This document provides information about information governance standards and responsibilities in the NHS. It discusses key topics like the Caldicott principles for handling patient information, the Data Protection Act, Freedom of Information Act, and NHS Constitution. The main points are that everyone in the NHS has a responsibility to maintain confidentiality and handle information securely and ethically according to legal and best practice standards. This includes following guidelines on access, disclosure, records management, staff training, and reporting security breaches.
This presentation addresses
*Why do we need access to Health Data and Information?
*What are the challenges we have?
*What are the possible interventions that can be made so that access becomes easy for patients and doctors?
This is a slideshow explaining the importance of protecting patient privacy and confidentiality. This slideshow is for education and training purposes only.
This presentation addresses
*Why do we need access to Health Data and Information?
*What are the challenges we have?
*What are the possible interventions that can be made so that access becomes easy for patients and doctors?
This is a slideshow explaining the importance of protecting patient privacy and confidentiality. This slideshow is for education and training purposes only.
Overview of Health Informatics: survey of fundamentals of health information technology, Identify the forces behind health informatics, educational and career opportunities in health informatics.
Public Health informatics, Consumer health informatics, mHealth & PHRs (Novem...Nawanan Theera-Ampornpunt
Presented at the M.S. and Ph.D. Programs in Data Science for Health Care, Faculty of Medicine Ramathibodi Hospital, Mahidol University, Bangkok, Thailand on November 11, 2019
Introduction to Health Informatics and Health Information Technology (Part 1)...Nawanan Theera-Ampornpunt
Presented at the Health Informatics and Health Information Technology Course, Doctor of Philosophy and Master of Science Programs in Data Science for Health Care (International Program), Faculty of Medicine Ramathibodi Hospital, Mahidol University on October 3, 2017
Healthcare Data Management: Three Principles of Using Data to Its Full PotentialHealth Catalyst
Author Douglas Laney is now tackling the topic of Infonomics: the practice of information economics. In his 2017 book, Infonomics: How to Monetize, Manage, and Measure Information as an asset for competitive advantage, Laney provides detailed rationale as well as a thoughtful framework for treating information as a modern-day organization’s most valuable asset.
This article walks through how healthcare organizations can leverage data to its full potential using this framework and the three principles of infonomics:
Measure - How much data does the organization have? What is it worth?
Manage - What data does the organization have? Where is it stored?
Monetize - How does the organization use data?
Data Privacy and consent management .. .ClinosolIndia
Data privacy and consent management are critical aspects of ensuring that individuals' personal information is handled responsibly and ethically, particularly in healthcare settings where sensitive medical data is involved. Data privacy refers to the protection of personal information from unauthorized access, use, or disclosure, while consent management involves obtaining and managing individuals' permissions for the collection, storage, and processing of their data.
In healthcare, patients entrust providers with their sensitive medical information, expecting that it will be kept confidential and used only for legitimate purposes related to their care. Robust data privacy measures include encryption, access controls, and anonymization techniques to safeguard patient data from unauthorized access or breaches. Additionally, healthcare organizations must adhere to regulatory standards such as HIPAA in the United States or GDPR in the European Union, which outline specific requirements for the protection of patient information and impose penalties for non-compliance.
Consent management plays a crucial role in ensuring that individuals have control over how their data is used. Patients should be informed about the purposes for which their data will be collected and processed, as well as any potential risks or benefits associated with its use. Obtaining informed consent involves providing individuals with clear and transparent information about their privacy rights and giving them the opportunity to consent to or decline the use of their data for specific purposes. Consent management systems help healthcare organizations track and manage patients' consent preferences, ensuring that data is used in accordance with their wishes and legal requirements.
Effective data privacy and consent management practices not only protect individuals' privacy rights but also foster trust and transparency in healthcare relationships. By implementing robust security measures, respecting patients' autonomy, and promoting informed decision-making, healthcare organizations can uphold the principles of data privacy and consent while leveraging data responsibly to improve patient care and outcomes.
Overview of Health Informatics: survey of fundamentals of health information technology, Identify the forces behind health informatics, educational and career opportunities in health informatics.
