SlideShare a Scribd company logo

Information governance

Download as PPTX, PDF
G
Gerardo Medina

This document provides information about information governance standards and responsibilities in the NHS. It discusses key topics like the Caldicott principles for handling patient information, the Data Protection Act, Freedom of Information Act, and NHS Constitution. The main points are that everyone in the NHS has a responsibility to maintain confidentiality and handle information securely and ethically according to legal and best practice standards. This includes following guidelines on access, disclosure, records management, staff training, and reporting security breaches.

Education
1 of 24
+ Information Governance Everyone’s Responsibility
www.cddft.nhs.uk Key Learning Points What Information Governance is. What YOU need to do to make this work. Follow the Caldicott Guidelines Provide a Confidential Service Comply with the Law. Understand the Data Protection Act Principles Recognise a Freedom of Information Act request Follow the Records Management NHS Code. Keep Information Secure. Input Quality Information.
www.cddft.nhs.uk NHS IG Standards After serious losses of personal information, including the loss in 2007 of computer disks containing the names, addresses and bank details of 25 million child benefit claimants, the Government conducted a Data Handling Review (June 2008). This sets out mandatory measures for public bodies on protecting personal data such as staff training and committed the Government to publicly reporting progress on putting these measures into place.
www.cddft.nhs.uk NHS IG Standards • The first progress report of the UK Government’s Data Handling Review was published in January 2010 and noted the NHS progress in improving the following standards of information handling: • Performance management to push improvements. • Contracts with organisations being renegotiated to make sure confidentiality and security protections are in place. • Older computer systems being replaced with modern systems that have state of the art security. • Nearly one million encryption licences were in use under a nationally negotiated contract. • Encryption had been mandated for all patient data held on portable devices (e.g. memory sticks, laptops). • Online training was made available to over one million staff (e.g. IG training module). • The information governance framework and guidance had been further developed so that NHS organisations were clear about expected standards.
www.cddft.nhs.uk The NHS operating framework The Department of Health (DH) published an ‘Operating Framework’ which set out objectives for the NHS key themes included: •Organisations must meet all Information Governance requirements set out by DH by 31st March each year (the level of compliance is then reported to DH and Care Quality Commission) •Ensuring that all staff receive annual basic Information Governance training (through the online NHS IG Training Tool, Face to Face or Accredited Learning Package). •Reporting on the management of information risks •Publishing security breaches in annual reports.
www.cddft.nhs.uk CONFIDENTIALITY Personal Information Sensitive Personal Information Personal information is legally classed as sensitive when it makes reference to particular matters of an identifiable person, such as his/her health, ethnicity, religion, criminal record or sexual life. These are also listed in the Data Protection Act 1998. Other details, e.g. a person’s bank account details, DNA or finger prints are not listed in the Data Protection Act 1998 but are still regarded as sensitive because of the damage and distress that could be caused if they were not properly protected. The rules set out in the Data Protection Act only apply to information about living individuals – not the deceased. This differs to the common law duty of confidentiality which continues after the death of the patient. Information about an individual is personal information when it enables an individual to be identified. It is non-personal when it doesn’t. This isn’t always straightforward, e.g. a person’s name and address are clearly personal information when presented together, but an unusual surname may itself enable someone to be identified. This is an important distinction in law.
www.cddft.nhs.uk CONFIDENTIALITY Confidential Information – Health & Staff Information Personal and sensitive personal information is classed as confidential if it was provided in circumstances where an individual could reasonably expect that it would be held in confidence, e.g. a healthcare professional and patient. This applies to staff working on behalf of the health professional such as pharmacy / dental and eyecare staff. Confidentiality is accepted to extend after the death of the patient or staff member. Personal or Sensitive Information CAN be Confidential Information Whether information is confidential or not depends on the circumstances under which it was provided. If it is: private information about a person AND given to someone who has a duty of confidence AND expected to be used in confidence THEN IT IS CONFIDENTIAL INFORMATION.
www.cddft.nhs.uk Disclosing information Confidential information should not normally be used (which includes sharing and disclosing) unless one of the following criteria are met. 1. The person has given consent for the disclosure. For patients: • Consent may be implied for care purposes and related purposes that support or check the quality of care provided. • For other purposes consent should be specifically sought. 2. There is a legal basis which permits or requires disclosure of confidential information. 3. There are exceptional circumstances (e.g. investigation or prevention of serious crime) where the overriding public interest outweighs the duty of confidentiality.
www.cddft.nhs.uk Caldicott guardian •In 1997 a review was carried out into the use of patient identifiable information in the NHS. This was carried out because there were concerns about how patient information was being handled and transferred. •Dame Fiona Caldicott chaired the ‘Caldicott Review’. The report set out principles and recommendations for the security of patient information. •An important recommendation was that a senior clinician should be nominated in each NHS Trust to act as the Trust’s conscience for the uses of patient identifiable information. These senior clinicians are known as ‘Caldicott Guardians’. •In independent contractor organisations such as General Practice, Pharmacy, Dental Practice and Eye Care Services a person, normally the practice manager, will act as the ‘Information Governance Lead’ and coordinate Information Governance issues including the Caldicott principles and recommendations.
