This document provides a beginner's guide to information governance and management. It covers key topics such as the types of information (confidential, personal, sensitive personal, anonymous), why information needs to be protected, who is responsible, and security measures to protect information. It also includes example scenarios to demonstrate how these policies apply in practice and reinforce the learning. The overall document aims to raise awareness of how important it is to maintain confidentiality and properly manage sensitive personal information, as required by UK law.
Training innovations information governance slideshare 2015Patrick Doyle
What you will learn in this training:
Principles of Information Governance and their application to health and social care organisations
Accessing Information Governance resources including national legislation, guidance and local policies & procedures
Health and social care organisations’ responsibilities
Protection of an individual’s confidentiality and the Caldicott Principles
How to practice and promote a confidential service
Principles of ensuring and maintaining good client records
Recognising / responding to Freedom of Information requests
Keeping Information Secure
Workshop taught by Mark Billinghurst at the ICIDM 2013 conference about using the Junaio platform for designing mobile AR applications. Presented on December 2nd 2013. Provides material about using Metaio Creator, and Junaio coding for developing marker based and GPS based mobile AR applications.
Training innovations information governance slideshare 2015Patrick Doyle
What you will learn in this training:
Principles of Information Governance and their application to health and social care organisations
Accessing Information Governance resources including national legislation, guidance and local policies & procedures
Health and social care organisations’ responsibilities
Protection of an individual’s confidentiality and the Caldicott Principles
How to practice and promote a confidential service
Principles of ensuring and maintaining good client records
Recognising / responding to Freedom of Information requests
Keeping Information Secure
Workshop taught by Mark Billinghurst at the ICIDM 2013 conference about using the Junaio platform for designing mobile AR applications. Presented on December 2nd 2013. Provides material about using Metaio Creator, and Junaio coding for developing marker based and GPS based mobile AR applications.
HIPAAThe day after the medication error, B. Moore’s mother signs.docxpooleavelina
HIPAA
The day after the medication error, B. Moore’s mother signs in at the front desk to get her visitation pass. As she is standing at the front desk, she overhears an inappropriate conversation between Ida Feeney, the unit secretary, and a nurse from a different unit of the hospital.
Ida Feeney and Brenda Turner
Ida Feeney: Did you hear about the Moore kid? It’s a good thing they caught that right away. She’s small for her age, and that insulin could have really done a number on her.
Brenda Turner: Jeez, how much did they give her?
Ida Feeney: Well, she wasn’t supposed to have any. But I forget the actual dose. I’ll look in the EHR later, but I think it was pretty high.
Brenda Turner: Wait, is it Belinda Moore?
Ida Feeney: Yes, why?
Brenda Turner: I think she’s in a gymnastics class with my daughters!
Now that you have observed this inappropriate conversation, answer the following questions about HIPAA regulations.
Question 1: Which regulatory agency is responsible for overseeing the HIPAA privacy and security rule?
Your response:
This question has not been answered yet.
Incorrect.
Correct Answer: U.S Department of Health and Human Services.
The Joint Commission is an independent regulatory agency. It is not part of the U.S. government, and it does not have the authority or responsibility to enforce privacy and security rules.
Incorrect.
Correct Answer: U.S Department of Health and Human Services.
While the DEA is a U.S. government regulatory agency, its purpose is not to oversee the HIPAA privacy and security rules. Its primary responsibility is to enforce controlled substances laws.
Correct!
The U.S Department of Health and Human Services Office of Civil Rights is responsible for enforcing the HIPAA privacy and security rules.
Incorrect.
Correct Answer: U.S Department of Health and Human Services.
While CLIA is a U.S. government regulatory body, its purpose is not to enforce the HIPAA privacy and security rules. CLIA’s purpose is to ensure laboratory testing quality.
Question 2: How would the health care organization’s privacy officer determine whether others who were not involved in the patient’s care had viewed her medical record?
Your response:
This question has not been answered yet.
Expert Response: Health care experts on the HIPAA privacy and security rules indicate the best way to determine whether a patient’s medical record was accessed inappropriately is to conduct file audits. These audits may include, but are not limited to:
· Random file reviews to determine who has recently accessed a patient’s medical record and if this access was warranted.
· Reviews of business associate contracts.
· Audits of disclosures in accordance with the privacy notice, along with the organization’s adherence to confidential communications protocols.
Question 3: Health care experts on the HIPAA privacy and security rules indicate the following as the most appropriate sequence to follow in addressing the potential HIPAA violation.
1. Meet with B. Mo ...
Week 1 Discussion 1Corrections An Overview Please respond .docxcelenarouzie
Week 1 Discussion 1
"Corrections: An Overview" Please respond to the following:
· Examine the concept of professionalism in corrections. Provide your opinion as to whether or not professionalism in the workplace is a worthwhile area for training. Support your response with one (1) example of professionalism in corrections.
· Analyze two (2) types of punishment that were previously used to deter crime. Determine whether or not these types of punishment would be effective means by which to deter crime today. Provide a rationale for your response.
Please reply to the student
Tony GutierrezRE: Week 1 Discussion 1
According to our text, in 1987, Bob Barrington, executive director of the International Association of Correctional Officers, said in a discussion about prisons, "correctional facilities. . . run smoothly and efficiently for one basic reason: the professional and forward-thinking attitudes and actions of the correctional officers employed." Professionalism is always an area that is worthwhile for training. In corrections, when the staff and correctional officers are acting professionally, then the work is being done more effectively. This means that safety and control are more likely being achieved along with many other positive outcomes. Unprofessional behavior can lead to problems with inmates, other staff members, and cause a sense of distrust and bitterness in the correctional department. One example of professionalism in corrections is to treat the inmates with a certain level of respect and dignity, even when they may not deserve it. Inmates will often taunt and disrespect correctional officers, a true professional will still do their job to the highest standard and maintain order and safety in the facility.
Two types of punishment that were previously used to deter crime are:
1. Branding- Branding is a type of mutilation that was used by Roman society. Criminals would be branded with a mark or letter that signified their crimes, and they would be placed on the forehead or another part of the face. This would be used to warn others that the offender has a criminal history.
2. Public humiliation- Public humiliation was used to humiliate the criminal. Some received corporal punishments is public or they had to sit in the stocks were they could be ridiculed, hit with eggs or rotten fruit, and whipped. This also served as a deterrent to other people who may try and commit the same crimes.