Public Health informatics, Consumer health informatics, mHealth & PHRs (Novem...Nawanan Theera-Ampornpunt
Presented at the M.S. and Ph.D. Programs in Data Science for Health Care, Faculty of Medicine Ramathibodi Hospital, Mahidol University, Bangkok, Thailand on November 11, 2019
Introduction to Health Informatics and Health Information Technology (Part 1)...Nawanan Theera-Ampornpunt
Presented at the Health Informatics and Health Information Technology Course, Doctor of Philosophy and Master of Science Programs in Data Science for Health Care (International Program), Faculty of Medicine Ramathibodi Hospital, Mahidol University on October 3, 2017
Healthcare Data Management: Three Principles of Using Data to Its Full PotentialHealth Catalyst
Author Douglas Laney is now tackling the topic of Infonomics: the practice of information economics. In his 2017 book, Infonomics: How to Monetize, Manage, and Measure Information as an asset for competitive advantage, Laney provides detailed rationale as well as a thoughtful framework for treating information as a modern-day organization’s most valuable asset.
This article walks through how healthcare organizations can leverage data to its full potential using this framework and the three principles of infonomics:
Measure - How much data does the organization have? What is it worth?
Manage - What data does the organization have? Where is it stored?
Monetize - How does the organization use data?
Data Privacy and consent management .. .ClinosolIndia
Data privacy and consent management are critical aspects of ensuring that individuals' personal information is handled responsibly and ethically, particularly in healthcare settings where sensitive medical data is involved. Data privacy refers to the protection of personal information from unauthorized access, use, or disclosure, while consent management involves obtaining and managing individuals' permissions for the collection, storage, and processing of their data.
In healthcare, patients entrust providers with their sensitive medical information, expecting that it will be kept confidential and used only for legitimate purposes related to their care. Robust data privacy measures include encryption, access controls, and anonymization techniques to safeguard patient data from unauthorized access or breaches. Additionally, healthcare organizations must adhere to regulatory standards such as HIPAA in the United States or GDPR in the European Union, which outline specific requirements for the protection of patient information and impose penalties for non-compliance.
Consent management plays a crucial role in ensuring that individuals have control over how their data is used. Patients should be informed about the purposes for which their data will be collected and processed, as well as any potential risks or benefits associated with its use. Obtaining informed consent involves providing individuals with clear and transparent information about their privacy rights and giving them the opportunity to consent to or decline the use of their data for specific purposes. Consent management systems help healthcare organizations track and manage patients' consent preferences, ensuring that data is used in accordance with their wishes and legal requirements.
Effective data privacy and consent management practices not only protect individuals' privacy rights but also foster trust and transparency in healthcare relationships. By implementing robust security measures, respecting patients' autonomy, and promoting informed decision-making, healthcare organizations can uphold the principles of data privacy and consent while leveraging data responsibly to improve patient care and outcomes.
Data Privacy and Security in Clinical Trials: Safeguarding Patient InformationClinosolIndia
Data privacy and security in clinical trials are critical to safeguard patient information and ensure compliance with relevant regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) in the United States and the General Data Protection Regulation (GDPR) in the European Union.
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationCognizant
U.S. healthcare organizations must soon comply with the EU’s General Data Protection Regulation (GDPR) - which goes far beyond the Health Insurance Portability and Accountability Act (HIPAA) - or face major fines. Here’s a guide to get started.
Training innovations information governance slideshare 2015Patrick Doyle
What you will learn in this training:
Principles of Information Governance and their application to health and social care organisations
Accessing Information Governance resources including national legislation, guidance and local policies & procedures
Health and social care organisations’ responsibilities
Protection of an individual’s confidentiality and the Caldicott Principles
How to practice and promote a confidential service
Principles of ensuring and maintaining good client records
Recognising / responding to Freedom of Information requests
Keeping Information Secure
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc
In a healthcare landscape where data flows are constant, and patient trust is paramount, it’s critical to understand and implement adequate data security and privacy practices. Start navigating the importance of privacy in healthcare for 2023 and beyond. Remembering that privacy is more than just checking a box is essential.
To better understand how to measure privacy in a healthcare setting correctly, healthcare leaders must understand how to grow and maintain privacy programs effectively and have insights into their privacy methods.
Whether you are wondering what data privacy is or already know, this webinar will help you better understand the importance of privacy in protecting you and your clients.
TrustArc Webinar: Level-Up Your Healthcare Privacy ProgramTrustArc
The last two years have provided the healthcare industry with numerous new challenges. While many healthcare providers remain in the thick of responding to COVID-19 at the delivery level, other IT, Privacy, Data Governance, and business leaders in healthcare are preparing to use their digital transformation for further progressive change.