www.cddft.nhs.uk Six Caldicott principles The six Caldicott principles support the confidentiality and security controls on using patient information. The principles should be used whenever a use of confidential information is being considered and in particular when there is an intention to transfer confidential information to another organisation: 1. Justify the purpose for using confidential information. 2. Only use it when absolutely necessary. 3. Use the minimum required. 4. Access should be on a strict need-to-know basis. 5. Everyone must understand their responsibilities. 6. Everyone must understand and comply with the law.
www.cddft.nhs.uk NHS care record guarantee The National Information Governance Board is a statutory body which champions the confidentiality and security of health and social care services records, especially records containing clinical and care information. The Board published the NHS Care Record Guarantee in 2005. The Guarantee sets out rules that govern how patient information is used in the NHS. This includes: •people’s access to their own records •controls; monitoring and policing staff access to patient files •options that patients have to limit access •access in an emergency •what happens when someone cannot make decisions for themselves.
www.cddft.nhs.uk Data Protection Act 1998 UK law in the form of the Data Protection Act 1998 governs how organisations may use personal information (about living people), including how they acquire, store, share or dispose of it. The Information Commissioners Office (ICO) is the UK’s independent regulator set up to uphold the public’s information rights by promoting data privacy for individuals (and openness by public bodies). The ICO investigates complaints made by the public and provides guidance for the public and organisations. Under the Act, organisations that process personal information must notify the ICO (unless they are exempt). The organisations’ details are entered on a public register (available on the internet). Failure to notify is a criminal offence.
www.cddft.nhs.uk COMPLY WITH THE LAW Data Protection Act 1998 – It is your responsibility to understand the principles in relation to your role and the organisation. The Data Protection Principles - Personal data must be: 1. Processed fairly and lawfully 2. Processed for specified purposes 3. Adequate, relevant and not excessive 4. Accurate and up-to-date 5. Not kept for longer than necessary 6. Processed in accordance with the rights of data subjects 7. Protected by appropriate security (practical and organisational) 8. Not transferred outside the EEA without adequate protection
www.cddft.nhs.uk FREEDOM OF INFORMATION ACT Public Authorities (including NHS Trusts, Local Authorities, Dentists, Doctors, Eye Care Services and Pharmacists), are subject to the legal obligations of the Freedom of Information (FOI) Act 2000. Public Authorities have only 20 working days to respond to written information requests. This is the limit set out by law. Speak to your Line Manager if you are unsure about your organisation’s procedure for dealing with FOI requests. The Information Commissioners Office (ICO) is the independent regulator set up to uphold people’s information rights by promoting openness for public bodies. The CDDFT Freedom of Information Officer is JOANNA TYRELL (nee JENKINS)
www.cddft.nhs.uk NHS Constitution The NHS Constitution was first published on 21 January 2009 and was updated after public consultation in March 2010. It describes the principles of the NHS in England and the rights and responsibilities of patients, public and staff. One such right is that patients can expect the NHS to keep their confidential information safe and secure. All NHS bodies and private and third sector providers supplying NHS services are required by law to take account of the NHS Constitution in their decisions and actions. The NHS Constitution will be renewed every ten years.
www.cddft.nhs.uk HANDLING INFORMATION Holding it securely and confidentially Obtaining it fairly and efficiently Recording it accurately and reliably Using it effectively and ethically Sharing it appropriately and lawfully
www.cddft.nhs.uk If you are not sure or in doubt, don’t disclose. Immediately seek further advice from your Line Manager or The Caldicott Guardian
www.cddft.nhs.uk Follow the Records Management NHS Code of Practice Best Practice Guidance States: All Staff have a legal and professional obligation to be responsible for any records which they create or use in the performance of their duties. Any record created by an individual, up to the end of its retention period, is a public record and subject to Information requests (FOI, DPA and Subject Access).
www.cddft.nhs.uk Input Quality Information Right information, Right place, Right time Accuracy is just one quality that we expect in records. But other qualities are also needed for the information to be useful, e.g. it would be pointless having information which was 100% accurate but wasn’t available in time for it to be used. Information is used to make decisions throughout the health sector each day in all sorts of situations. Sometimes this information needs to be extremely high quality, such as quick and accurate test results to help decide a patient’s urgent condition and treatment. Other information may be less urgent or the level of accuracy may be less vital, such as an annual national comparison of ‘flu injections for forward planning. Whatever the situation, the right information should be in the right place at the right time - and that needs to be achieved every time. Poor quality information Poor quality information is bad for patient care, bad for funding and bad for reputation, e.g. Incomplete, inadequately analysed data can lead to serious failures in service. Poor demographic data results in duplicate and confused entries on patient record systems. Confused patient identity numbers can lead to the wrong patient being treated. Inadequate records lead to poorly planned care. Poor data results in poor commissioning, monitoring, planning and financing of services.
www.cddft.nhs.uk Input Quality Information High quality information The NHS takes Information Quality very seriously because the consequences can be vital to patient outcomes or, in the case of planning, result in too much or not enough service provision. High quality means: C omplete A ccurate R elevant A ccessible T imely
www.cddft.nhs.uk DON’T SHARE YOUR SMARTCARD OR PASSWORD “Can I borrow your Credit Card & PIN number?” “Of course you can!” Could you imagine having this conversation with a colleague?
www.cddft.nhs.uk BE AWARE
www.cddft.nhs.uk Major causes of breaches include • Information disclosed in error • Lost data/hardware • Information lost in transit • Stolen data or hardware • A technical or procedural failure • Breach arising from non-secure disposal SECURITY BREACHES
www.cddft.nhs.uk • Follow Organisation Policies • Protect Information Physically • Practice Password Management • Transfer Information Securely • Report Breaches of Security to Management Keep Information Secure It is your responsibility to keep all personal & sensitive information secure

