SlideShare a Scribd company logo

HSCIC IG Training - The Beginners’ Guide To Information Governance

Download as PPTX, PDF
L
LGT_IG_Department

This document provides a beginner's guide to information governance and management. It covers key topics such as the types of information (confidential, personal, sensitive personal, anonymous), why information needs to be protected, who is responsible, and security measures to protect information. It also includes example scenarios to demonstrate how these policies apply in practice and reinforce the learning. The overall document aims to raise awareness of how important it is to maintain confidentiality and properly manage sensitive personal information, as required by UK law.

Law
1 of 37
Information Governance and IG Management The Beginners’ Guide To Information Governance Version 1.03 – June 2011 1Beginners’ Guide to Information Governance
The Beginners’ Guide To Information Governance Introduction Version 1.03 – June 2011 2Beginners’ Guide to Information Governance
Contents Version 1.03 – June 2011 3Beginners’ Guide to Information Governance • Why is this training necessary?Part 1. Awareness and Training • Types of Information and information terms Part 1. Personal / Sensitive Personal / Anonymous / Confidential • What do these terms mean? • Who is responsible? Part 2. Confidentiality and Security • Some example scenarios for discussionPart 3. Example Scenarios • To confirm your understanding of this topic Part 4. Summary and Confirmation Questions
Part 1 Version 1.03 – June 2011 4Beginners’ Guide to Information Governance Training – Why is it necessary? and Types of Information
Why is Training Needed? The NHS provides a confidential service The NHS relies upon patient trust Version 1.03 – June 2011 5Beginners’ Guide to Information Governance
Types of Information Version 1.03 – June 2011 6Beginners’ Guide to Information Governance • Confidential • Personal • Sensitive personal • Anonymised Is all information the same?
Types Of Information Version 1.03 – June 2011 7Beginners’ Guide to Information Governance Confidential information
What information is Confidential? Version 1.03 – June 2011 8Beginners’ Guide to Information Governance 1. Swine 'flu and avian 'flu 2. Your symptoms and general health 3. Only what the doctor wrote down about your health 4. Your name and address
What makes information ‘confidential’? Version 1.03 – June 2011 9Beginners’ Guide to Information Governance your private information about you you gave it to someone who has a duty of confidence you expect it to be used in confidence Confidential Information UK law says health information is confidential
Types of Information Version 1.03 – June 2011 10Beginners’ Guide to Information Governance Name Address Date of birth Home telephone number Postcode Confidential Personal Sensitive Personal Anonymous
Types of Information Version 1.03 – June 2011 11Beginners’ Guide to Information Governance Racial or ethnic origin Political opinions Religious beliefs Trade union membership Physical or mental health Sexual life Criminal record Other – e.g. bank Confidential Personal Sensitive Personal Anonymous
Types of Information Version 1.03 – June 2011 12Beginners’ Guide to Information Governance No reference number No identifier Mr X from Surrey wins lottery Cannot be matched to anyone Confidential Personal Sensitive Personal Anonymous
Confirm – choose which criteria make information ‘confidential’? Version 1.03 – June 2011 13Beginners’ Guide to Information Governance ?? ?? ?? Confidential Information UK law says health information is confidential It is private and personal to someone? It is disclosed to someone who has a duty of confidence? It is expected to be used in confidence? It has not been given to anyone else? It is written down?
Confirm – choose which criteria make information ‘confidential’? Version 1.03 – June 2011 14Beginners’ Guide to Information Governance ?? ?? ?? Confidential Information UK law says health information is confidential It is private and personal to someone It is disclosed to someone who has a duty of confidence It is expected to be used in confidence It has not been given to anyone else? It is written down?
Types of Information - Summary Version 1.03 – June 2011 15Beginners’ Guide to Information Governance • 3 criteriaConfidential • Such as your name, address, postcodePersonal • Such as your healthSensitive Personal • Not personal therefore not confidentialAnonymous UK law says health information is confidential UK law says health information is sensitive personal information
Part 2 Version 1.03 – June 2011 16Beginners’ Guide to Information Governance Confidentiality and Security
Confidentiality and Security Version 1.03 – June 2011 17Beginners’ Guide to Information Governance Protecting Information: What and Why? Who and When? How?
What and Why? Version 1.03 – June 2011 18Beginners’ Guide to Information Governance What Must be Protected? Confidential Personal Sensitive Personal Why Protect it? Legal Confidential Service Patient Trust No Protection Anonymous Public Domain UK law says health information is sensitive personal information UK law says health information is confidential
Who and When? Version 1.03 – June 2011 19Beginners’ Guide to Information Governance Who? Organisation Board Health Professionals All Employees All 3rd parties When? From creation to secure destruction Locations, Formats Duty of Confidence even after employment ends
How do we protect information? Version 1.03 – June 2011 20Beginners’ Guide to Information Governance Information Governance (The rules on handling information) Security Measures Physical People Electronic Confidentiality Measures Restrict people Restrict information Train Staff Enforce
Security Plan and Overlap Version 1.03 – June 2011 21Beginners’ Guide to Information Governance
Security Which Measures? Version 1.03 – June 2011 22Beginners’ Guide to Information Governance •CCTV •intruder alarms •passwords •encryption ? •character references •vetting and background checks •awareness, education and training? •Walls, fences, gates •lockable doors, windows and cabinets •security lighting ?
Security Measures Plan and Overlap Version 1.03 – June 2011 23Beginners’ Guide to Information Governance Electronic • CCTV • intruder alarms • passwords • encryption People • character references • vetting and background checks • awareness, education and training Physical •Walls, fences, gates •lockable doors, windows and cabinets •security lighting
How Are We Doing? Version 1.03 – June 2011 24Beginners’ Guide to Information Governance Incident Reporting Proactive An identified weakness Reactive A breach has occurred
Confidentiality and Security - Summary Version 1.03 – June 2011 25Beginners’ Guide to Information Governance • UK law says health information is confidentialLegal Requirement • What needs protection, why, how, who and when Confidential and Security •Plan and overlap physical, people and electronic measures Security • Vital to improve weaknesses and prevent incidents happening againIncident reports
Part 3 Version 1.03 – June 2011 26Beginners’ Guide to Information Governance Example Scenarios
Confidentiality and Security Scenarios - Alex’s day at work Version 1.03 – June 2011 27Beginners’ Guide to Information Governance By the end of this section you will know that confidentiality and security involves every member of staff. Alex knows that personal information given to the NHS is nearly always confidential - and patient information certainly is. Alex walks into the hospital where he works. It’s going to be an eventful day as Alex will face a number of problems ...
Confidentiality and Security Scenario 1 - Photocopier Version 1.03 – June 2011 28Beginners’ Guide to Information Governance Alex is at a photocopier and finds a pay statement left in the machine. It is a hospital employee’s. What should Alex do with this? 1. Leave it on the photocopier and hope the person comes back to collect it. 2. Tell his line manager and suggest sending the statement to the Pay Dept and reporting the incident. 3. Go and look for the person and hand it to them. 4. Rip it into shreds and put it into a bin.
Confidentiality and Security Scenario 2 - An Unexpected Email Version 1.03 – June 2011 29Beginners’ Guide to Information Governance Alex is working at his computer when he receives an unexpected email. He sees that it contains a list of patients that are receiving dialysis treatment. What should he do with the email? 1. Delete it. 2. Delete it but also mention it to his line manager when convenient. 3. Forward the e-mail to colleague and ask what to do. 4. Tell his line manager, report the incident and secure the information.
Confidentiality and Security Scenario 3 - A Job Application Form Version 1.03 – June 2011 30Beginners’ Guide to Information Governance Alex’s manager is going through a completed job application forms sent from HR. The ethnicity sections of the form have not been removed before being sent to her. She asks Alex if this is okay. What should Alex say? 1. Tell his manager that it’s fine - as long as she treats the information confidentially. 2. Tell her that this is confidential ‘sensitive personal’ information which should be securely returned to the HR and reported. 3.Tell her that it is ‘sensitive personal’ information but nothing to worry about. 4. Tell her that she should call HR and complain.
Confidentiality and Security Scenario 4 - HR Personal File Version 1.03 – June 2011 31Beginners’ Guide to Information Governance Alex’s workmate phones him; he says that he is moving some empty cabinets and has just found a full HR file stuck at the back of one of them. What should Alex’s workmate do? 1. Put the file in an office waste bin and move the cabinet. 2. Put the file in the internal mail to the HR Dept. 3. Have a quick look through it and leave it in the cabinet. 4. Tell his line manager, suggesting the file should be returned to HR and the incident reported.
Confidentiality and Security Scenario 5 - Paper In a Corridor Version 1.03 – June 2011 32Beginners’ Guide to Information Governance Alex finds a sheet of paper on the floor of a hospital corridor. It is a leaflet showing opening times for the staff shop. On the back is written a name, address and telephone number. It is not a name he knows and it is not a hospital telephone number. What should he do? 1. Ring the number and tell whoever answers that a sheet has been found with these details on. 2. Rip the personal details into small bits and throw them in the bin. 3. Pin the leaflet to a nearby notice board where it might be found. 4. Put the sheet of paper in his pocket and think about it later.
Confidentiality and Security Scenario 6 – Visiting Times Version 1.03 – June 2011 33Beginners’ Guide to Information Governance Alex is sitting on the bus home. Someone who knows him is sitting nearby and asks Alex what the hospital visiting times are because her uncle was admitted to the hospital that morning. What can he say? 1. Tell his friend the visiting times 2. Tell his friend that he cannot say as this is confidential information 3. Tell his friend that he cannot say as this is personal information 4. Tell his friend that he cannot say as this is sensitive personal information
Confidentiality and Security Scenarios - Summary Version 1.03 – June 2011 34Beginners’ Guide to Information Governance Confidential information is protected by law. Confidential information may be written or spoken. Confidential information may be about staff or patients (including you and your relatives). We all have a legal responsibility to maintain confidentiality. Reporting incidents is vital to improvement. If you are unsure, seek advice or ask your line manager.
Part 4 Version 1.03 – June 2011 35Beginners’ Guide to Information Governance The Beginners’ Guide To Information Governance – Summary and Confirmatory Questions
The Beginners’ Guide To Information Governance - Summary Version 1.03 – June 2011 36Beginners’ Guide to Information Governance • A confidential service which relies on public trustThe NHS • What needs protection, why, how, who and when Confidential and Security •Vital to improve weaknesses and prevent incidents happening again Incident reports • Seek adviceIf in doubt? UK law says health information is confidential UK law says health information is sensitive personal information
The Beginners’ Guide To Information Governance Confirmatory Questions Version 1.03 – June 2011 37Beginners’ Guide to Information Governance