I don't believe that either of these types of punishments would be an effective means to deter crime today. Our society thinks much differently today than societies that used these methods in the past. I believe that most people today would consider these to be "cruel and unusual" punishments. Most past societies sought to just punish the criminal, and they did not seek to try and reform him. Our current society believes in punishment and reform, not just punishment. If you are trying to reform a person, branding and humiliation is generally not.
1 Explain the principle of privacy. What impact has IT made on priv.pdfAroraRajinder1
1/ Explain the principle of privacy. What impact has IT made on privacy? Describe the privacy
paradox. Do you agree that a person’s privacy is based to a large extent on what choices that
person has made? Explain why or why not.
2/ Discuss the competing interests and trade offs at work when the issue is privacy. In your
opinion, why are ethics important when there are numerous civil rights and privacy laws?
3/ What do you think of Target\'s predictive analytics? How have you been affected by
organizations that create a profile of you as a customer? Do you agree or would you suggest
changes in how organizations are doing this?
4/ How many more things do you check today compared to a year ago? How long can you go
without checking your devices without experiencing anxiety? When do you put down your
mobiles and concentrate on one thing at a time? Do your answers indicate that you are
experiencing digital or connectivity overload?
5/ Discuss two technologies that are converging and, as a result, are blurring the digital and
physical worlds.
Solution
Principle of Privacy ,
Privacy, is the collection of data has collected for a activity, it is considered for lawful purpose
The person information has been collected from individual for coming to know the original data.
Collection of data should be lawful and there is no place of unfair trade.
Keeping personal information there should be safeguard the data, there is place for unauthorized
entry.
If wrong made, correction of their personal information
Personal Information made with accuracy.
IT impact:
In IT there is lot of chance that unauthorized person getting access the person information for
unfair trade practices the IT made easier to them and quicker and give accurately.
Privacy paradox.
It is happening in social network by teenagers(most of them), there are all giving personal
information to joining the social network afterwards they started to exchange the ideas and data,
which about themselves as well as about others. Most of times that data are true, as soon as
problem will raised for their privacy.
Person’s privacy is based to a large extent :
YES, Privacy concerns all forms of personal communications which a person to keep
private. The information exchanged during a reference interview between the user
and information professional makes privacy to publicly.
Privacy information is related to property right. That concerned person should be kept privacy
not to disclosed with any one. Except any government activities.
_____________________________________________________________________________
______________.
HIPAAThe day after the medication error, B. Moore’s mother signs.docxpooleavelina
HIPAA
The day after the medication error, B. Moore’s mother signs in at the front desk to get her visitation pass. As she is standing at the front desk, she overhears an inappropriate conversation between Ida Feeney, the unit secretary, and a nurse from a different unit of the hospital.
Ida Feeney and Brenda Turner
Ida Feeney: Did you hear about the Moore kid? It’s a good thing they caught that right away. She’s small for her age, and that insulin could have really done a number on her.
Brenda Turner: Jeez, how much did they give her?
Ida Feeney: Well, she wasn’t supposed to have any. But I forget the actual dose. I’ll look in the EHR later, but I think it was pretty high.
Brenda Turner: Wait, is it Belinda Moore?
Ida Feeney: Yes, why?
Brenda Turner: I think she’s in a gymnastics class with my daughters!
Now that you have observed this inappropriate conversation, answer the following questions about HIPAA regulations.
Question 1: Which regulatory agency is responsible for overseeing the HIPAA privacy and security rule?
Your response:
This question has not been answered yet.
Incorrect.
Correct Answer: U.S Department of Health and Human Services.
The Joint Commission is an independent regulatory agency. It is not part of the U.S. government, and it does not have the authority or responsibility to enforce privacy and security rules.
Incorrect.
Correct Answer: U.S Department of Health and Human Services.
While the DEA is a U.S. government regulatory agency, its purpose is not to oversee the HIPAA privacy and security rules. Its primary responsibility is to enforce controlled substances laws.
Correct!
The U.S Department of Health and Human Services Office of Civil Rights is responsible for enforcing the HIPAA privacy and security rules.
Incorrect.
Correct Answer: U.S Department of Health and Human Services.
While CLIA is a U.S. government regulatory body, its purpose is not to enforce the HIPAA privacy and security rules. CLIA’s purpose is to ensure laboratory testing quality.
Question 2: How would the health care organization’s privacy officer determine whether others who were not involved in the patient’s care had viewed her medical record?
Your response:
This question has not been answered yet.
Expert Response: Health care experts on the HIPAA privacy and security rules indicate the best way to determine whether a patient’s medical record was accessed inappropriately is to conduct file audits. These audits may include, but are not limited to:
· Random file reviews to determine who has recently accessed a patient’s medical record and if this access was warranted.
· Reviews of business associate contracts.
· Audits of disclosures in accordance with the privacy notice, along with the organization’s adherence to confidential communications protocols.
Question 3: Health care experts on the HIPAA privacy and security rules indicate the following as the most appropriate sequence to follow in addressing the potential HIPAA violation.
1. Meet with B. Mo ...
Week 1 Discussion 1Corrections An Overview Please respond .docxcelenarouzie
Week 1 Discussion 1
"Corrections: An Overview" Please respond to the following:
· Examine the concept of professionalism in corrections. Provide your opinion as to whether or not professionalism in the workplace is a worthwhile area for training. Support your response with one (1) example of professionalism in corrections.
· Analyze two (2) types of punishment that were previously used to deter crime. Determine whether or not these types of punishment would be effective means by which to deter crime today. Provide a rationale for your response.
Please reply to the student
Tony GutierrezRE: Week 1 Discussion 1
According to our text, in 1987, Bob Barrington, executive director of the International Association of Correctional Officers, said in a discussion about prisons, "correctional facilities. . . run smoothly and efficiently for one basic reason: the professional and forward-thinking attitudes and actions of the correctional officers employed." Professionalism is always an area that is worthwhile for training. In corrections, when the staff and correctional officers are acting professionally, then the work is being done more effectively. This means that safety and control are more likely being achieved along with many other positive outcomes. Unprofessional behavior can lead to problems with inmates, other staff members, and cause a sense of distrust and bitterness in the correctional department. One example of professionalism in corrections is to treat the inmates with a certain level of respect and dignity, even when they may not deserve it. Inmates will often taunt and disrespect correctional officers, a true professional will still do their job to the highest standard and maintain order and safety in the facility.
Two types of punishment that were previously used to deter crime are:
1. Branding- Branding is a type of mutilation that was used by Roman society. Criminals would be branded with a mark or letter that signified their crimes, and they would be placed on the forehead or another part of the face. This would be used to warn others that the offender has a criminal history.