Recommended

Overview of Health Informatics
Overview of Health InformaticsOverview of Health Informatics
Overview of Health Informatics
Nawanan Theera-Ampornpunt
 
Access to health data and information – challenges
Access to health data and information – challengesAccess to health data and information – challenges
Access to health data and information – challenges
Dr Venkatesh Karthikeyan
 
Privacy and confidentiality
Privacy and confidentialityPrivacy and confidentiality
Privacy and confidentiality
johnzinn
 
Introduction to Health Informatics
Introduction to Health InformaticsIntroduction to Health Informatics
Introduction to Health Informatics
asm071149
 
An Introduction to Health Informatics
An Introduction to Health InformaticsAn Introduction to Health Informatics
An Introduction to Health Informatics
Health Informatics New Zealand
 
Health Data ppt
Health Data pptHealth Data ppt
Health Data ppt
Steve Iduye
 
Collaborative Practice Presentation
Collaborative Practice PresentationCollaborative Practice Presentation
Collaborative Practice PresentationJacob Rohloff
 
Healthcare Information Management
Healthcare Information ManagementHealthcare Information Management
Healthcare Information Management
Bijay Bhandari
 

Recommended

Overview of Health Informatics
Overview of Health InformaticsOverview of Health Informatics
Overview of Health Informatics
Nawanan Theera-Ampornpunt
 
Access to health data and information – challenges
Access to health data and information – challengesAccess to health data and information – challenges
Access to health data and information – challenges
Dr Venkatesh Karthikeyan
 
Privacy and confidentiality
Privacy and confidentialityPrivacy and confidentiality
Privacy and confidentiality
johnzinn
 
Introduction to Health Informatics
Introduction to Health InformaticsIntroduction to Health Informatics
Introduction to Health Informatics
asm071149
 
An Introduction to Health Informatics
An Introduction to Health InformaticsAn Introduction to Health Informatics
An Introduction to Health Informatics
Health Informatics New Zealand
 
Health Data ppt
Health Data pptHealth Data ppt
Health Data ppt
Steve Iduye
 
Collaborative Practice Presentation
Collaborative Practice PresentationCollaborative Practice Presentation
Collaborative Practice PresentationJacob Rohloff
 
Healthcare Information Management
Healthcare Information ManagementHealthcare Information Management
Healthcare Information Management
Bijay Bhandari
 
Informatics & Technology in Nursing
Informatics & Technology in NursingInformatics & Technology in Nursing
Informatics & Technology in NursingNawanan Theera-Ampornpunt
 
Clinical Decision Support Systems
Clinical Decision Support SystemsClinical Decision Support Systems
Clinical Decision Support Systems
Nawanan Theera-Ampornpunt
 
Stark Law (by Naira Matevosyan)
Stark Law (by Naira Matevosyan)Stark Law (by Naira Matevosyan)
Stark Law (by Naira Matevosyan)
Naira R. Matevosyan, MD, MSJ, PhD
 
Health Informatics- Module 1-Chapter 1.pptx
Health Informatics- Module 1-Chapter 1.pptxHealth Informatics- Module 1-Chapter 1.pptx
Health Informatics- Module 1-Chapter 1.pptx
Arti Parab Academics
 
