active management forum for patient/public representation that provides direction and visible support for initiatives relating to communicating with patients? / Yes / -Joint IG lead (Associate Director for Clinical Governance) represents Information Governance issues at Patient and Public Involvement Forum / -Review PPI issues for Information Governance implications six monthly / IG Lead / Qtr 3 and 4
7. Does the PCT have a Health Records Committee accountable to the PCT Board? / Yes / -Terms of Reference appropriately stipulate it is accountable through the PCT Clinical Governance and Risk Management Committee to the PCT board / -Review membership and terms of Reference of the Records management Committee and function to incorporate Information Quality issues
-Obtain Board endorsement of review
-Set up a Corporate Information Assurance subgroup / IG Lead and CIA / Qtr 3
8. Do the PCT’s senior management monitor the Information Governance agenda? / Yes / -Information Governance Report
-Risk reports
-Logs / -Produce an Information Governance log procedure and template for approval and communication of reports / IGF / Qtr 3

Appendix B: MARCH 2006 REVIEW OF ACCOUNTABILITIES FOR INFORMATION GOVERNANCE AT DIRECTOR LEVELS

Arrows signify direction of integration of requirements from Version 3 of the toolkit into Version 4 of the toolkit

2005.6 Toolkit Version 3 / 2006/7 Toolkit Version 4 / Proposed Recommendation on who to Lead / Rationale
  • Overall Information Governance
- Dir. Of Finance /
  • Information Governance Lead
/
  • Director of Finance And
  • Ass. Dir. Clinical Gov?
/
  • Pre existing fulfilment of Board level responsibilities
  • Integrated Governance implications; pre- existing expertise and function in department and fulfilment of reporting requirements in the toolkit

  • Confidentiality
- Dir. Of Nursing
  • Data Protection
- Dir. of Nursing & PHI /
  • Confidentiality and Data Protection Assurance
/
  • Director of Provider Services
/
  • Pre existing responsibilities
  • Wealth of knowledge and experience
  • Organisational implications regarding Connecting for Health programme and increased scope of the Caldicott Guardians responsibilities

  • Freedom of Information
-Dir. of Service Modernisation
  • Corporate Records Mgt &
  • Health Records Mgt
- Associate Director of Primary Care /
  • Corporate Information Assurance requirements
/
  • Associate Director of Clinical Governance and Risk
/
  • To have initiatives with legal implications, DPA and FOI within remit of one directorate to facilitate formal strategic corporate and clinical confluence regarding legally related requirements.
  • Integration of delivery of “Corporate Governance and Information Governance management related requirements
  • Facilitate further delivery of IQA and “Intelligent information” issues regarding Clinical Governance that were identified from August 2004 Strategic Baseline Assessment Results of Clinical Governance issues in WtPCT.
  • Will help integrate formally NHSLA requirements and Information Governance’s Corporate Governance records management issues at a strategic level
  • Pre-existing responsibilities residing within department regarding
  • Responding to FOI requests
  • Policy and procedural management for the PCT
  • Risk Management,
  • NHSLA

  • Information Quality Assurance
  • Not allocated
/
  • Clinical Information Assurance
/
  • Joint Leads
  • Associate Director Older Peoples and
  • Associate Director for Business Support
/
  • Workload implications - Will have the highest number of requirements
  • Already agreed pre-existing Records Management and Clinical Leadership responsibilities
  • Structure and business support remit of directorate integrates best the joint support mechanisms and personnel required for assuring record management and information quality assurance i.e. IT, Administration and Finance

  • Information Security
- Associate Dir. of IT /
  • Information Security Assurance
/
  • Associate Director Information Management
/
  • Technical requirements involved

1

2006/7 Review of Information Governance accountabilities in Wandsworth Teaching PCT