Recommended

Eva Resume FE
Eva Resume FEEva Resume FE
Eva Resume FEEva Mendoza
 
JEAN CHRISTOPHER PENANO Resume
JEAN CHRISTOPHER PENANO ResumeJEAN CHRISTOPHER PENANO Resume
JEAN CHRISTOPHER PENANO ResumeJean Christopher Pe
 
Physical environment of the philippines
Physical environment of the philippinesPhysical environment of the philippines
Physical environment of the philippines
Cee Saliendrez
 
Attention deficit-hyperactivity-disorder-(adhd)
Attention deficit-hyperactivity-disorder-(adhd)Attention deficit-hyperactivity-disorder-(adhd)
Attention deficit-hyperactivity-disorder-(adhd)
Amir Mahmoud
 
Si roy at ang pabango ni nanay
Si roy at ang pabango ni nanaySi roy at ang pabango ni nanay
Si roy at ang pabango ni nanay
Julie Valles
 
The caldicott role in general practice vo presentation
The caldicott role in general practice vo presentationThe caldicott role in general practice vo presentation
The caldicott role in general practice vo presentationOutlookSouthWest
 
Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015
Patrick Doyle
 
Designing Mobile AR Applications
Designing Mobile AR ApplicationsDesigning Mobile AR Applications
Designing Mobile AR Applications
Mark Billinghurst
 

Recommended

Eva Resume FE
Eva Resume FEEva Resume FE
Eva Resume FEEva Mendoza
 
JEAN CHRISTOPHER PENANO Resume
JEAN CHRISTOPHER PENANO ResumeJEAN CHRISTOPHER PENANO Resume
JEAN CHRISTOPHER PENANO ResumeJean Christopher Pe
 
Physical environment of the philippines
Physical environment of the philippinesPhysical environment of the philippines
Physical environment of the philippines
Cee Saliendrez
 
Attention deficit-hyperactivity-disorder-(adhd)
Attention deficit-hyperactivity-disorder-(adhd)Attention deficit-hyperactivity-disorder-(adhd)
Attention deficit-hyperactivity-disorder-(adhd)
Amir Mahmoud
 
Si roy at ang pabango ni nanay
Si roy at ang pabango ni nanaySi roy at ang pabango ni nanay
Si roy at ang pabango ni nanay
Julie Valles
 
The caldicott role in general practice vo presentation
The caldicott role in general practice vo presentationThe caldicott role in general practice vo presentation
The caldicott role in general practice vo presentationOutlookSouthWest
 
Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015
Patrick Doyle
 
Designing Mobile AR Applications
Designing Mobile AR ApplicationsDesigning Mobile AR Applications
Designing Mobile AR Applications
Mark Billinghurst
 
confidentiality in the workplace
confidentiality in the workplaceconfidentiality in the workplace
confidentiality in the workplace
Nova Zamora
 
Lesson 1 - Definitons
Lesson 1 - DefinitonsLesson 1 - Definitons
Lesson 1 - DefinitonsABM Software
 
Frankston
FrankstonFrankston
Frankstonbrentcarey
 
Mha690 week 1 confidentiality
Mha690 week 1 confidentialityMha690 week 1 confidentiality
Mha690 week 1 confidentialityamandamiller15
 
Unit 2.2 Safeguarding the welfare of children and young people
Unit 2.2 Safeguarding the welfare of children and young peopleUnit 2.2 Safeguarding the welfare of children and young people
Unit 2.2 Safeguarding the welfare of children and young people
HCEfareham
 
HIPAAThe day after the medication error, B. Moore’s mother signs.docx
HIPAAThe day after the medication error, B. Moore’s mother signs.docxHIPAAThe day after the medication error, B. Moore’s mother signs.docx
HIPAAThe day after the medication error, B. Moore’s mother signs.docx
pooleavelina
 
Intro to information governance booklet
Intro to information governance bookletIntro to information governance booklet
Intro to information governance booklet
Gerardo Medina
 
Kulak social media policy - print version
Kulak social media policy - print versionKulak social media policy - print version
Kulak social media policy - print version
Vanguard Leadership
 
Skills to Foster data protection power point 2015
Skills to Foster data protection power point 2015Skills to Foster data protection power point 2015
Skills to Foster data protection power point 2015
Martin Lawrence
 
Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?
Dan Michaluk
 
Week 1 Discussion 1Corrections An Overview  Please respond .docx
Week 1 Discussion 1Corrections An Overview  Please respond .docxWeek 1 Discussion 1Corrections An Overview  Please respond .docx
Week 1 Discussion 1Corrections An Overview  Please respond .docx
celenarouzie
 
1 Explain the principle of privacy. What impact has IT made on priv.pdf
1 Explain the principle of privacy. What impact has IT made on priv.pdf1 Explain the principle of privacy. What impact has IT made on priv.pdf
1 Explain the principle of privacy. What impact has IT made on priv.pdf
AroraRajinder1
 
How To Write An Essay Analyzing A Quote
How To Write An Essay Analyzing A QuoteHow To Write An Essay Analyzing A Quote
How To Write An Essay Analyzing A Quote
Jennifer Triepke
 
Unit 519 (01)Complaints
Unit 519 (01)ComplaintsUnit 519 (01)Complaints
Unit 519 (01)Complaints
Holly Vega
 
Government security classifications e learning
Government security classifications e learningGovernment security classifications e learning
Government security classifications e learning
accystanley
 
Hipaa basics
Hipaa basicsHipaa basics
Hipaa basicsmlireton
 
World Research Codes and Guidelines ESOMAR GUIDELINE F.docx
World Research Codes and Guidelines ESOMAR GUIDELINE F.docxWorld Research Codes and Guidelines ESOMAR GUIDELINE F.docx
World Research Codes and Guidelines ESOMAR GUIDELINE F.docx
ericbrooks84875
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
Evan Francen
 
Your role in confidentiality
Your role in confidentialityYour role in confidentiality
Your role in confidentiality
Trisha Ballard
 
The Ethics of Digital Health
The Ethics of Digital HealthThe Ethics of Digital Health
The Ethics of Digital Health
Megan Ranney
 
Bharatiya Nagarik Suraksha Sanhita power.pptx
Bharatiya Nagarik Suraksha Sanhita power.pptxBharatiya Nagarik Suraksha Sanhita power.pptx
Bharatiya Nagarik Suraksha Sanhita power.pptx
ShivkumarIyer18
 
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
9ib5wiwt
 

More Related Content

Similar to HSCIC IG Training - The Beginners’ Guide To Information Governance

confidentiality in the workplace
confidentiality in the workplaceconfidentiality in the workplace
confidentiality in the workplace
Nova Zamora
 
Lesson 1 - Definitons
Lesson 1 - DefinitonsLesson 1 - Definitons
Lesson 1 - DefinitonsABM Software
 
Mha690 week 1 confidentiality
Mha690 week 1 confidentialityMha690 week 1 confidentiality
Mha690 week 1 confidentialityamandamiller15
 
Unit 2.2 Safeguarding the welfare of children and young people
Unit 2.2 Safeguarding the welfare of children and young peopleUnit 2.2 Safeguarding the welfare of children and young people
Unit 2.2 Safeguarding the welfare of children and young people
HCEfareham
 
HIPAAThe day after the medication error, B. Moore’s mother signs.docx
HIPAAThe day after the medication error, B. Moore’s mother signs.docxHIPAAThe day after the medication error, B. Moore’s mother signs.docx
HIPAAThe day after the medication error, B. Moore’s mother signs.docx
pooleavelina
 
Intro to information governance booklet
Intro to information governance bookletIntro to information governance booklet
Intro to information governance booklet
Gerardo Medina
 
Kulak social media policy - print version
Kulak social media policy - print versionKulak social media policy - print version
Kulak social media policy - print version
Vanguard Leadership
 
Skills to Foster data protection power point 2015
Skills to Foster data protection power point 2015Skills to Foster data protection power point 2015
Skills to Foster data protection power point 2015
Martin Lawrence
 
Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?
Dan Michaluk
 
Week 1 Discussion 1Corrections An Overview  Please respond .docx
Week 1 Discussion 1Corrections An Overview  Please respond .docxWeek 1 Discussion 1Corrections An Overview  Please respond .docx
Week 1 Discussion 1Corrections An Overview  Please respond .docx
celenarouzie
 
1 Explain the principle of privacy. What impact has IT made on priv.pdf
1 Explain the principle of privacy. What impact has IT made on priv.pdf1 Explain the principle of privacy. What impact has IT made on priv.pdf
1 Explain the principle of privacy. What impact has IT made on priv.pdf
AroraRajinder1
 
How To Write An Essay Analyzing A Quote
How To Write An Essay Analyzing A QuoteHow To Write An Essay Analyzing A Quote
How To Write An Essay Analyzing A Quote
Jennifer Triepke
 
Unit 519 (01)Complaints
Unit 519 (01)ComplaintsUnit 519 (01)Complaints
Unit 519 (01)Complaints
Holly Vega
 
Government security classifications e learning
Government security classifications e learningGovernment security classifications e learning
Government security classifications e learning
accystanley
 
Hipaa basics
Hipaa basicsHipaa basics
Hipaa basicsmlireton
 
World Research Codes and Guidelines ESOMAR GUIDELINE F.docx
World Research Codes and Guidelines ESOMAR GUIDELINE F.docxWorld Research Codes and Guidelines ESOMAR GUIDELINE F.docx
World Research Codes and Guidelines ESOMAR GUIDELINE F.docx
ericbrooks84875
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
Evan Francen
 
Your role in confidentiality
Your role in confidentialityYour role in confidentiality
Your role in confidentiality
Trisha Ballard
 
The Ethics of Digital Health
The Ethics of Digital HealthThe Ethics of Digital Health
The Ethics of Digital Health
Megan Ranney
 

Similar to HSCIC IG Training - The Beginners’ Guide To Information Governance (20)

confidentiality in the workplace
confidentiality in the workplaceconfidentiality in the workplace
confidentiality in the workplace
 
Lesson 1 - Definitons
Lesson 1 - DefinitonsLesson 1 - Definitons
Lesson 1 - Definitons
 
Frankston
FrankstonFrankston
Frankston
 
Mha690 week 1 confidentiality
Mha690 week 1 confidentialityMha690 week 1 confidentiality
Mha690 week 1 confidentiality
 
Unit 2.2 Safeguarding the welfare of children and young people
Unit 2.2 Safeguarding the welfare of children and young peopleUnit 2.2 Safeguarding the welfare of children and young people
Unit 2.2 Safeguarding the welfare of children and young people
 
HIPAAThe day after the medication error, B. Moore’s mother signs.docx
HIPAAThe day after the medication error, B. Moore’s mother signs.docxHIPAAThe day after the medication error, B. Moore’s mother signs.docx
HIPAAThe day after the medication error, B. Moore’s mother signs.docx
 
Intro to information governance booklet
Intro to information governance bookletIntro to information governance booklet
Intro to information governance booklet
 
Kulak social media policy - print version
Kulak social media policy - print versionKulak social media policy - print version
Kulak social media policy - print version
 
Skills to Foster data protection power point 2015
Skills to Foster data protection power point 2015Skills to Foster data protection power point 2015
Skills to Foster data protection power point 2015
 
Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?
 