Public Health informatics, Consumer health informatics, mHealth & PHRs (Novem...
Public Health informatics, Consumer health informatics, mHealth & PHRs (Novem...Public Health informatics, Consumer health informatics, mHealth & PHRs (Novem...
Public Health informatics, Consumer health informatics, mHealth & PHRs (Novem...
Nawanan Theera-Ampornpunt
 
4. advocacy in nursing
4. advocacy in nursing4. advocacy in nursing
4. advocacy in nursing
BP KOIRALA INSTITUTE OF HELATH SCIENCS,, NEPAL
 
History of Nursing - Modern Era
History of Nursing - Modern EraHistory of Nursing - Modern Era
History of Nursing - Modern Era
Nimmirobins
 
Integrated clinical information systems
Integrated clinical information systemsIntegrated clinical information systems
Integrated clinical information systems
Vijay Raj Yanamala
 
ICT in Healthcare
ICT in HealthcareICT in Healthcare
ICT in Healthcare
Nawanan Theera-Ampornpunt
 
Introduction to Health Informatics and Health Information Technology (Part 1)...
Introduction to Health Informatics and Health Information Technology (Part 1)...Introduction to Health Informatics and Health Information Technology (Part 1)...
Introduction to Health Informatics and Health Information Technology (Part 1)...
Nawanan Theera-Ampornpunt
 
e-Health Applications
e-Health Applicationse-Health Applications
e-Health ApplicationsDeepak Kumar Mohapatra
 
Healthcare Security Fundamentals
Healthcare Security FundamentalsHealthcare Security Fundamentals
Healthcare Security Fundamentals
Estellesc
 
Hospital information system for Nurses
Hospital information system for NursesHospital information system for Nurses
Hospital information system for Nurses
Royal College of Nursing
 
Health Information Management Overview
Health Information Management OverviewHealth Information Management Overview
Health Information Management OverviewDaphnee Fuentevilla
 
definitionclassificationandfumctionofhospital-170916092723.pdf
definitionclassificationandfumctionofhospital-170916092723.pdfdefinitionclassificationandfumctionofhospital-170916092723.pdf
definitionclassificationandfumctionofhospital-170916092723.pdf
DicksonDaniel7
 
Electronic Medical Records
Electronic Medical RecordsElectronic Medical Records
Electronic Medical Records
S A Tabish
 
Discharge Management (Vienna 09)
Discharge Management (Vienna 09)Discharge Management (Vienna 09)
Discharge Management (Vienna 09)
jescarra
 
Healthcare Data Management: Three Principles of Using Data to Its Full Potential
Healthcare Data Management: Three Principles of Using Data to Its Full PotentialHealthcare Data Management: Three Principles of Using Data to Its Full Potential
Healthcare Data Management: Three Principles of Using Data to Its Full Potential
Health Catalyst
 
Seminar on cost effectiveness
Seminar on cost effectivenessSeminar on cost effectiveness
Seminar on cost effectiveness
SUNANDA Amogh_Aniketh
 
Patients’ privacy and confidentiality
Patients’ privacy and confidentialityPatients’ privacy and confidentiality
Patients’ privacy and confidentiality
bernardsanch
 
Intro to information governance booklet
Intro to information governance bookletIntro to information governance booklet
Intro to information governance booklet
Gerardo Medina
 
Data Privacy and consent management .. .
Data Privacy and consent management .. .Data Privacy and consent management .. .
Data Privacy and consent management .. .
ClinosolIndia
 

More Related Content

What's hot

Clinical Decision Support Systems
Clinical Decision Support SystemsClinical Decision Support Systems
Clinical Decision Support Systems
Nawanan Theera-Ampornpunt
 
Stark Law (by Naira Matevosyan)
Stark Law (by Naira Matevosyan)Stark Law (by Naira Matevosyan)
Stark Law (by Naira Matevosyan)
Naira R. Matevosyan, MD, MSJ, PhD
 
Health Informatics- Module 1-Chapter 1.pptx
Health Informatics- Module 1-Chapter 1.pptxHealth Informatics- Module 1-Chapter 1.pptx
Health Informatics- Module 1-Chapter 1.pptx
Arti Parab Academics
 
Public Health informatics, Consumer health informatics, mHealth & PHRs (Novem...
Public Health informatics, Consumer health informatics, mHealth & PHRs (Novem...Public Health informatics, Consumer health informatics, mHealth & PHRs (Novem...
Public Health informatics, Consumer health informatics, mHealth & PHRs (Novem...
Nawanan Theera-Ampornpunt
 
History of Nursing - Modern Era
History of Nursing - Modern EraHistory of Nursing - Modern Era
History of Nursing - Modern Era
Nimmirobins
 
Integrated clinical information systems
Integrated clinical information systemsIntegrated clinical information systems
Integrated clinical information systems
Vijay Raj Yanamala
 