2. Public humiliation- Public humiliation was used to humiliate the criminal. Some received corporal punishments is public or they had to sit in the stocks were they could be ridiculed, hit with eggs or rotten fruit, and whipped. This also served as a deterrent to other people who may try and commit the same crimes.
I don't believe that either of these types of punishments would be an effective means to deter crime today. Our society thinks much differently today than societies that used these methods in the past. I believe that most people today would consider these to be "cruel and unusual" punishments. Most past societies sought to just punish the criminal, and they did not seek to try and reform him. Our current society believes in punishment and reform, not just punishment. If you are trying to reform a person, branding and humiliation is generally not.
1 Explain the principle of privacy. What impact has IT made on priv.pdfAroraRajinder1
1/ Explain the principle of privacy. What impact has IT made on privacy? Describe the privacy
paradox. Do you agree that a person’s privacy is based to a large extent on what choices that
person has made? Explain why or why not.
2/ Discuss the competing interests and trade offs at work when the issue is privacy. In your
opinion, why are ethics important when there are numerous civil rights and privacy laws?
3/ What do you think of Target\'s predictive analytics? How have you been affected by
organizations that create a profile of you as a customer? Do you agree or would you suggest
changes in how organizations are doing this?
4/ How many more things do you check today compared to a year ago? How long can you go
without checking your devices without experiencing anxiety? When do you put down your
mobiles and concentrate on one thing at a time? Do your answers indicate that you are
experiencing digital or connectivity overload?
5/ Discuss two technologies that are converging and, as a result, are blurring the digital and
physical worlds.
Solution
Principle of Privacy ,
Privacy, is the collection of data has collected for a activity, it is considered for lawful purpose
The person information has been collected from individual for coming to know the original data.
Collection of data should be lawful and there is no place of unfair trade.
Keeping personal information there should be safeguard the data, there is place for unauthorized
entry.
If wrong made, correction of their personal information
Personal Information made with accuracy.
IT impact:
In IT there is lot of chance that unauthorized person getting access the person information for
unfair trade practices the IT made easier to them and quicker and give accurately.
Privacy paradox.
It is happening in social network by teenagers(most of them), there are all giving personal
information to joining the social network afterwards they started to exchange the ideas and data,
which about themselves as well as about others. Most of times that data are true, as soon as
problem will raised for their privacy.
Person’s privacy is based to a large extent :
YES, Privacy concerns all forms of personal communications which a person to keep
private. The information exchanged during a reference interview between the user
and information professional makes privacy to publicly.
Privacy information is related to property right. That concerned person should be kept privacy
not to disclosed with any one. Except any government activities.
_____________________________________________________________________________
______________.
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordinary And Special Businesses And Ordinary And Special Resolutions with Companies (Postal Ballot) Regulations, 2018
Lifting the Corporate Veil. Power Point Presentationseri bangash
"Lifting the Corporate Veil" is a legal concept that refers to the judicial act of disregarding the separate legal personality of a corporation or limited liability company (LLC). Normally, a corporation is considered a legal entity separate from its shareholders or members, meaning that the personal assets of shareholders or members are protected from the liabilities of the corporation. However, there are certain situations where courts may decide to "pierce" or "lift" the corporate veil, holding shareholders or members personally liable for the debts or actions of the corporation.
Here are some common scenarios in which courts might lift the corporate veil:
Fraud or Illegality: If shareholders or members use the corporate structure to perpetrate fraud, evade legal obligations, or engage in illegal activities, courts may disregard the corporate entity and hold those individuals personally liable.
Undercapitalization: If a corporation is formed with insufficient capital to conduct its intended business and meet its foreseeable liabilities, and this lack of capitalization results in harm to creditors or other parties, courts may lift the corporate veil to hold shareholders or members liable.
Failure to Observe Corporate Formalities: Corporations and LLCs are required to observe certain formalities, such as holding regular meetings, maintaining separate financial records, and avoiding commingling of personal and corporate assets. If these formalities are not observed and the corporate structure is used as a mere façade, courts may disregard the corporate entity.
Alter Ego: If there is such a unity of interest and ownership between the corporation and its shareholders or members that the separate personalities of the corporation and the individuals no longer exist, courts may treat the corporation as the alter ego of its owners and hold them personally liable.
Group Enterprises: In some cases, where multiple corporations are closely related or form part of a single economic unit, courts may pierce the corporate veil to achieve equity, particularly if one corporation's actions harm creditors or other stakeholders and the corporate structure is being used to shield culpable parties from liability.
A "File Trademark" is a legal term referring to the registration of a unique symbol, logo, or name used to identify and distinguish products or services. This process provides legal protection, granting exclusive rights to the trademark owner, and helps prevent unauthorized use by competitors.
Visit Now: https://www.tumblr.com/trademark-quick/751620857551634432/ensure-legal-protection-file-your-trademark-with?source=share
Car Accident Injury Do I Have a Case....Knowyourright
Every year, thousands of Minnesotans are injured in car accidents. These injuries can be severe – even life-changing. Under Minnesota law, you can pursue compensation through a personal injury lawsuit.
Matthew Professional CV experienced Government LiaisonMattGardner52
As an experienced Government Liaison, I have demonstrated expertise in Corporate Governance. My skill set includes senior-level management in Contract Management, Legal Support, and Diplomatic Relations. I have also gained proficiency as a Corporate Liaison, utilizing my strong background in accounting, finance, and legal, with a Bachelor's degree (B.A.) from California State University. My Administrative Skills further strengthen my ability to contribute to the growth and success of any organization.
In 2020, the Ministry of Home Affairs established a committee led by Prof. (Dr.) Ranbir Singh, former Vice Chancellor of National Law University (NLU), Delhi. This committee was tasked with reviewing the three codes of criminal law. The primary objective of the committee was to propose comprehensive reforms to the country’s criminal laws in a manner that is both principled and effective.
The committee’s focus was on ensuring the safety and security of individuals, communities, and the nation as a whole. Throughout its deliberations, the committee aimed to uphold constitutional values such as justice, dignity, and the intrinsic value of each individual. Their goal was to recommend amendments to the criminal laws that align with these values and priorities.
Subsequently, in February, the committee successfully submitted its recommendations regarding amendments to the criminal law. These recommendations are intended to serve as a foundation for enhancing the current legal framework, promoting safety and security, and upholding the constitutional principles of justice, dignity, and the inherent worth of every individual.