Week 1 Discussion 1Corrections An Overview  Please respond .docx
Week 1 Discussion 1Corrections An Overview  Please respond .docxWeek 1 Discussion 1Corrections An Overview  Please respond .docx
Week 1 Discussion 1Corrections An Overview  Please respond .docx
 
1 Explain the principle of privacy. What impact has IT made on priv.pdf
1 Explain the principle of privacy. What impact has IT made on priv.pdf1 Explain the principle of privacy. What impact has IT made on priv.pdf
1 Explain the principle of privacy. What impact has IT made on priv.pdf
 
How To Write An Essay Analyzing A Quote
How To Write An Essay Analyzing A QuoteHow To Write An Essay Analyzing A Quote
How To Write An Essay Analyzing A Quote
 
Unit 519 (01)Complaints
Unit 519 (01)ComplaintsUnit 519 (01)Complaints
Unit 519 (01)Complaints
 
Government security classifications e learning
Government security classifications e learningGovernment security classifications e learning
Government security classifications e learning
 
Hipaa basics
Hipaa basicsHipaa basics
Hipaa basics
 
World Research Codes and Guidelines ESOMAR GUIDELINE F.docx
World Research Codes and Guidelines ESOMAR GUIDELINE F.docxWorld Research Codes and Guidelines ESOMAR GUIDELINE F.docx
World Research Codes and Guidelines ESOMAR GUIDELINE F.docx
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
 
Your role in confidentiality
Your role in confidentialityYour role in confidentiality
Your role in confidentiality
 
The Ethics of Digital Health
The Ethics of Digital HealthThe Ethics of Digital Health
The Ethics of Digital Health
 

Recently uploaded

Bharatiya Nagarik Suraksha Sanhita power.pptx
Bharatiya Nagarik Suraksha Sanhita power.pptxBharatiya Nagarik Suraksha Sanhita power.pptx
Bharatiya Nagarik Suraksha Sanhita power.pptx
ShivkumarIyer18
 
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
9ib5wiwt
 
定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样
定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样
定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样
9ib5wiwt
 
Rokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal OpinionRokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal Opinion
Abdul-Hakim Shabazz
 
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdfXYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
bhavenpr
 
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
CIkumparan
 
Patenting_Innovations_in_3D_Printing_Prosthetics.pptx
Patenting_Innovations_in_3D_Printing_Prosthetics.pptxPatenting_Innovations_in_3D_Printing_Prosthetics.pptx
Patenting_Innovations_in_3D_Printing_Prosthetics.pptx
ssuser559494
 
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Syed Muhammad Humza Hussain
 
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
osenwakm
 
ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.
Daffodil International University
 
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
o6ov5dqmf
 
Lifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point PresentationLifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point Presentation
seri bangash
 
Secure Your Brand: File a Trademark Today
Secure Your Brand: File a Trademark TodaySecure Your Brand: File a Trademark Today
Secure Your Brand: File a Trademark Today
Trademark Quick
 
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
osenwakm
 
Car Accident Injury Do I Have a Case....
Car Accident Injury Do I Have a Case....Car Accident Injury Do I Have a Case....
Car Accident Injury Do I Have a Case....
Knowyourright
 
Matthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government LiaisonMatthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government Liaison
MattGardner52
 
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdfDaftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
akbarrasyid3
 
Understanding about ITR-1 and Documentation
Understanding about ITR-1 and DocumentationUnderstanding about ITR-1 and Documentation
Understanding about ITR-1 and Documentation
CAAJAYKUMAR4
 
Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976
PelayoGilbert
 
Highlights_of_Bhartiya_Nyaya_Sanhita.pptx
Highlights_of_Bhartiya_Nyaya_Sanhita.pptxHighlights_of_Bhartiya_Nyaya_Sanhita.pptx
Highlights_of_Bhartiya_Nyaya_Sanhita.pptx
anjalidixit21
 

Recently uploaded (20)

Bharatiya Nagarik Suraksha Sanhita power.pptx
Bharatiya Nagarik Suraksha Sanhita power.pptxBharatiya Nagarik Suraksha Sanhita power.pptx
Bharatiya Nagarik Suraksha Sanhita power.pptx
 
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
 
定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样
定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样
定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样
 
Rokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal OpinionRokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal Opinion
 
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdfXYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
 
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
 
Patenting_Innovations_in_3D_Printing_Prosthetics.pptx
Patenting_Innovations_in_3D_Printing_Prosthetics.pptxPatenting_Innovations_in_3D_Printing_Prosthetics.pptx
Patenting_Innovations_in_3D_Printing_Prosthetics.pptx
 
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
 
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
 
ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.
 
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
 
Lifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point PresentationLifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point Presentation
 
Secure Your Brand: File a Trademark Today
Secure Your Brand: File a Trademark TodaySecure Your Brand: File a Trademark Today
Secure Your Brand: File a Trademark Today
 
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
 
Car Accident Injury Do I Have a Case....
Car Accident Injury Do I Have a Case....Car Accident Injury Do I Have a Case....
Car Accident Injury Do I Have a Case....
 
Matthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government LiaisonMatthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government Liaison
 
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdfDaftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
 
Understanding about ITR-1 and Documentation
Understanding about ITR-1 and DocumentationUnderstanding about ITR-1 and Documentation
Understanding about ITR-1 and Documentation
 
Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976
 
Highlights_of_Bhartiya_Nyaya_Sanhita.pptx
Highlights_of_Bhartiya_Nyaya_Sanhita.pptxHighlights_of_Bhartiya_Nyaya_Sanhita.pptx
Highlights_of_Bhartiya_Nyaya_Sanhita.pptx
 