According to a TrustArc survey, not less than 9 of 10 healthcare leaders say privacy is an important factor in most of their decisions! With the rapid adoption of virtual health and other digital innovations, consumers’ increasing involvement in care decision-making and the push for interoperable data and data analytics use, how can the healthcare industry adapt?
Join our panel on this webinar as we explore the privacy risks the healthcare industry will likely encounter in 2022 and how healthcare companies can use privacy as a differentiating factor.
This webinar reviews:
- The state of privacy management in healthcare
- How the healthcare industry should face current privacy challenges
- How healthcare companies can differentiate themselves with their privacy program
Ethical Considerations for Healthcare Analytics Data Disposal.pdfAlex860662
Exploring the ethical dimensions of healthcare analytics data disposal. Learn how responsible data management practices in healthcare analytics can safeguard patient privacy and ensure compliance with ethical standards.
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...Harrison Clark Rickerbys
Slideshow from GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Directors, IT Directors & Ops Directors, on 7th March 2018 at Hilton Puckrup Hall
In this presentation, Catherine Coulter discusses the Federal Privacy Law and how this can affect your company. Touching on privacy in corporate transactions, Canada-USA cross border data transfers and the Federal Privacy Commissioner Guidelines, learn how to act if your organization finds itself in a breach situation.
What You Need To Know About Privacy - Now!Now Dentons
This presentation gives an update on Federal Privacy Law, privacy in corporate transactions, Canada-USA Cross-Border Data Transfers and federal privacy commissioner.
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Safalta Digital marketing institute in Noida, provide complete applications that encompass a huge range of virtual advertising and marketing additives, which includes search engine optimization, virtual communication advertising, pay-per-click on marketing, content material advertising, internet analytics, and greater. These university courses are designed for students who possess a comprehensive understanding of virtual marketing strategies and attributes.Safalta Digital Marketing Institute in Noida is a first choice for young individuals or students who are looking to start their careers in the field of digital advertising. The institute gives specialized courses designed and certification.
for beginners, providing thorough training in areas such as SEO, digital communication marketing, and PPC training in Noida. After finishing the program, students receive the certifications recognised by top different universitie, setting a strong foundation for a successful career in digital marketing.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
2. www.cddft.nhs.uk
Key Learning Points
What Information Governance is.
What YOU need to do to make this work.
Follow the Caldicott Guidelines
Provide a Confidential Service
Comply with the Law.
Understand the Data Protection Act Principles
Recognise a Freedom of Information Act request
Follow the Records Management NHS Code.
Keep Information Secure.
Input Quality Information.
3. www.cddft.nhs.uk
NHS IG Standards
After serious losses of personal information,
including the loss in 2007 of computer disks
containing the names, addresses and bank
details of 25 million child benefit claimants, the
Government conducted a Data Handling Review
(June 2008).
This sets out mandatory measures for public
bodies on protecting personal data such as staff
training and committed the Government to
publicly reporting progress on putting these
measures into place.
4. www.cddft.nhs.uk
NHS IG Standards
• The first progress report of the UK Government’s Data Handling
Review was published in January 2010 and noted the NHS
progress in improving the following standards of information
handling:
• Performance management to push improvements.
• Contracts with organisations being renegotiated to make sure
confidentiality and security protections are in place.
• Older computer systems being replaced with modern systems
that have state of the art security.
• Nearly one million encryption licences were in use under a
nationally negotiated contract.
• Encryption had been mandated for all patient data held on
portable devices (e.g. memory sticks, laptops).
• Online training was made available to over one million staff (e.g.
IG training module).
• The information governance framework and guidance had been
further developed so that NHS organisations were clear about
expected standards.
5. www.cddft.nhs.uk
The NHS operating framework
The Department of Health (DH) published an ‘Operating
Framework’ which set out objectives for the NHS key
themes included:
•Organisations must meet all Information Governance
requirements set out by DH by 31st March each year (the
level of compliance is then reported to DH and Care
Quality Commission)
•Ensuring that all staff receive annual basic Information
Governance training (through the online NHS IG Training
Tool, Face to Face or Accredited Learning Package).
•Reporting on the management of information risks
•Publishing security breaches in annual reports.
6. www.cddft.nhs.uk
CONFIDENTIALITY
Personal Information
Sensitive Personal Information
Personal information is legally classed as sensitive when it makes reference to particular matters of an
identifiable person, such as his/her health, ethnicity, religion, criminal record or sexual life. These are also
listed in the Data Protection Act 1998.