HSCIC IG Training - The Beginners’ Guide To Information Governance
1. Information Governance and
IG Management
The Beginners’ Guide To
Information Governance
Version 1.03 – June 2011 1Beginners’ Guide to Information Governance
2. The Beginners’ Guide To
Information Governance
Introduction
Version 1.03 – June 2011 2Beginners’ Guide to Information Governance
3. Contents
Version 1.03 – June 2011 3Beginners’ Guide to Information Governance
• Why is this training necessary?Part 1. Awareness and Training
• Types of Information and
information terms
Part 1. Personal / Sensitive Personal
/ Anonymous / Confidential
• What do these terms mean?
• Who is responsible?
Part 2. Confidentiality and Security
• Some example scenarios for
discussionPart 3. Example Scenarios
• To confirm your understanding
of this topic
Part 4. Summary and Confirmation
Questions
4. Part 1
Version 1.03 – June 2011 4Beginners’ Guide to Information Governance
Training – Why is it necessary?
and
Types of Information
5. Why is Training Needed?
The NHS provides a
confidential service
The NHS relies
upon patient trust
Version 1.03 – June 2011 5Beginners’ Guide to Information Governance
6. Types of Information
Version 1.03 – June 2011 6Beginners’ Guide to Information Governance
• Confidential
• Personal
• Sensitive
personal
• Anonymised
Is all
information the
same?
7. Types Of Information
Version 1.03 – June 2011 7Beginners’ Guide to Information Governance
Confidential
information
8. What information is Confidential?
Version 1.03 – June 2011 8Beginners’ Guide to Information Governance
1. Swine 'flu and avian 'flu
2. Your symptoms and general health
3. Only what the doctor wrote down
about your health
4. Your name and address
9. What makes information
‘confidential’?
Version 1.03 – June 2011 9Beginners’ Guide to Information Governance
your private information
about you
you gave it to someone
who has a duty of
confidence
you expect it to be used in
confidence
Confidential
Information
UK law says health information is confidential
10. Types of Information
Version 1.03 – June 2011 10Beginners’ Guide to Information Governance
Name
Address
Date of birth
Home telephone number
Postcode
Confidential
Personal
Sensitive Personal
Anonymous
11. Types of Information
Version 1.03 – June 2011 11Beginners’ Guide to Information Governance
Racial or ethnic origin
Political opinions
Religious beliefs
Trade union membership
Physical or mental health
Sexual life
Criminal record
Other – e.g. bank
Confidential
Personal
Sensitive Personal
Anonymous
12. Types of Information
Version 1.03 – June 2011 12Beginners’ Guide to Information Governance
No reference number
No identifier
Mr X from Surrey wins
lottery
Cannot be matched to
anyone
Confidential
Personal
Sensitive Personal
Anonymous
13. Confirm – choose which criteria
make information ‘confidential’?
Version 1.03 – June 2011 13Beginners’ Guide to Information Governance
??
??
??
Confidential
Information
UK law says health information is confidential
It is private and personal to someone?
It is disclosed to someone who has a
duty of confidence?
It is expected to be used in confidence?
It has not been given to anyone else?
It is written down?
14. Confirm – choose which criteria
make information ‘confidential’?
Version 1.03 – June 2011 14Beginners’ Guide to Information Governance
??
??
??
Confidential
Information
UK law says health information is confidential
It is private and personal to someone
It is disclosed to someone who has a
duty of confidence
It is expected to be used in confidence
It has not been given to anyone else?
It is written down?
15. Types of Information
- Summary
Version 1.03 – June 2011 15Beginners’ Guide to Information Governance
• 3 criteriaConfidential
• Such as your name, address, postcodePersonal
• Such as your healthSensitive Personal
• Not personal therefore not confidentialAnonymous
UK law says health information is confidential
UK law says health information is sensitive personal information
16. Part 2
Version 1.03 – June 2011 16Beginners’ Guide to Information Governance
Confidentiality and Security
17. Confidentiality and Security
Version 1.03 – June 2011 17Beginners’ Guide to Information Governance
Protecting Information:
What and Why?
Who and When?
How?
18. What and Why?
Version 1.03 – June 2011 18Beginners’ Guide to Information Governance
What Must be
Protected?
Confidential
Personal
Sensitive
Personal
Why Protect it?
Legal
Confidential
Service
Patient Trust
No Protection
Anonymous
Public Domain
UK law says health information is sensitive personal information
UK law says health information is confidential
19. Who and When?
Version 1.03 – June 2011 19Beginners’ Guide to Information Governance
Who?
Organisation Board
Health Professionals
All Employees
All 3rd parties
When?
From creation to secure
destruction
Locations, Formats
Duty of Confidence even
after employment ends
20. How do we protect information?
Version 1.03 – June 2011 20Beginners’ Guide to Information Governance
Information Governance
(The rules on handling information)
Security Measures
Physical
People
Electronic
Confidentiality Measures
Restrict people
Restrict information
Train Staff
Enforce
22. Security
Which Measures?
Version 1.03 – June 2011 22Beginners’ Guide to Information Governance
•CCTV
•intruder alarms
•passwords
•encryption
?
•character references
•vetting and background checks
•awareness, education and training?
•Walls, fences, gates
•lockable doors, windows and
cabinets
•security lighting
?
23. Security Measures
Plan and Overlap
Version 1.03 – June 2011 23Beginners’ Guide to Information Governance
Electronic
• CCTV
• intruder alarms
• passwords
• encryption
People
• character references
• vetting and background
checks
• awareness, education
and training
Physical
•Walls, fences, gates
•lockable doors,
windows and cabinets
•security lighting
24. How Are We Doing?
Version 1.03 – June 2011 24Beginners’ Guide to Information Governance
Incident Reporting
Proactive
An identified
weakness
Reactive
A breach has
occurred
25. Confidentiality and Security - Summary
Version 1.03 – June 2011 25Beginners’ Guide to Information Governance
• UK law says health information is
confidentialLegal Requirement
• What needs protection, why, how, who
and when
Confidential and
Security
•Plan and overlap physical, people and
electronic measures
Security
• Vital to improve weaknesses and
prevent incidents happening againIncident reports
26. Part 3
Version 1.03 – June 2011 26Beginners’ Guide to Information Governance
Example Scenarios
27. Confidentiality and Security
Scenarios - Alex’s day at work
Version 1.03 – June 2011 27Beginners’ Guide to Information Governance
By the end of this section you will know that
confidentiality and security involves every member
of staff.
Alex knows that personal information given to the
NHS is nearly always confidential - and patient
information certainly is.
Alex walks into the hospital where he works. It’s
going to be an eventful day as Alex will face a
number of problems ...