HSCIC IG Training - The Beginners’ Guide To Information Governance

  • 1. Information Governance and IG Management The Beginners’ Guide To Information Governance Version 1.03 – June 2011 1Beginners’ Guide to Information Governance
  • 2. The Beginners’ Guide To Information Governance Introduction Version 1.03 – June 2011 2Beginners’ Guide to Information Governance
  • 3. Contents Version 1.03 – June 2011 3Beginners’ Guide to Information Governance • Why is this training necessary?Part 1. Awareness and Training • Types of Information and information terms Part 1. Personal / Sensitive Personal / Anonymous / Confidential • What do these terms mean? • Who is responsible? Part 2. Confidentiality and Security • Some example scenarios for discussionPart 3. Example Scenarios • To confirm your understanding of this topic Part 4. Summary and Confirmation Questions
  • 4. Part 1 Version 1.03 – June 2011 4Beginners’ Guide to Information Governance Training – Why is it necessary? and Types of Information
  • 5. Why is Training Needed? The NHS provides a confidential service The NHS relies upon patient trust Version 1.03 – June 2011 5Beginners’ Guide to Information Governance
  • 6. Types of Information Version 1.03 – June 2011 6Beginners’ Guide to Information Governance • Confidential • Personal • Sensitive personal • Anonymised Is all information the same?
  • 7. Types Of Information Version 1.03 – June 2011 7Beginners’ Guide to Information Governance Confidential information
  • 8. What information is Confidential? Version 1.03 – June 2011 8Beginners’ Guide to Information Governance 1. Swine 'flu and avian 'flu 2. Your symptoms and general health 3. Only what the doctor wrote down about your health 4. Your name and address
  • 9. What makes information ‘confidential’? Version 1.03 – June 2011 9Beginners’ Guide to Information Governance your private information about you you gave it to someone who has a duty of confidence you expect it to be used in confidence Confidential Information UK law says health information is confidential
  • 10. Types of Information Version 1.03 – June 2011 10Beginners’ Guide to Information Governance Name Address Date of birth Home telephone number Postcode Confidential Personal Sensitive Personal Anonymous
  • 11. Types of Information Version 1.03 – June 2011 11Beginners’ Guide to Information Governance Racial or ethnic origin Political opinions Religious beliefs Trade union membership Physical or mental health Sexual life Criminal record Other – e.g. bank Confidential Personal Sensitive Personal Anonymous
  • 12. Types of Information Version 1.03 – June 2011 12Beginners’ Guide to Information Governance No reference number No identifier Mr X from Surrey wins lottery Cannot be matched to anyone Confidential Personal Sensitive Personal Anonymous
  • 13. Confirm – choose which criteria make information ‘confidential’? Version 1.03 – June 2011 13Beginners’ Guide to Information Governance ?? ?? ?? Confidential Information UK law says health information is confidential It is private and personal to someone? It is disclosed to someone who has a duty of confidence? It is expected to be used in confidence? It has not been given to anyone else? It is written down?
  • 14. Confirm – choose which criteria make information ‘confidential’? Version 1.03 – June 2011 14Beginners’ Guide to Information Governance ?? ?? ?? Confidential Information UK law says health information is confidential It is private and personal to someone It is disclosed to someone who has a duty of confidence It is expected to be used in confidence It has not been given to anyone else? It is written down?
  • 15. Types of Information - Summary Version 1.03 – June 2011 15Beginners’ Guide to Information Governance • 3 criteriaConfidential • Such as your name, address, postcodePersonal • Such as your healthSensitive Personal • Not personal therefore not confidentialAnonymous UK law says health information is confidential UK law says health information is sensitive personal information
  • 16. Part 2 Version 1.03 – June 2011 16Beginners’ Guide to Information Governance Confidentiality and Security
  • 17. Confidentiality and Security Version 1.03 – June 2011 17Beginners’ Guide to Information Governance Protecting Information: What and Why? Who and When? How?
  • 18. What and Why? Version 1.03 – June 2011 18Beginners’ Guide to Information Governance What Must be Protected? Confidential Personal Sensitive Personal Why Protect it? Legal Confidential Service Patient Trust No Protection Anonymous Public Domain UK law says health information is sensitive personal information UK law says health information is confidential
  • 19. Who and When? Version 1.03 – June 2011 19Beginners’ Guide to Information Governance Who? Organisation Board Health Professionals All Employees All 3rd parties When? From creation to secure destruction Locations, Formats Duty of Confidence even after employment ends
  • 20. How do we protect information? Version 1.03 – June 2011 20Beginners’ Guide to Information Governance Information Governance (The rules on handling information) Security Measures Physical People Electronic Confidentiality Measures Restrict people Restrict information Train Staff Enforce
  • 21. Security Plan and Overlap Version 1.03 – June 2011 21Beginners’ Guide to Information Governance
  • 22. Security Which Measures? Version 1.03 – June 2011 22Beginners’ Guide to Information Governance •CCTV •intruder alarms •passwords •encryption ? •character references •vetting and background checks •awareness, education and training? •Walls, fences, gates •lockable doors, windows and cabinets •security lighting ?
  • 23. Security Measures Plan and Overlap Version 1.03 – June 2011 23Beginners’ Guide to Information Governance Electronic • CCTV • intruder alarms • passwords • encryption People • character references • vetting and background checks • awareness, education and training Physical •Walls, fences, gates •lockable doors, windows and cabinets •security lighting
  • 24. How Are We Doing? Version 1.03 – June 2011 24Beginners’ Guide to Information Governance Incident Reporting Proactive An identified weakness Reactive A breach has occurred
  • 25. Confidentiality and Security - Summary Version 1.03 – June 2011 25Beginners’ Guide to Information Governance • UK law says health information is confidentialLegal Requirement • What needs protection, why, how, who and when Confidential and Security •Plan and overlap physical, people and electronic measures Security • Vital to improve weaknesses and prevent incidents happening againIncident reports
  • 26. Part 3 Version 1.03 – June 2011 26Beginners’ Guide to Information Governance Example Scenarios
  • 27. Confidentiality and Security Scenarios - Alex’s day at work Version 1.03 – June 2011 27Beginners’ Guide to Information Governance By the end of this section you will know that confidentiality and security involves every member of staff. Alex knows that personal information given to the NHS is nearly always confidential - and patient information certainly is. Alex walks into the hospital where he works. It’s going to be an eventful day as Alex will face a number of problems ...
  • 28. Confidentiality and Security Scenario 1 - Photocopier Version 1.03 – June 2011 28Beginners’ Guide to Information Governance Alex is at a photocopier and finds a pay statement left in the machine. It is a hospital employee’s. What should Alex do with this? 1. Leave it on the photocopier and hope the person comes back to collect it. 2. Tell his line manager and suggest sending the statement to the Pay Dept and reporting the incident. 3. Go and look for the person and hand it to them. 4. Rip it into shreds and put it into a bin.
  • 29. Confidentiality and Security Scenario 2 - An Unexpected Email Version 1.03 – June 2011 29Beginners’ Guide to Information Governance Alex is working at his computer when he receives an unexpected email. He sees that it contains a list of patients that are receiving dialysis treatment. What should he do with the email? 1. Delete it. 2. Delete it but also mention it to his line manager when convenient. 3. Forward the e-mail to colleague and ask what to do. 4. Tell his line manager, report the incident and secure the information.
  • 30. Confidentiality and Security Scenario 3 - A Job Application Form Version 1.03 – June 2011 30Beginners’ Guide to Information Governance Alex’s manager is going through a completed job application forms sent from HR. The ethnicity sections of the form have not been removed before being sent to her. She asks Alex if this is okay. What should Alex say? 1. Tell his manager that it’s fine - as long as she treats the information confidentially. 2. Tell her that this is confidential ‘sensitive personal’ information which should be securely returned to the HR and reported. 3.Tell her that it is ‘sensitive personal’ information but nothing to worry about. 4. Tell her that she should call HR and complain.
  • 31. Confidentiality and Security Scenario 4 - HR Personal File Version 1.03 – June 2011 31Beginners’ Guide to Information Governance Alex’s workmate phones him; he says that he is moving some empty cabinets and has just found a full HR file stuck at the back of one of them. What should Alex’s workmate do? 1. Put the file in an office waste bin and move the cabinet. 2. Put the file in the internal mail to the HR Dept. 3. Have a quick look through it and leave it in the cabinet. 4. Tell his line manager, suggesting the file should be returned to HR and the incident reported.
  • 32. Confidentiality and Security Scenario 5 - Paper In a Corridor Version 1.03 – June 2011 32Beginners’ Guide to Information Governance Alex finds a sheet of paper on the floor of a hospital corridor. It is a leaflet showing opening times for the staff shop. On the back is written a name, address and telephone number. It is not a name he knows and it is not a hospital telephone number. What should he do? 1. Ring the number and tell whoever answers that a sheet has been found with these details on. 2. Rip the personal details into small bits and throw them in the bin. 3. Pin the leaflet to a nearby notice board where it might be found. 4. Put the sheet of paper in his pocket and think about it later.
  • 33. Confidentiality and Security Scenario 6 – Visiting Times Version 1.03 – June 2011 33Beginners’ Guide to Information Governance Alex is sitting on the bus home. Someone who knows him is sitting nearby and asks Alex what the hospital visiting times are because her uncle was admitted to the hospital that morning. What can he say? 1. Tell his friend the visiting times 2. Tell his friend that he cannot say as this is confidential information 3. Tell his friend that he cannot say as this is personal information 4. Tell his friend that he cannot say as this is sensitive personal information
  • 34. Confidentiality and Security Scenarios - Summary Version 1.03 – June 2011 34Beginners’ Guide to Information Governance Confidential information is protected by law. Confidential information may be written or spoken. Confidential information may be about staff or patients (including you and your relatives). We all have a legal responsibility to maintain confidentiality. Reporting incidents is vital to improvement. If you are unsure, seek advice or ask your line manager.
  • 35. Part 4 Version 1.03 – June 2011 35Beginners’ Guide to Information Governance The Beginners’ Guide To Information Governance – Summary and Confirmatory Questions
  • 36. The Beginners’ Guide To Information Governance - Summary Version 1.03 – June 2011 36Beginners’ Guide to Information Governance • A confidential service which relies on public trustThe NHS • What needs protection, why, how, who and when Confidential and Security •Vital to improve weaknesses and prevent incidents happening again Incident reports • Seek adviceIf in doubt? UK law says health information is confidential UK law says health information is sensitive personal information
  • 37. The Beginners’ Guide To Information Governance Confirmatory Questions Version 1.03 – June 2011 37Beginners’ Guide to Information Governance