ICT in Healthcare
ICT in HealthcareICT in Healthcare
ICT in Healthcare
Nawanan Theera-Ampornpunt
 
Introduction to Health Informatics and Health Information Technology (Part 1)...
Introduction to Health Informatics and Health Information Technology (Part 1)...Introduction to Health Informatics and Health Information Technology (Part 1)...
Introduction to Health Informatics and Health Information Technology (Part 1)...
Nawanan Theera-Ampornpunt
 
Healthcare Security Fundamentals
Healthcare Security FundamentalsHealthcare Security Fundamentals
Healthcare Security Fundamentals
Estellesc
 
Hospital information system for Nurses
Hospital information system for NursesHospital information system for Nurses
Hospital information system for Nurses
Royal College of Nursing
 
Health Information Management Overview
Health Information Management OverviewHealth Information Management Overview
Health Information Management OverviewDaphnee Fuentevilla
 
definitionclassificationandfumctionofhospital-170916092723.pdf
definitionclassificationandfumctionofhospital-170916092723.pdfdefinitionclassificationandfumctionofhospital-170916092723.pdf
definitionclassificationandfumctionofhospital-170916092723.pdf
DicksonDaniel7
 
Electronic Medical Records
Electronic Medical RecordsElectronic Medical Records
Electronic Medical Records
S A Tabish
 
Discharge Management (Vienna 09)
Discharge Management (Vienna 09)Discharge Management (Vienna 09)
Discharge Management (Vienna 09)
jescarra
 
Healthcare Data Management: Three Principles of Using Data to Its Full Potential
Healthcare Data Management: Three Principles of Using Data to Its Full PotentialHealthcare Data Management: Three Principles of Using Data to Its Full Potential
Healthcare Data Management: Three Principles of Using Data to Its Full Potential
Health Catalyst
 
Seminar on cost effectiveness
Seminar on cost effectivenessSeminar on cost effectiveness
Seminar on cost effectiveness
SUNANDA Amogh_Aniketh
 
Patients’ privacy and confidentiality
Patients’ privacy and confidentialityPatients’ privacy and confidentiality
Patients’ privacy and confidentiality
bernardsanch
 

What's hot (20)

Informatics & Technology in Nursing
Informatics & Technology in NursingInformatics & Technology in Nursing
Informatics & Technology in Nursing
 
Clinical Decision Support Systems
Clinical Decision Support SystemsClinical Decision Support Systems
Clinical Decision Support Systems
 
Stark Law (by Naira Matevosyan)
Stark Law (by Naira Matevosyan)Stark Law (by Naira Matevosyan)
Stark Law (by Naira Matevosyan)
 
Health Informatics- Module 1-Chapter 1.pptx
Health Informatics- Module 1-Chapter 1.pptxHealth Informatics- Module 1-Chapter 1.pptx
Health Informatics- Module 1-Chapter 1.pptx
 
Public Health informatics, Consumer health informatics, mHealth & PHRs (Novem...
Public Health informatics, Consumer health informatics, mHealth & PHRs (Novem...Public Health informatics, Consumer health informatics, mHealth & PHRs (Novem...
Public Health informatics, Consumer health informatics, mHealth & PHRs (Novem...
 
4. advocacy in nursing
4. advocacy in nursing4. advocacy in nursing
4. advocacy in nursing
 
History of Nursing - Modern Era
History of Nursing - Modern EraHistory of Nursing - Modern Era
History of Nursing - Modern Era
 
Integrated clinical information systems
Integrated clinical information systemsIntegrated clinical information systems
Integrated clinical information systems
 
ICT in Healthcare
ICT in HealthcareICT in Healthcare
ICT in Healthcare
 
Introduction to Health Informatics and Health Information Technology (Part 1)...
Introduction to Health Informatics and Health Information Technology (Part 1)...Introduction to Health Informatics and Health Information Technology (Part 1)...
Introduction to Health Informatics and Health Information Technology (Part 1)...
 
e-Health Applications
e-Health Applicationse-Health Applications
e-Health Applications
 
Healthcare Security Fundamentals
Healthcare Security FundamentalsHealthcare Security Fundamentals
Healthcare Security Fundamentals
 
Hospital information system for Nurses
Hospital information system for NursesHospital information system for Nurses
Hospital information system for Nurses
 
Health Information Management Overview
Health Information Management OverviewHealth Information Management Overview
Health Information Management Overview
 
definitionclassificationandfumctionofhospital-170916092723.pdf
definitionclassificationandfumctionofhospital-170916092723.pdfdefinitionclassificationandfumctionofhospital-170916092723.pdf
definitionclassificationandfumctionofhospital-170916092723.pdf
 
Electronic Medical Records
Electronic Medical RecordsElectronic Medical Records
Electronic Medical Records
 