28. Confidentiality and Security
Scenario 1 - Photocopier
Version 1.03 – June 2011 28Beginners’ Guide to Information Governance
Alex is at a photocopier and finds a pay statement
left in the machine. It is a hospital employee’s.
What should Alex do with this?
1. Leave it on the photocopier and hope the
person comes back to collect it.
2. Tell his line manager and suggest sending the
statement to the Pay Dept and reporting the
incident.
3. Go and look for the person and hand it to them.
4. Rip it into shreds and put it into a bin.
29. Confidentiality and Security
Scenario 2 - An Unexpected Email
Version 1.03 – June 2011 29Beginners’ Guide to Information Governance
Alex is working at his computer when he receives
an unexpected email. He sees that it contains a list
of patients that are receiving dialysis treatment.
What should he do with the email?
1. Delete it.
2. Delete it but also mention it to his line manager
when convenient.
3. Forward the e-mail to colleague and ask what to
do.
4. Tell his line manager, report the incident and
secure the information.
30. Confidentiality and Security
Scenario 3 - A Job Application Form
Version 1.03 – June 2011 30Beginners’ Guide to Information Governance
Alex’s manager is going through a completed job
application forms sent from HR. The ethnicity sections of
the form have not been removed before being sent to her.
She asks Alex if this is okay. What should Alex say?
1. Tell his manager that it’s fine - as long as she treats
the information confidentially.
2. Tell her that this is confidential ‘sensitive personal’
information which should be securely returned to the HR
and reported.
3.Tell her that it is ‘sensitive personal’ information but
nothing to worry about.
4. Tell her that she should call HR and complain.
31. Confidentiality and Security
Scenario 4 - HR Personal File
Version 1.03 – June 2011 31Beginners’ Guide to Information Governance
Alex’s workmate phones him; he says that he is moving
some empty cabinets and has just found a full HR file
stuck at the back of one of them. What should Alex’s
workmate do?
1. Put the file in an office waste bin and move the
cabinet.
2. Put the file in the internal mail to the HR Dept.
3. Have a quick look through it and leave it in the
cabinet.
4. Tell his line manager, suggesting the file should be
returned to HR and the incident reported.
32. Confidentiality and Security
Scenario 5 - Paper In a Corridor
Version 1.03 – June 2011 32Beginners’ Guide to Information Governance
Alex finds a sheet of paper on the floor of a hospital
corridor. It is a leaflet showing opening times for the staff
shop. On the back is written a name, address and
telephone number. It is not a name he knows and it is not
a hospital telephone number. What should he do?
1. Ring the number and tell whoever answers that a
sheet has been found with these details on.
2. Rip the personal details into small bits and throw them
in the bin.
3. Pin the leaflet to a nearby notice board where it might
be found.
4. Put the sheet of paper in his pocket and think about it
later.
33. Confidentiality and Security
Scenario 6 – Visiting Times
Version 1.03 – June 2011 33Beginners’ Guide to Information Governance
Alex is sitting on the bus home. Someone who knows him
is sitting nearby and asks Alex what the hospital visiting
times are because her uncle was admitted to the hospital
that morning. What can he say?
1. Tell his friend the visiting times
2. Tell his friend that he cannot say as this is confidential
information
3. Tell his friend that he cannot say as this is personal
information
4. Tell his friend that he cannot say as this is sensitive
personal information
34. Confidentiality and Security
Scenarios - Summary
Version 1.03 – June 2011 34Beginners’ Guide to Information Governance
Confidential information is protected by law.
Confidential information may be written or
spoken.
Confidential information may be about staff or
patients (including you and your relatives).
We all have a legal responsibility to maintain
confidentiality.
Reporting incidents is vital to improvement.
If you are unsure, seek advice or ask your line
manager.
35. Part 4
Version 1.03 – June 2011 35Beginners’ Guide to Information Governance
The Beginners’ Guide To Information
Governance – Summary
and
Confirmatory Questions
36. The Beginners’ Guide To Information
Governance - Summary
Version 1.03 – June 2011 36Beginners’ Guide to Information Governance
• A confidential service which relies on
public trustThe NHS
• What needs protection, why, how, who
and when
Confidential and
Security
•Vital to improve weaknesses and
prevent incidents happening again
Incident reports
• Seek adviceIf in doubt?
UK law says health information is confidential
UK law says health information is sensitive personal information
37. The Beginners’ Guide To
Information Governance
Confirmatory Questions
Version 1.03 – June 2011 37Beginners’ Guide to Information Governance
Editor's Notes
1
Welcome to this learning module on the Beginner’s Guide to Information Governance.
Background
What would you do if you picked up a piece of litter at work and found it was a sheet of confidential information from a HR file?Is this a common event which you expect to come across quite often?
Do you think it matters?Would you think any differently if the sheet of paper was from your own HR file - or it was from a patient’s record (and you were that patient)?
Opinion 1. The NHS deals with vast volumes of confidential information each day. Some of you may think that the NHS is so large that mistakes are unavoidable.
Opinion 2. Some of you may think that if the NHS deals with such large amounts of information each day – then information handling should be so well established that mistakes should not happen.
No matter which opinion you hold – one thing we can all agree is that we must do all we can to work towards minimising the number and seriousness of incidents which do occur.Aim. This module is an introductory level learning module which explains:
The difference between types of information about people - 'personal information‘ and 'sensitive' personal information and anonymous information
What information is confidential – and why
What 'confidentiality measures’ means, what information it applies to and how confidentiality is maintained
What ‘security measures’ mean, how good security is planned and how it involves all employees
The importance of identifying and reporting confidentiality and security incidents and weaknesses to highlight issues and help organisations improve
This module includes scenarios to help us recognise and deal with everyday situations which you may come across.
Target audience. The module is designed to help you as non-clinical staff, know what to do whenever you come across personal data in either written or verbal form .
Format. A lot of this module deals with definitions – but to overcome this we will discuss some scenarios to help you recognise and deal with everyday situations which involve spoken and written information.
Duration. This whole module should take around 60 minutes? to complete.
[next slide]
Contents
Part 1.
Why this training is necessary
Types of Information and Information Terms
Personal
Sensitive Personal
Anonymous
Confidential
Part 2.
Confidentiality and security - what do these terms mean and who is responsible?
Part 3.
We will then discuss some scenarios to help illustrate the learning points covered in the module
Part 4.
[OPTIONAL] Finally, there are questions at the end of the module to confirm the learning objectives have been achieved [questions are recommended but are not provided with this slide pack]
[next slide]
PART 1 - Title slide
[next slide]
Why is Training Needed?
The NHS provides a confidential service
Patient information is confidential because the relationship between a patient and a healthcare professional is based on confidentiality and this is supported in law.