Editor's Notes

  1. 1
  2. Welcome to this learning module on the Beginner’s Guide to Information Governance. Background What would you do if you picked up a piece of litter at work and found it was a sheet of confidential information from a HR file? Is this a common event which you expect to come across quite often? Do you think it matters? Would you think any differently if the sheet of paper was from your own HR file - or it was from a patient’s record (and you were that patient)? Opinion 1. The NHS deals with vast volumes of confidential information each day. Some of you may think that the NHS is so large that mistakes are unavoidable. Opinion 2. Some of you may think that if the NHS deals with such large amounts of information each day – then information handling should be so well established that mistakes should not happen. No matter which opinion you hold – one thing we can all agree is that we must do all we can to work towards minimising the number and seriousness of incidents which do occur. Aim. This module is an introductory level learning module which explains: The difference between types of information about people - 'personal information‘ and 'sensitive' personal information and anonymous information What information is confidential – and why What 'confidentiality measures’ means, what information it applies to and how confidentiality is maintained What ‘security measures’ mean, how good security is planned and how it involves all employees The importance of identifying and reporting confidentiality and security incidents and weaknesses to highlight issues and help organisations improve This module includes scenarios to help us recognise and deal with everyday situations which you may come across. Target audience. The module is designed to help you as non-clinical staff, know what to do whenever you come across personal data in either written or verbal form . Format. A lot of this module deals with definitions – but to overcome this we will discuss some scenarios to help you recognise and deal with everyday situations which involve spoken and written information. Duration. This whole module should take around 60 minutes? to complete. [next slide]
  3. Contents Part 1. Why this training is necessary Types of Information and Information Terms Personal Sensitive Personal Anonymous Confidential Part 2. Confidentiality and security - what do these terms mean and who is responsible? Part 3. We will then discuss some scenarios to help illustrate the learning points covered in the module Part 4. [OPTIONAL] Finally, there are questions at the end of the module to confirm the learning objectives have been achieved [questions are recommended but are not provided with this slide pack] [next slide]
  4. PART 1 - Title slide [next slide]
  5. Why is Training Needed? The NHS provides a confidential service Patient information is confidential because the relationship between a patient and a healthcare professional is based on confidentiality and this is supported in law. There can be no truly confidential service unless everyone who works in the NHS knows what information is ‘confidential’ and how to keep it confidential. We all need to make sure information is kept secure and report incidents if they happen. How else will we improve? How else can we make sure we are complying with the law? Every one of us must contribute. No matter how often or how rarely we have contact with patients or information about patients, we can all report problems that we see. If we don’t recognise problems, they are not reported and are in danger of becoming accepted working practice. A confidential service means all NHS organisations and employees (including volunteers and anyone else who may come into contact with confidential information) have a duty of confidentiality – not just the doctors and other health professionals with whom patients have direct contact. This obligation is written into employment contracts to ensure we all have an enforceable obligation to maintain confidentiality and support the organisation in meeting its legal obligations by maintaining adequate security to protect the information we receive from patients (and staff). The NHS relies upon patient trust Patients trust the NHS to use and record their medical details; look after the details securely and only share them with those who need to see them. “Patient Information Held Securely!” is not a headline you will see in a national newspaper because patients expect (and it is enforced by law) that we look after information properly. We are in a position of public trust because we work for the NHS – and we have to work hard to avoid failures that could become the next day’s headline and lead to fines against NHS organisations or staff. So the purpose of this session is to explain what information is confidential and the part we all play in both keeping it confidential and secure, and in reporting problems . So why is training necessary? We can’t provide a confidential service or maintain the trust of patients unless all NHS employees know: What information is confidential What to do when dealing with confidential information Today we are looking at this topic as NHS staff – but at some time in our lives we will be patients too. [next slide]
  6. Types of Information Is all information the same? No! Working in the NHS we come into contact with lots of information about people. Some of this information is limited to peoples’ names and contact details; some will be about their health. Information given to the NHS ‘in confidence’ by patients is given for use in providing healthcare – and not for any other purpose. This means the information is ‘confidential’ – and includes names and addresses as well as health information. There are four main terms used for information that you should be aware of: Confidential Personal Sensitive personal Anonymised We don’t need to get bogged down with any long, or legally approved, definitions in this module. The principles are the same throughout healthcare. We will explain these terms by looking through an example. … [on next slide] [next slide]
  7. Types of information Confidential information Look and listen to the situation we describe here and then on the next slide we will discuss the answer to a question about it. [READ ALOUD] You are feeling unwell and chat about it with your partner who suggests you go and see your doctor. You have heard quite a lot about ‘avian flu’ and ‘swine flu’ on the radio recently, so you are a bit worried. You make an appointment with the local surgery. You know that the surgery already has your name, address, date of birth and other details in your record when you registered at the surgery years ago. [next slide]
  8. What information is confidential? [READ ALOUD] At the appointment with your Doctor, you: describe your symptoms mention that the TV news that morning was "all about swine 'flu and avian 'flu”. The Doctor makes some notes about you (which go into your medical record) and gives you a prescription (which you put in your pocket). --------------------------- On the slide there are various statements. There are two or more correct options in the following. 1. The information about swine 'flu and avian 'flu is confidential 2. What you told the doctor about your symptoms and general health is confidential 3. Only what the doctor wrote down about your health is confidential 4. The information the doctor has about your name and address is confidential [Identify the confidential information – not the reasons why (which are shown on the next slide)] The correct responses are: The information about swine 'flu and avian 'flu is confidential [WRONG]. The information about swine flu or avian flu is certainly not confidential. It is public information; it has been on the television and the radio. What you told the doctor about your symptoms and general health is confidential [CORRECT]. The information you discussed with your doctor about your health is confidential. The fact that you talked about your health to someone other than the doctor (your partner) doesn’t affect your expectation that the doctor will not disclose your health details. Only what the doctor wrote down about your health is confidential [WRONG]. Confidential information is both the information which the doctor remembers about your health as well as what was written down and put in your record. The information the doctor has about your name and address is confidential [CORRECT]. Your name and address are also confidential because they are necessary so you can receive NHS healthcare – and not used for any other purpose. [next slide]
  9. What makes information confidential? We have just seen an example of confidential information, but what exactly makes it confidential? It is confidential because it meets three conditions: One: it is your private information about you Two: you gave it to someone who has a duty of confidence (in this case the doctor or staff who work on behalf of the doctor) Three: you expect it to be used in confidence Note: The duty of confidence can be broken in special circumstances such as a need to protect the public e.g. serious crime or to prevent abuse. These situations which would need to be justified (in court if necessary) are not covered in this beginners’ module. UK law says health information is confidential. Now let’s explain the meaning of anonymous information as well as the difference between personal and sensitive personal information which might be disclosed …… [next slide] [next slide]