Discharge Management (Vienna 09)
Discharge Management (Vienna 09)Discharge Management (Vienna 09)
Discharge Management (Vienna 09)
 
Healthcare Data Management: Three Principles of Using Data to Its Full Potential
Healthcare Data Management: Three Principles of Using Data to Its Full PotentialHealthcare Data Management: Three Principles of Using Data to Its Full Potential
Healthcare Data Management: Three Principles of Using Data to Its Full Potential
 
Seminar on cost effectiveness
Seminar on cost effectivenessSeminar on cost effectiveness
Seminar on cost effectiveness
 
Patients’ privacy and confidentiality
Patients’ privacy and confidentialityPatients’ privacy and confidentiality
Patients’ privacy and confidentiality
 

Similar to Information governance

Intro to information governance booklet
Intro to information governance bookletIntro to information governance booklet
Intro to information governance booklet
Gerardo Medina
 
Data Privacy and consent management .. .
Data Privacy and consent management .. .Data Privacy and consent management .. .
Data Privacy and consent management .. .
ClinosolIndia
 
Data privacy and consent management (K.sailaja).pptx
Data privacy and consent management (K.sailaja).pptxData privacy and consent management (K.sailaja).pptx
Data privacy and consent management (K.sailaja).pptx
kandalamsailaja17
 
Governance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy HawkesGovernance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy Hawkeshealthcareisi
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy
Amiit Keshav Naik
 
Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...
3GDR
 
Pdpa presentation
Pdpa presentationPdpa presentation
Pdpa presentation
Alan Teh
 
Data protection and data integrity
Data protection and data integrity Data protection and data integrity
Data protection and data integrity
Axon Lawyers
 
Data Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient InformationData Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient Information
ClinosolIndia
 
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationThe U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
Cognizant
 
Protection of patient data in EU vs. US
Protection of patient data in EU vs. USProtection of patient data in EU vs. US
Protection of patient data in EU vs. US
Erik R. Ranschaert, MD, PhD
 
Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015
Patrick Doyle
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc
 
TrustArc Webinar: Level-Up Your Healthcare Privacy Program
TrustArc Webinar: Level-Up Your Healthcare Privacy ProgramTrustArc Webinar: Level-Up Your Healthcare Privacy Program
TrustArc Webinar: Level-Up Your Healthcare Privacy Program
TrustArc
 
Ethical Considerations for Healthcare Analytics Data Disposal.pdf
Ethical Considerations for Healthcare Analytics Data Disposal.pdfEthical Considerations for Healthcare Analytics Data Disposal.pdf
Ethical Considerations for Healthcare Analytics Data Disposal.pdf
Alex860662
 
Slides dr farah jameel's gdpr presentation april 2018
Slides dr farah jameel's gdpr presentation april 2018Slides dr farah jameel's gdpr presentation april 2018
Slides dr farah jameel's gdpr presentation april 2018
amirhannan
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
Harrison Clark Rickerbys
 
What You Need to Know About Privacy
What You Need to Know About PrivacyWhat You Need to Know About Privacy
What You Need to Know About Privacy
Now Dentons
 
What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!
Now Dentons
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
Harrison Clark Rickerbys
 

Similar to Information governance (20)

Intro to information governance booklet
Intro to information governance bookletIntro to information governance booklet
Intro to information governance booklet
 
Data Privacy and consent management .. .
Data Privacy and consent management .. .Data Privacy and consent management .. .
Data Privacy and consent management .. .
 
Data privacy and consent management (K.sailaja).pptx
Data privacy and consent management (K.sailaja).pptxData privacy and consent management (K.sailaja).pptx
Data privacy and consent management (K.sailaja).pptx
 
Governance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy HawkesGovernance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy Hawkes
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy
 
Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...
 
Pdpa presentation
Pdpa presentationPdpa presentation
Pdpa presentation
 
Data protection and data integrity
Data protection and data integrity Data protection and data integrity
Data protection and data integrity
 
Data Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient InformationData Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient Information
 
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationThe U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
 
Protection of patient data in EU vs. US
Protection of patient data in EU vs. USProtection of patient data in EU vs. US
Protection of patient data in EU vs. US
 
Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
 
TrustArc Webinar: Level-Up Your Healthcare Privacy Program
TrustArc Webinar: Level-Up Your Healthcare Privacy ProgramTrustArc Webinar: Level-Up Your Healthcare Privacy Program
TrustArc Webinar: Level-Up Your Healthcare Privacy Program
 
Ethical Considerations for Healthcare Analytics Data Disposal.pdf
Ethical Considerations for Healthcare Analytics Data Disposal.pdfEthical Considerations for Healthcare Analytics Data Disposal.pdf
Ethical Considerations for Healthcare Analytics Data Disposal.pdf
 