There can be no truly confidential service unless everyone who works in the NHS knows what information is ‘confidential’ and how to keep it confidential. We all need to make sure information is kept secure and report incidents if they happen. How else will we improve? How else can we make sure we are complying with the law?
Every one of us must contribute. No matter how often or how rarely we have contact with patients or information about patients, we can all report problems that we see. If we don’t recognise problems, they are not reported and are in danger of becoming accepted working practice.
A confidential service means all NHS organisations and employees (including volunteers and anyone else who may come into contact with confidential information) have a duty of confidentiality – not just the doctors and other health professionals with whom patients have direct contact. This obligation is written into employment contracts to ensure we all have an enforceable obligation to maintain confidentiality and support the organisation in meeting its legal obligations by maintaining adequate security to protect the information we receive from patients (and staff).
The NHS relies upon patient trust
Patients trust the NHS to use and record their medical details; look after the details securely and only share them with those who need to see them.
“Patient Information Held Securely!” is not a headline you will see in a national newspaper because patients expect (and it is enforced by law) that we look after information properly. We are in a position of public trust because we work for the NHS – and we have to work hard to avoid failures that could become the next day’s headline and lead to fines against NHS organisations or staff.
So the purpose of this session is to explain what information is confidential and the part we all play in both keeping it confidential and secure, and in reporting problems .
So why is training necessary? We can’t provide a confidential service or maintain the trust of patients unless all NHS employees know:
What information is confidential
What to do when dealing with confidential information
Today we are looking at this topic as NHS staff – but at some time in our lives we will be patients too.
[next slide]
Types of Information
Is all information the same? No!
Working in the NHS we come into contact with lots of information about people. Some of this information is limited to peoples’ names and contact details; some will be about their health.
Information given to the NHS ‘in confidence’ by patients is given for use in providing healthcare – and not for any other purpose.
This means the information is ‘confidential’ – and includes names and addresses as well as health information. There are four main terms used for information that you should be aware of:
Confidential
Personal
Sensitive personal
Anonymised
We don’t need to get bogged down with any long, or legally approved, definitions in this module. The principles are the same throughout healthcare. We will explain these terms by looking through an example. … [on next slide]
[next slide]
Types of information
Confidential information
Look and listen to the situation we describe here and then on the next slide we will discuss the answer to a question about it.
[READ ALOUD]
You are feeling unwell and chat about it with your partner who suggests you go and see your doctor. You have heard quite a lot about ‘avian flu’ and ‘swine flu’ on the radio recently, so you are a bit worried.
You make an appointment with the local surgery. You know that the surgery already has your name, address, date of birth and other details in your record when you registered at the surgery years ago.
[next slide]
What information is confidential?
[READ ALOUD]
At the appointment with your Doctor, you:
describe your symptoms
mention that the TV news that morning was "all about swine 'flu and avian 'flu”.
The Doctor makes some notes about you (which go into your medical record) and gives you a prescription (which you put in your pocket).
---------------------------
On the slide there are various statements. There are two or more correct options in the following.
1. The information about swine 'flu and avian 'flu is confidential
2. What you told the doctor about your symptoms and general health is confidential
3. Only what the doctor wrote down about your health is confidential
4. The information the doctor has about your name and address is confidential
[Identify the confidential information – not the reasons why (which are shown on the next slide)]
The correct responses are:
The information about swine 'flu and avian 'flu is confidential [WRONG].
The information about swine flu or avian flu is certainly not confidential. It is public information; it has been on the television and the radio.
What you told the doctor about your symptoms and general health is confidential [CORRECT].
The information you discussed with your doctor about your health is confidential. The fact that you talked about your health to someone other than the doctor (your partner) doesn’t affect your expectation that the doctor will not disclose your health details.
Only what the doctor wrote down about your health is confidential [WRONG].
Confidential information is both the information which the doctor remembers about your health as well as what was written down and put in your record.
The information the doctor has about your name and address is confidential [CORRECT].
Your name and address are also confidential because they are necessary so you can receive NHS healthcare – and not used for any other purpose.
[next slide]
What makes information confidential?
We have just seen an example of confidential information, but what exactly makes it confidential?
It is confidential because it meets three conditions:
One: it is your private information about you
Two: you gave it to someone who has a duty of confidence (in this case the doctor or staff who work on behalf of the doctor)
Three: you expect it to be used in confidence
Note: The duty of confidence can be broken in special circumstances such as a need to protect the public e.g. serious crime or to prevent abuse. These situations which would need to be justified (in court if necessary) are not covered in this beginners’ module.
UK law says health information is confidential.
Now let’s explain the meaning of anonymous information as well as the difference between personal and sensitive personal information which might be disclosed …… [next slide]
[next slide]
Personal information
We have just explained confidential information. We will now cover the other types of information – starting with Personal information.
Personal information. UK law describes personal information (as the term implies) – as information about a person. The most obvious personal information is:
Name
Address
Date of birth
Home telephone number
Postcode
Personal information can also be your job, the school you went to, your car – or even the items you buy that are recorded on a supermarket loyalty card as these can be linked to you and could be used to identify you.
UK Law sets out rules which must be followed if organisations collect or use personal information. The law says that personal information must be obtained fairly and lawfully, be protected by adequate security and only be used for the purpose it was gathered e.g.:
You get a job with the NHS and are asked to provide your bank details - so you go to a bank to open a new account. The bank asks you to fill out a form to set up an account for you. The form asks for your name, date of birth, address and other details and the bank require two utility bills so your identity can be verified. You take a gas bill and an electricity bill.
You receive your account details within a week or so and give these to your NHS employer.
The law may be broken if the bank or your employer acts unlawfully or unfairly by :
Giving or selling your details to other organisations without your permission (perhaps to other utility companies or - or
Failing to look after your details e.g. not destroying your records properly or not taking adequate measures over the phone to verify you are who you say you are before transferring money
– and if you are caused you damage or distress by these actions you may seek compensation!
No Name identification. Personal information can often directly identify a person – such as a name (especially unusual names) but some personal information can be matched to identify a person without knowing his or her name. For example, a man drives a white car and parks in the same place every day. He is identifiable from everyone else though we do not know his name.
[next slide]
Sensitive personal information
UK law defines sensitive personal information as the following:
Racial or ethnic origin
Political opinions
Religious beliefs
Trade union membership
Physical or mental health or condition [highlighted]
Sexual life
Criminal record
The same legal principles which apply to personal information also apply to sensitive personal information - but the damage or distress caused by a loss or misuse of your sensitive personal information is expected to cause greater damage or distress e.g. an organisation selling your health details to private medical companies or the loss of your occupational health reports.