Other details, e.g. a person’s bank account details, DNA or finger prints are not listed in the Data Protection
Act 1998 but are still regarded as sensitive because of the damage and distress that could be caused if they
were not properly protected.
The rules set out in the Data Protection Act only apply to information about living individuals – not the
deceased. This differs to the common law duty of confidentiality which continues after the death of the
patient.
Information about an individual is personal information when it enables an individual to be
identified. It is non-personal when it doesn’t.
This isn’t always straightforward, e.g. a person’s name and address are clearly personal
information when presented together, but an unusual surname may itself enable someone to be
identified. This is an important distinction in law.
7. www.cddft.nhs.uk
CONFIDENTIALITY
Confidential Information – Health & Staff Information
Personal and sensitive personal information is classed as confidential if it was provided in
circumstances where an individual could reasonably expect that it would be held in confidence,
e.g. a healthcare professional and patient.
This applies to staff working on behalf of the health professional such as pharmacy / dental and
eyecare staff.
Confidentiality is accepted to extend after the death of the patient or staff member.
Personal or Sensitive Information CAN be Confidential
Information
Whether information is confidential or not depends on the circumstances under which it was
provided.
If it is: private information about a person AND
given to someone who has a duty of confidence AND
expected to be used in confidence
THEN IT IS CONFIDENTIAL INFORMATION.
8. www.cddft.nhs.uk
Disclosing information
Confidential information should not normally be used
(which includes sharing and disclosing) unless one of
the following criteria are met.
1. The person has given consent for the disclosure.
For patients:
• Consent may be implied for care purposes and
related purposes that support or check the quality of
care provided.
• For other purposes consent should be specifically
sought.
2. There is a legal basis which permits or requires
disclosure of confidential information.
3. There are exceptional circumstances (e.g.
investigation or prevention of serious crime) where the
overriding public interest outweighs the duty of
confidentiality.
9. www.cddft.nhs.uk
Caldicott guardian
•In 1997 a review was carried out into the use of patient
identifiable information in the NHS. This was carried out because
there were concerns about how patient information was being
handled and transferred.
•Dame Fiona Caldicott chaired the ‘Caldicott Review’. The report
set out principles and recommendations for the security of
patient information.
•An important recommendation was that a senior clinician
should be nominated in each NHS Trust to act as the Trust’s
conscience for the uses of patient identifiable information.
These senior clinicians are known as ‘Caldicott Guardians’.
•In independent contractor organisations such as General
Practice, Pharmacy, Dental Practice and Eye Care Services a
person, normally the practice manager, will act as the
‘Information Governance Lead’ and coordinate Information
Governance issues including the Caldicott principles and
recommendations.
10. www.cddft.nhs.uk
Six Caldicott principles
The six Caldicott principles support the confidentiality
and security controls on using patient information.
The principles should be used whenever a use of
confidential information is being considered and in
particular when there is an intention to transfer
confidential information to another organisation:
1. Justify the purpose for using confidential
information.
2. Only use it when absolutely necessary.
3. Use the minimum required.
4. Access should be on a strict need-to-know basis.
5. Everyone must understand their responsibilities.
6. Everyone must understand and comply with the law.
11. www.cddft.nhs.uk
NHS care record guarantee
The National Information Governance Board is a statutory body which
champions the confidentiality and security of health and social care
services records, especially records containing clinical and care
information.
The Board published the NHS Care Record Guarantee in 2005. The
Guarantee sets out rules that govern how patient information is used in the
NHS.
This includes:
•people’s access to their own records
•controls; monitoring and policing staff access to patient files
•options that patients have to limit access
•access in an emergency
•what happens when someone cannot make decisions for themselves.
12. www.cddft.nhs.uk
Data Protection Act 1998
UK law in the form of the Data Protection Act 1998 governs how
organisations may use personal information (about living people),
including how they acquire, store, share or dispose of it.
The Information Commissioners Office (ICO) is the UK’s
independent regulator set up to uphold the public’s information
rights by promoting data privacy for individuals (and openness by
public bodies).
The ICO investigates complaints made by the public and provides
guidance for the public and organisations.
Under the Act, organisations that process personal information
must notify the ICO (unless they are exempt). The organisations’
details are entered on a public register (available on the internet).
Failure to notify is a criminal offence.
13. www.cddft.nhs.uk
COMPLY WITH THE LAW
Data Protection Act 1998 – It is your responsibility to understand
the principles in relation to your role and the organisation.