Slides dr farah jameel's gdpr presentation april 2018
Slides dr farah jameel's gdpr presentation april 2018Slides dr farah jameel's gdpr presentation april 2018
Slides dr farah jameel's gdpr presentation april 2018
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
 
What You Need to Know About Privacy
What You Need to Know About PrivacyWhat You Need to Know About Privacy
What You Need to Know About Privacy
 
What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 

More from Gerardo Medina

How to use must
How to use mustHow to use must
How to use must
Gerardo Medina
 
Nutrition and must
Nutrition and mustNutrition and must
Nutrition and must
Gerardo Medina
 
Case law medicines management
Case law medicines managementCase law medicines management
Case law medicines management
Gerardo Medina
 
The law and medicine management
The law and medicine managementThe law and medicine management
The law and medicine management
Gerardo Medina
 
Return to professional practice drug calculation
Return to professional practice drug calculationReturn to professional practice drug calculation
Return to professional practice drug calculation
Gerardo Medina
 
NMC handbook on Prep Requirements
NMC handbook on Prep RequirementsNMC handbook on Prep Requirements
NMC handbook on Prep Requirements
Gerardo Medina
 

More from Gerardo Medina (6)

How to use must
How to use mustHow to use must
How to use must
 
Nutrition and must
Nutrition and mustNutrition and must
Nutrition and must
 
Case law medicines management
Case law medicines managementCase law medicines management
Case law medicines management
 
The law and medicine management
The law and medicine managementThe law and medicine management
The law and medicine management
 
Return to professional practice drug calculation
Return to professional practice drug calculationReturn to professional practice drug calculation
Return to professional practice drug calculation
 
NMC handbook on Prep Requirements
NMC handbook on Prep RequirementsNMC handbook on Prep Requirements
NMC handbook on Prep Requirements
 

Recently uploaded

Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
Nguyen Thanh Tu Collection
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
Academy of Science of South Africa
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
Best Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDABest Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDA
deeptiverma2406
 
S1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptxS1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptx
tarandeep35
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
DhatriParmar
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Dr. Vinod Kumar Kanvaria
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
Special education needs
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
Israel Genealogy Research Association
 
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBCSTRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
kimdan468
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
camakaiclarkmusic
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
Peter Windle
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
Celine George
 

Recently uploaded (20)

Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
Best Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDABest Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDA
 
S1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptxS1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptx
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
 
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBCSTRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
 