  10. Personal information We have just explained confidential information. We will now cover the other types of information – starting with Personal information. Personal information. UK law describes personal information (as the term implies) – as information about a person. The most obvious personal information is: Name Address Date of birth Home telephone number Postcode Personal information can also be your job, the school you went to, your car – or even the items you buy that are recorded on a supermarket loyalty card as these can be linked to you and could be used to identify you. UK Law sets out rules which must be followed if organisations collect or use personal information. The law says that personal information must be obtained fairly and lawfully, be protected by adequate security and only be used for the purpose it was gathered e.g.: You get a job with the NHS and are asked to provide your bank details - so you go to a bank to open a new account. The bank asks you to fill out a form to set up an account for you. The form asks for your name, date of birth, address and other details and the bank require two utility bills so your identity can be verified. You take a gas bill and an electricity bill. You receive your account details within a week or so and give these to your NHS employer. The law may be broken if the bank or your employer acts unlawfully or unfairly by : Giving or selling your details to other organisations without your permission (perhaps to other utility companies or - or Failing to look after your details e.g. not destroying your records properly or not taking adequate measures over the phone to verify you are who you say you are before transferring money – and if you are caused you damage or distress by these actions you may seek compensation! No Name identification. Personal information can often directly identify a person – such as a name (especially unusual names) but some personal information can be matched to identify a person without knowing his or her name. For example, a man drives a white car and parks in the same place every day. He is identifiable from everyone else though we do not know his name. [next slide]
  11. Sensitive personal information UK law defines sensitive personal information as the following: Racial or ethnic origin Political opinions Religious beliefs Trade union membership Physical or mental health or condition [highlighted] Sexual life Criminal record The same legal principles which apply to personal information also apply to sensitive personal information - but the damage or distress caused by a loss or misuse of your sensitive personal information is expected to cause greater damage or distress e.g. an organisation selling your health details to private medical companies or the loss of your occupational health reports. Other sensitive information. There is other personal information that can also cause a person damage or distress – but is not included in the list. Imagine your bank details, your salary, your credit card details, passport details or your National Insurance Number ending up in the wrong hands. These pieces of information could lead to someone stealing your identity, running up bills in your name and ruining your credit rating. Certainly, this could also fall into the 'sensitive' category (and whoever failed to look after your information could end up in court for not safeguarding your information). UK law says health information is sensitive personal information. Working, as we do, in the NHS we are going to concentrate on information about people’s physical or mental health. So, this is the type of information that we will focus on in this module. No Name identification. Personal and sensitive personal information must be linked to an identifiable person – or it is ‘anonymous’. This means that information must still be protected if it applies to an unnamed person who can still be identified e.g. ‘the patient in X-Ray who has MRSA’, ‘the hip fracture patient admitted to Ward nine last night’, or a patient who can be identified by his rare disease or drug treatment.
  12. Anonymous information Whenever possible, the NHS replaces patient names with reference numbers. This can often make it possible to discuss or write about a patient’s illness without identifying him or her by name. If this information is lost then it is unlikely that the person’s identity will be known. If we take it one stage further by removing the reference number (or any other identifier) completely, then this information is fully anonymous and can be used to analyse trends in illnesses and plan future health service needs – without compromising patient confidentiality. Information can be so vague it cannot be matched to anyone and is therefore anonymous: “Mr. X from Surrey wins lottery”. As we have no idea who Mr X is – then this is not personal information! We need to make sure anonymous information is really anonymous. This even means considering if a patient can be identified because they have a very rare illness.
  13. Recap - what makes information confidential? You’ve now covered an explanation of confidentiality and explanation of information types. Let’s just remind ourselves - information is confidential because it meets which criteria? There are two or more options which are correct. [THE NEXT SLIDE HIGHLIGHTS THE CORRECT ANSWERS]
  14. Recap - what makes information confidential? [ANSWER] There are two or more options which are correct. It is private and personal to someone [CORRECT] It is disclosed to someone who has a duty of confidence [CORRECT] It is expected to be used in confidence [CORRECT] It has not been given to anyone else [WRONG] It is written down [WRONG] [Learning Points to emphasise] Anonymous information is not personal information Personal and sensitive personal information are not automatically confidential. These types of information are only confidential if disclosed in circumstances which meet the three criteria on the slide. [next slide]
  15. Types of information Summary These are the key learning points for the topic Types of Information. You have covered the fact that there are different types of information: Personal information, which covers things like your name, address, postcode Sensitive information, such as your health. This information can be ‘confidential’ if it is given because of a relationship where confidentiality is expected – as we described earlier. Anonymous information cannot identify a person – and is therefore not confidential. In UK law health information is both sensitive AND confidential.
  16. PART 2 Title slide - Confidentiality and Security
  17. Confidentiality and Security - Protecting Information: Introduction. The NHS holds 'Personal and Sensitive Personal Information' about millions of people – NHS staff as well as our patients. The details are names, addresses, dates of birth, NHS numbers AND related information about physical or mental health condition. Safeguarding such a large amount of this information in a lockable area such as a Patient Records Department (or a HR Department) is fairly secure - but information is not obtained simply to store in locked rooms . The information is required wherever it is needed – on wards, clinics, sent and received by departments across a Trust, between Trusts or other healthcare providers. Letters are sent to patients which contain their confidential health information. In this third part of the module we will look at information protection – the: What and Why? Who and When? How?
  18. 18
  19. 19
  20. 20
  21. Security Planning. A key principle of security is planning. It is of little use to spend money, time and effort: Protecting one part of the building - but not the other. Locking doors – but not the windows. Putting password protection on computers – but not training staff to use passwords. Planning is needed to ensure all security measures contribute to raise the level of security and help staff work effectively within the rules. Some measures apply across the whole organisation – such as wearing identification badges and uniform if issued, while others are specific to the work we do – such as a CCTV tapes being managed and stored securely to provide evidence acceptable in court. Each measure has its place and contributes to our overall security. Security measures will be supported by policies, procedures and guidance to make sure all staff know what to do. Each measure will be documented in policy, procedures and guidance. Overlapping measures A second key principle of security is to overlap security measures to avoid a situation where only one measure protects against a risk. The danger of relying on one single measure is that it may not be 100% reliable – or worse it may fail completely and without warning. So whenever possible, security measures should be overlapped and planned to take into account measures that are already in place across the organisation. Security Measures You can see the types of measures on the slide. Can you think of some security measures that fit into these categories? [the next slide has a confirmatory question]
  22. Security Measures [discuss which measures fit into which category] [The suggested answer is on the next slide]
  23. Security Measures Security Measures protect against risks to the organisation – including risks such as loss, theft or compromise of information we need to protect. The measures are grouped into three types: Physical Measures - such as walls, fences and gates, lockable doors, windows and cabinets, security lighting. People Measures - such as character references, vetting and background checks, awareness, education and training. Electronic Measures - such as CCTV, intruder alarms, passwords, encryption.