The Data Protection Principles - Personal data must be:
1. Processed fairly and lawfully
2. Processed for specified purposes
3. Adequate, relevant and not excessive
4. Accurate and up-to-date
5. Not kept for longer than necessary
6. Processed in accordance with the rights of data subjects
7. Protected by appropriate security (practical and organisational)
8. Not transferred outside the EEA without adequate protection
14. www.cddft.nhs.uk
FREEDOM OF INFORMATION ACT
Public Authorities (including NHS Trusts, Local Authorities,
Dentists, Doctors, Eye Care Services and Pharmacists), are
subject to the legal obligations of the Freedom of Information
(FOI) Act 2000.
Public Authorities have only 20 working days to respond to
written information requests.
This is the limit set out by law.
Speak to your Line Manager if you are unsure about your
organisation’s procedure for dealing with FOI requests.
The Information Commissioners Office (ICO) is the independent
regulator set up to uphold people’s information rights by
promoting openness for public bodies.
The CDDFT Freedom of Information Officer is
JOANNA TYRELL (nee JENKINS)
15. www.cddft.nhs.uk
NHS Constitution
The NHS Constitution was first published on 21 January 2009
and was updated after public consultation in March 2010.
It describes the principles of the NHS in England and the rights
and responsibilities of patients, public and staff.
One such right is that patients can expect the NHS to keep their
confidential information safe and secure.
All NHS bodies and private and third sector providers supplying
NHS services are required by law to take account of the NHS
Constitution in their decisions and actions.
The NHS Constitution will be renewed every ten years.
16. www.cddft.nhs.uk
HANDLING INFORMATION
Holding it securely and confidentially
Obtaining it fairly and efficiently
Recording it accurately and reliably
Using it effectively and ethically
Sharing it appropriately and lawfully
17. www.cddft.nhs.uk
If you are not sure or in doubt,
don’t disclose. Immediately seek
further advice from your
Line Manager
or
The Caldicott Guardian
18. www.cddft.nhs.uk
Follow the Records Management
NHS Code of Practice
Best Practice Guidance States:
All Staff have a legal and professional obligation to be responsible
for any records which they create or use in the performance of
their duties.
Any record created by an individual, up to the end of its retention
period, is a public record and subject to Information requests (FOI,
DPA and Subject Access).
19. www.cddft.nhs.uk
Input Quality Information
Right information, Right place, Right time
Accuracy is just one quality that we expect in records. But other qualities are also needed for the information to be useful,
e.g. it would be pointless having information which was 100% accurate but wasn’t available in time for it to be used.
Information is used to make decisions throughout the health sector each day in all sorts of situations. Sometimes this
information needs to be extremely high quality, such as quick and accurate test results to help decide a patient’s urgent
condition and treatment.
Other information may be less urgent or the level of accuracy may be less vital, such as an annual national comparison of ‘flu
injections for forward planning. Whatever the situation, the right information should be in the right place at the right time -
and that needs to be achieved every time.
Poor quality information
Poor quality information is bad for patient care, bad for funding and bad for reputation, e.g.
Incomplete, inadequately analysed data can lead to serious failures in service.
Poor demographic data results in duplicate and confused entries on patient record systems.
Confused patient identity numbers can lead to the wrong patient being treated.
Inadequate records lead to poorly planned care. Poor data results in poor commissioning, monitoring,
planning and financing of services.
20. www.cddft.nhs.uk
Input Quality Information
High quality information
The NHS takes Information Quality very seriously because the
consequences can be vital to patient outcomes or, in the case of planning,
result in too much or not enough service provision.
High quality means:
C omplete
A ccurate
R elevant
A ccessible
T imely
21. www.cddft.nhs.uk
DON’T SHARE YOUR SMARTCARD
OR PASSWORD
“Can I borrow your
Credit Card & PIN
number?”
“Of course you can!”
Could you imagine having this
conversation with a colleague?
23. www.cddft.nhs.uk
Major causes of breaches include
• Information disclosed in error
• Lost data/hardware
• Information lost in transit
• Stolen data or hardware
• A technical or procedural failure
• Breach arising from non-secure
disposal
SECURITY BREACHES
24. www.cddft.nhs.uk
• Follow Organisation Policies
• Protect Information Physically
• Practice Password Management
• Transfer Information Securely
• Report Breaches of Security to Management
Keep Information Secure
It is your responsibility to keep all personal
& sensitive information secure