Other sensitive information. There is other personal information that can also cause a person damage or distress – but is not included in the list. Imagine your bank details, your salary, your credit card details, passport details or your National Insurance Number ending up in the wrong hands.
These pieces of information could lead to someone stealing your identity, running up bills in your name and ruining your credit rating.
Certainly, this could also fall into the 'sensitive' category (and whoever failed to look after your information could end up in court for not safeguarding your information).
UK law says health information is sensitive personal information. Working, as we do, in the NHS we are going to concentrate on information about people’s physical or mental health. So, this is the type of information that we will focus on in this module.
No Name identification. Personal and sensitive personal information must be linked to an identifiable person – or it is ‘anonymous’. This means that information must still be protected if it applies to an unnamed person who can still be identified e.g. ‘the patient in X-Ray who has MRSA’, ‘the hip fracture patient admitted to Ward nine last night’, or a patient who can be identified by his rare disease or drug treatment.
Anonymous information
Whenever possible, the NHS replaces patient names with reference numbers. This can often make it possible to discuss or write about a patient’s illness without identifying him or her by name. If this information is lost then it is unlikely that the person’s identity will be known.
If we take it one stage further by removing the reference number (or any other identifier) completely, then this information is fully anonymous and can be used to analyse trends in illnesses and plan future health service needs – without compromising patient confidentiality.
Information can be so vague it cannot be matched to anyone and is therefore anonymous: “Mr. X from Surrey wins lottery”. As we have no idea who Mr X is – then this is not personal information!
We need to make sure anonymous information is really anonymous. This even means considering if a patient can be identified because they have a very rare illness.
Recap - what makes information confidential?
You’ve now covered an explanation of confidentiality and explanation of information types.
Let’s just remind ourselves - information is confidential because it meets which criteria?
There are two or more options which are correct.
[THE NEXT SLIDE HIGHLIGHTS THE CORRECT ANSWERS]
Recap - what makes information confidential?
[ANSWER]
There are two or more options which are correct.
It is private and personal to someone [CORRECT]
It is disclosed to someone who has a duty of confidence [CORRECT]
It is expected to be used in confidence [CORRECT]
It has not been given to anyone else [WRONG]
It is written down [WRONG]
[Learning Points to emphasise]
Anonymous information is not personal information
Personal and sensitive personal information are not automatically confidential. These types of information are only confidential if disclosed in circumstances which meet the three criteria on the slide.
[next slide]
Types of information
Summary
These are the key learning points for the topic Types of Information.
You have covered the fact that there are different types of information:
Personal information, which covers things like your name, address, postcode
Sensitive information, such as your health.
This information can be ‘confidential’ if it is given because of a relationship where confidentiality is expected – as we described earlier.
Anonymous information cannot identify a person – and is therefore not confidential.
In UK law health information is both sensitive AND confidential.
PART 2
Title slide - Confidentiality and Security
Confidentiality and Security - Protecting Information:
Introduction.
The NHS holds 'Personal and Sensitive Personal Information' about millions of people – NHS staff as well as our patients.
The details are names, addresses, dates of birth, NHS numbers AND related information about physical or mental health condition.
Safeguarding such a large amount of this information in a lockable area such as a Patient Records Department (or a HR Department) is fairly secure - but information is not obtained simply to store in locked rooms . The information is required wherever it is needed – on wards, clinics, sent and received by departments across a Trust, between Trusts or other healthcare providers. Letters are sent to patients which contain their confidential health information.
In this third part of the module we will look at information protection – the:
What and Why?
Who and When?
How?
18
19
20
Security Planning. A key principle of security is planning. It is of little use to spend money, time and effort:
Protecting one part of the building - but not the other.
Locking doors – but not the windows.
Putting password protection on computers – but not training staff to use passwords.
Planning is needed to ensure all security measures contribute to raise the level of security and help staff work effectively within the rules.
Some measures apply across the whole organisation – such as wearing identification badges and uniform if issued, while others are specific to the work we do – such as a CCTV tapes being managed and stored securely to provide evidence acceptable in court. Each measure has its place and contributes to our overall security.
Security measures will be supported by policies, procedures and guidance to make sure all staff know what to do. Each measure will be documented in policy, procedures and guidance.
Overlapping measures
A second key principle of security is to overlap security measures to avoid a situation where only one measure protects against a risk. The danger of relying on one single measure is that it may not be 100% reliable – or worse it may fail completely and without warning. So whenever possible, security measures should be overlapped and planned to take into account measures that are already in place across the organisation.
Security Measures
You can see the types of measures on the slide. Can you think of some security measures that fit into these categories?
[the next slide has a confirmatory question]
Security Measures
[discuss which measures fit into which category]
[The suggested answer is on the next slide]
Security Measures
Security Measures protect against risks to the organisation – including risks such as loss, theft or compromise of information we need to protect. The measures are grouped into three types:
Physical Measures - such as walls, fences and gates, lockable doors, windows and cabinets, security lighting.
People Measures - such as character references, vetting and background checks, awareness, education and training.
Electronic Measures - such as CCTV, intruder alarms, passwords, encryption.
Incident Reporting
So the organisation carries out its security planning, overlaps its security measures and puts measures in place which includes making sure we all have a duty of confidence and are aware of what this means.
but what can be done to help an organisation improve or measure the success or failure of these measures? The answer is Incident Reporting.
Incident reports are vital to highlight weaknesses and prevent incidents happening (or happening again).
Probably the worst position for an organisation is not knowing:
that a risk exists - or has increased (e.g. a spate of computer thefts has taken place in hospitals nearby) – or
that security measures are not being used or are not working (e.g. doors are wedged open instead of being closed and locked – or security lighting is broken and hasn’t been fixed ).
The same principles apply outside of work – for example:
burglaries in your neighbourhood have increased (so the risk to your house exists and has increased)
your car alarm doesn’t work (the security measure was not working).
The necessary measures are often put in place too late – after the incident has happened. This is REACTIVE. The measures are reviewed after the complaint or mistake has happened.
That’s why it’s important to report weaknesses and potential issues. This is PROACTIVE. It helps cut down complaints and improves what we do BEFORE an incident occurs.
[next slide]
Confidentiality and Security
Summary
Here are the key learning points that you have covered in Explain 'confidentiality' and 'security'.
By law the NHS must protect personal information which is confidential.
Confidentiality measures preserve the confidentiality status of information
Security measures should overlap to avoid reliance on just one measure which may fail. Physical, people and electronic measures can be taken to protect information.