  24. Incident Reporting So the organisation carries out its security planning, overlaps its security measures and puts measures in place which includes making sure we all have a duty of confidence and are aware of what this means. but what can be done to help an organisation improve or measure the success or failure of these measures? The answer is Incident Reporting. Incident reports are vital to highlight weaknesses and prevent incidents happening (or happening again). Probably the worst position for an organisation is not knowing: that a risk exists - or has increased (e.g. a spate of computer thefts has taken place in hospitals nearby) – or that security measures are not being used or are not working (e.g. doors are wedged open instead of being closed and locked – or security lighting is broken and hasn’t been fixed ). The same principles apply outside of work – for example: burglaries in your neighbourhood have increased (so the risk to your house exists and has increased) your car alarm doesn’t work (the security measure was not working). The necessary measures are often put in place too late – after the incident has happened. This is REACTIVE. The measures are reviewed after the complaint or mistake has happened. That’s why it’s important to report weaknesses and potential issues. This is PROACTIVE. It helps cut down complaints and improves what we do BEFORE an incident occurs. [next slide]
  25. Confidentiality and Security Summary Here are the key learning points that you have covered in Explain 'confidentiality' and 'security'. By law the NHS must protect personal information which is confidential. Confidentiality measures preserve the confidentiality status of information Security measures should overlap to avoid reliance on just one measure which may fail. Physical, people and electronic measures can be taken to protect information. Incident reports are vital to improve weaknesses and prevent incidents happening again. [next slide]
  26. PART 3 Title slide – Example Scenarios [next slide]
  27. Confidentiality and Security Scenarios - Alex’s day at work We will now look at several scenarios involving information and discuss appropriate actions. The aim of the section is to emphasise that, working for the NHS there will be times when you see or hear confidential information - even if those occasions are very rare - so you need to know what confidential information is and what to do. We all have a responsibility for Confidentiality and Security – no matter where we work or what job we do. As we go through the issues on the following slides, consider if these could happen where you work? Or have you got similar examples that you would like to mention. [next slide]
  28. 28
  29. 29
  30. Alex’s day at work – Scenario 3 - A job application form Scenario Description. Alex’s manager is going through a completed job application forms sent from HR. The ethnicity sections of the form have not been removed before being sent to her. She asks Alex if this is okay. What should Alex say? Response options 1. Tell his manager that it’s fine - as long as she treats the information confidentially. 2. Tell her that this is confidential ‘sensitive personal’ information which should be securely returned to the HR and reported. 3.Tell her that it is ‘sensitive personal’ information but nothing to worry about. 4. Tell her that she should call HR and complain. [Discuss the options with audience – suggested answer for this scenario is shown below] If you think of the two questions: Is the information confidential? The answer is ‘yes’ Is it secure? No it isn’t. This ethnic information is protected by law in the same way that health information is. It is 'sensitive personal' information provided in confidence by job applicants and should not be made available to the recruiting manager. Because of this Alex should suggest that his manager fills out an incident report. The information certainly isn’t secure – it is being sent to people who are not authorised to see it, do not recognise it to be confidential sensitive information and have not been trained to handle this information. These mistakes may be happening throughout the hospital. By reporting the mistake then action can be taken to stop this happening. The suggested correct answer is option 2. [next slide]
  31. Alex’s day at work – Scenario 4 - HR personal file Scenario Description. Alex’s workmate phones him; he says that he is moving some empty cabinets and has just found a full HR file stuck at the back of one of them. What should Alex’s workmate do? Response options 1. Put the file in an office waste bin and move the cabinet. 2. Put the file in the internal mail to the HR Dept. 3. Have a quick look through it and leave it in the cabinet. 4. Tell his line manager, suggesting the file should be returned to HR and the incident reported. [Discuss the options with audience – suggested answer for this scenario is shown below] Think of those two questions: Is the information confidential? Is it secure? Clearly the information in the file is confidential – there could be discipline, occupational health and other confidential information in this irreplaceable file. It certainly isn’t secure; no-one even knows where it is apart from Alex’s workmate. The file should be handed over to his manager and held securely until arrangements are agreed on how to transfer it back to the staff authorised to handle these files – the HR Dept. The incident needs to be reported. There are lessons to be learned here to stop this kind of thing happening again. Maybe the other cabinets should now be thoroughly checked? The suggested correct answer is option 4. (NB: in version 1.03 this was incorrectly indicated as option2) [next slide]
  32. Alex’s day at work – Scenario 5 - A sheet of paper lying in a corridor Scenario Description. Alex finds a sheet of paper on the floor of a hospital corridor. It is a leaflet showing opening times for the staff shop. On the back is written a name, address and telephone number. It is not a name he knows and it is not a hospital telephone number. What should he do? Response options 1. Ring the number and tell whoever answers that a sheet has been found with these details on. 2. Rip the personal details into small bits and throw them in the bin. 3. Pin the leaflet to a nearby notice board where it might be found. 4. Put the sheet of paper in his pocket and think about it later. [Discuss the options with audience – suggested answer for this scenario is shown below] Alex normally asks himself two questions in situations like this: Is the information confidential? Is it secure? But in this case it is not clear if the information: is confidential or public information (it may have been copied from a public telephone directory) needs to be secure All Alex knows is someone’s personal information (name, address and telephone number) is written on a hospital staff shop leaflet which seems to have been dropped by accident. Alex thinks that if these were his details what would he do? If he was at home he would rip up his name and address before putting household bills and letters in the bin (to prevent identity theft). He decides to err on the side of caution and do the same – so he rips the paper up into small pieces and puts it in the bin. The suggested correct answer is option 2. [next slide]
  33. Alex’s day at work – Scenario 6 – Visiting Times Scenario Description. Alex is sitting on the bus home. Someone who knows him is sitting nearby and asks Alex what the hospital visiting times are because her uncle was admitted to the hospital that morning. What can he say? Response options 1. Tell his friend the visiting times 2. Tell his friend that he cannot say as this is confidential information 3. Tell his friend that he cannot say as this is personal information 4. Tell his friend that he cannot say as this is sensitive personal information [Discuss the options with audience – suggested answer for this scenario is shown below] He thinks about the types of information he has learned about: personal sensitive personal anonymous confidential The information about visiting times does not relate to a person so in his mind Alex crosses out the first three. He considers the three criteria needed for information to be confidential and decides none apply to visiting times. He thinks about the security – there is NO reason to protect this information because it is written for the public in the same way that the address and telephone number of the hospital is made available. At the end of a long day, Alex can relax as this is an easy question to answer. The suggested correct answer is option 1. [next slide]
  34. Alex’s day at work Scenarios - Summary Here are the key learning points from the scenarios. Personal, sensitive personal and confidential information is protected by law. It can be written or spoken. It can be about staff or patients. It can be about you or your relatives. We all have a legal responsibility to maintain confidentiality and security. Reporting incidents , rather than ignoring them, is vital to ensure the organisation’ is made aware of measures which are weak. If you are unsure, seek advice or ask your line manager. [next slide]
  35. Title slide for Part 4 – Summary and Confirmation Questions [next slide]
  36. The Beginner's Guide Summary Here are the main learning points of Information Governance: the Beginner’s Guide. the health service is a confidential service and the importance of public trust in all organisations and staff who provide the service what information is confidential, personal, sensitive personal and anonymous which information must be protected what confidentiality and security means the types of security measures adopted to protect this information the vital role of staff in protecting information the importance of reporting incidents. Points to remember If you are unsure what to do you should seek advice from someone who knows what to do or speak to your line manager. Be aware of local policies and managers responsible for information governance (IG), data protection, security and confidentiality. UK law says health information is confidential and sensitive. UK law also says that confidential information must be protected. [next (final) slide]
  37. 37