Incident reports are vital to improve weaknesses and prevent incidents happening again.
[next slide]
PART 3
Title slide – Example Scenarios
[next slide]
Confidentiality and Security Scenarios - Alex’s day at work
We will now look at several scenarios involving information and discuss appropriate actions.
The aim of the section is to emphasise that, working for the NHS there will be times when you see or hear confidential information - even if those occasions are very rare - so you need to know what confidential information is and what to do. We all have a responsibility for Confidentiality and Security – no matter where we work or what job we do.
As we go through the issues on the following slides, consider if these could happen where you work? Or have you got similar examples that you would like to mention.
[next slide]
28
29
Alex’s day at work – Scenario 3 - A job application form
Scenario Description. Alex’s manager is going through a completed job application forms sent from HR. The ethnicity sections of the form have not been removed before being sent to her. She asks Alex if this is okay. What should Alex say?
Response options
1. Tell his manager that it’s fine - as long as she treats the information confidentially.
2. Tell her that this is confidential ‘sensitive personal’ information which should be securely returned to the HR and reported.
3.Tell her that it is ‘sensitive personal’ information but nothing to worry about.
4. Tell her that she should call HR and complain.
[Discuss the options with audience – suggested answer for this scenario is shown below]
If you think of the two questions:
Is the information confidential? The answer is ‘yes’
Is it secure? No it isn’t.
This ethnic information is protected by law in the same way that health information is. It is 'sensitive personal' information provided in confidence by job applicants and should not be made available to the recruiting manager. Because of this Alex should suggest that his manager fills out an incident report.
The information certainly isn’t secure – it is being sent to people who are not authorised to see it, do not recognise it to be confidential sensitive information and have not been trained to handle this information.
These mistakes may be happening throughout the hospital. By reporting the mistake then action can be taken to stop this happening.
The suggested correct answer is option 2.
[next slide]
Alex’s day at work – Scenario 4 - HR personal file
Scenario Description. Alex’s workmate phones him; he says that he is moving some empty cabinets and has just found a full HR file stuck at the back of one of them. What should Alex’s workmate do?
Response options
1. Put the file in an office waste bin and move the cabinet.
2. Put the file in the internal mail to the HR Dept.
3. Have a quick look through it and leave it in the cabinet.
4. Tell his line manager, suggesting the file should be returned to HR and the incident reported.
[Discuss the options with audience – suggested answer for this scenario is shown below]
Think of those two questions:
Is the information confidential?
Is it secure?
Clearly the information in the file is confidential – there could be discipline, occupational health and other confidential information in this irreplaceable file. It certainly isn’t secure; no-one even knows where it is apart from Alex’s workmate.
The file should be handed over to his manager and held securely until arrangements are agreed on how to transfer it back to the staff authorised to handle these files – the HR Dept.
The incident needs to be reported. There are lessons to be learned here to stop this kind of thing happening again. Maybe the other cabinets should now be thoroughly checked?
The suggested correct answer is option 4.
(NB: in version 1.03 this was incorrectly indicated as option2)
[next slide]
Alex’s day at work – Scenario 5 - A sheet of paper lying in a corridor
Scenario Description. Alex finds a sheet of paper on the floor of a hospital corridor. It is a leaflet showing opening times for the staff shop. On the back is written a name, address and telephone number. It is not a name he knows and it is not a hospital telephone number. What should he do?
Response options
1. Ring the number and tell whoever answers that a sheet has been found with these details on.
2. Rip the personal details into small bits and throw them in the bin.
3. Pin the leaflet to a nearby notice board where it might be found.
4. Put the sheet of paper in his pocket and think about it later.
[Discuss the options with audience – suggested answer for this scenario is shown below]
Alex normally asks himself two questions in situations like this:
Is the information confidential?
Is it secure?
But in this case it is not clear if the information:
is confidential or public information (it may have been copied from a public telephone directory)
needs to be secure
All Alex knows is someone’s personal information (name, address and telephone number) is written on a hospital staff shop leaflet which seems to have been dropped by accident.
Alex thinks that if these were his details what would he do? If he was at home he would rip up his name and address before putting household bills and letters in the bin (to prevent identity theft).
He decides to err on the side of caution and do the same – so he rips the paper up into small pieces and puts it in the bin.
The suggested correct answer is option 2.
[next slide]
Alex’s day at work – Scenario 6 – Visiting Times
Scenario Description. Alex is sitting on the bus home. Someone who knows him is sitting nearby and asks Alex what the hospital visiting times are because her uncle was admitted to the hospital that morning. What can he say?
Response options
1. Tell his friend the visiting times
2. Tell his friend that he cannot say as this is confidential information
3. Tell his friend that he cannot say as this is personal information
4. Tell his friend that he cannot say as this is sensitive personal information
[Discuss the options with audience – suggested answer for this scenario is shown below]
He thinks about the types of information he has learned about:
personal
sensitive personal
anonymous
confidential
The information about visiting times does not relate to a person so in his mind Alex crosses out the first three. He considers the three criteria needed for information to be confidential and decides none apply to visiting times.
He thinks about the security – there is NO reason to protect this information because it is written for the public in the same way that the address and telephone number of the hospital is made available.
At the end of a long day, Alex can relax as this is an easy question to answer.
The suggested correct answer is option 1.
[next slide]
Alex’s day at work
Scenarios - Summary
Here are the key learning points from the scenarios.
Personal, sensitive personal and confidential information is protected by law.
It can be written or spoken.
It can be about staff or patients.
It can be about you or your relatives.
We all have a legal responsibility to maintain confidentiality and security.
Reporting incidents , rather than ignoring them, is vital to ensure the organisation’ is made aware of measures which are weak.
If you are unsure, seek advice or ask your line manager.
[next slide]
Title slide for Part 4 – Summary and Confirmation Questions
[next slide]
The Beginner's Guide
Summary
Here are the main learning points of Information Governance: the Beginner’s Guide.
the health service is a confidential service and the importance of public trust in all organisations and staff who provide the service
what information is confidential, personal, sensitive personal and anonymous
which information must be protected
what confidentiality and security means
the types of security measures adopted to protect this information
the vital role of staff in protecting information
the importance of reporting incidents.
Points to remember
If you are unsure what to do you should seek advice from someone who knows what to do or speak to your line manager.
Be aware of local policies and managers responsible for information governance (IG), data protection, security and confidentiality.
UK law says health information is confidential and sensitive.
UK law also says that confidential information must be protected.
[next (final) slide]