Information governance

  • 2. www.cddft.nhs.uk Key Learning Points What Information Governance is. What YOU need to do to make this work. Follow the Caldicott Guidelines Provide a Confidential Service Comply with the Law. Understand the Data Protection Act Principles Recognise a Freedom of Information Act request Follow the Records Management NHS Code. Keep Information Secure. Input Quality Information.
  • 3. www.cddft.nhs.uk NHS IG Standards After serious losses of personal information, including the loss in 2007 of computer disks containing the names, addresses and bank details of 25 million child benefit claimants, the Government conducted a Data Handling Review (June 2008). This sets out mandatory measures for public bodies on protecting personal data such as staff training and committed the Government to publicly reporting progress on putting these measures into place.
  • 4. www.cddft.nhs.uk NHS IG Standards • The first progress report of the UK Government’s Data Handling Review was published in January 2010 and noted the NHS progress in improving the following standards of information handling: • Performance management to push improvements. • Contracts with organisations being renegotiated to make sure confidentiality and security protections are in place. • Older computer systems being replaced with modern systems that have state of the art security. • Nearly one million encryption licences were in use under a nationally negotiated contract. • Encryption had been mandated for all patient data held on portable devices (e.g. memory sticks, laptops). • Online training was made available to over one million staff (e.g. IG training module). • The information governance framework and guidance had been further developed so that NHS organisations were clear about expected standards.
  • 5. www.cddft.nhs.uk The NHS operating framework The Department of Health (DH) published an ‘Operating Framework’ which set out objectives for the NHS key themes included: •Organisations must meet all Information Governance requirements set out by DH by 31st March each year (the level of compliance is then reported to DH and Care Quality Commission) •Ensuring that all staff receive annual basic Information Governance training (through the online NHS IG Training Tool, Face to Face or Accredited Learning Package). •Reporting on the management of information risks •Publishing security breaches in annual reports.
  • 6. www.cddft.nhs.uk CONFIDENTIALITY Personal Information Sensitive Personal Information Personal information is legally classed as sensitive when it makes reference to particular matters of an identifiable person, such as his/her health, ethnicity, religion, criminal record or sexual life. These are also listed in the Data Protection Act 1998. Other details, e.g. a person’s bank account details, DNA or finger prints are not listed in the Data Protection Act 1998 but are still regarded as sensitive because of the damage and distress that could be caused if they were not properly protected. The rules set out in the Data Protection Act only apply to information about living individuals – not the deceased. This differs to the common law duty of confidentiality which continues after the death of the patient. Information about an individual is personal information when it enables an individual to be identified. It is non-personal when it doesn’t. This isn’t always straightforward, e.g. a person’s name and address are clearly personal information when presented together, but an unusual surname may itself enable someone to be identified. This is an important distinction in law.
  • 7. www.cddft.nhs.uk CONFIDENTIALITY Confidential Information – Health & Staff Information Personal and sensitive personal information is classed as confidential if it was provided in circumstances where an individual could reasonably expect that it would be held in confidence, e.g. a healthcare professional and patient. This applies to staff working on behalf of the health professional such as pharmacy / dental and eyecare staff. Confidentiality is accepted to extend after the death of the patient or staff member. Personal or Sensitive Information CAN be Confidential Information Whether information is confidential or not depends on the circumstances under which it was provided. If it is: private information about a person AND given to someone who has a duty of confidence AND expected to be used in confidence THEN IT IS CONFIDENTIAL INFORMATION.
  • 8. www.cddft.nhs.uk Disclosing information Confidential information should not normally be used (which includes sharing and disclosing) unless one of the following criteria are met. 1. The person has given consent for the disclosure. For patients: • Consent may be implied for care purposes and related purposes that support or check the quality of care provided. • For other purposes consent should be specifically sought. 2. There is a legal basis which permits or requires disclosure of confidential information. 3. There are exceptional circumstances (e.g. investigation or prevention of serious crime) where the overriding public interest outweighs the duty of confidentiality.
  • 9. www.cddft.nhs.uk Caldicott guardian •In 1997 a review was carried out into the use of patient identifiable information in the NHS. This was carried out because there were concerns about how patient information was being handled and transferred. •Dame Fiona Caldicott chaired the ‘Caldicott Review’. The report set out principles and recommendations for the security of patient information. •An important recommendation was that a senior clinician should be nominated in each NHS Trust to act as the Trust’s conscience for the uses of patient identifiable information. These senior clinicians are known as ‘Caldicott Guardians’. •In independent contractor organisations such as General Practice, Pharmacy, Dental Practice and Eye Care Services a person, normally the practice manager, will act as the ‘Information Governance Lead’ and coordinate Information Governance issues including the Caldicott principles and recommendations.
  • 10. www.cddft.nhs.uk Six Caldicott principles The six Caldicott principles support the confidentiality and security controls on using patient information. The principles should be used whenever a use of confidential information is being considered and in particular when there is an intention to transfer confidential information to another organisation: 1. Justify the purpose for using confidential information. 2. Only use it when absolutely necessary. 3. Use the minimum required. 4. Access should be on a strict need-to-know basis. 5. Everyone must understand their responsibilities. 6. Everyone must understand and comply with the law.
  • 11. www.cddft.nhs.uk NHS care record guarantee The National Information Governance Board is a statutory body which champions the confidentiality and security of health and social care services records, especially records containing clinical and care information. The Board published the NHS Care Record Guarantee in 2005. The Guarantee sets out rules that govern how patient information is used in the NHS. This includes: •people’s access to their own records •controls; monitoring and policing staff access to patient files •options that patients have to limit access •access in an emergency •what happens when someone cannot make decisions for themselves.
  • 12. www.cddft.nhs.uk Data Protection Act 1998 UK law in the form of the Data Protection Act 1998 governs how organisations may use personal information (about living people), including how they acquire, store, share or dispose of it. The Information Commissioners Office (ICO) is the UK’s independent regulator set up to uphold the public’s information rights by promoting data privacy for individuals (and openness by public bodies). The ICO investigates complaints made by the public and provides guidance for the public and organisations. Under the Act, organisations that process personal information must notify the ICO (unless they are exempt). The organisations’ details are entered on a public register (available on the internet). Failure to notify is a criminal offence.
  • 13. www.cddft.nhs.uk COMPLY WITH THE LAW Data Protection Act 1998 – It is your responsibility to understand the principles in relation to your role and the organisation. The Data Protection Principles - Personal data must be: 1. Processed fairly and lawfully 2. Processed for specified purposes 3. Adequate, relevant and not excessive 4. Accurate and up-to-date 5. Not kept for longer than necessary 6. Processed in accordance with the rights of data subjects 7. Protected by appropriate security (practical and organisational) 8. Not transferred outside the EEA without adequate protection
  • 14. www.cddft.nhs.uk FREEDOM OF INFORMATION ACT Public Authorities (including NHS Trusts, Local Authorities, Dentists, Doctors, Eye Care Services and Pharmacists), are subject to the legal obligations of the Freedom of Information (FOI) Act 2000. Public Authorities have only 20 working days to respond to written information requests. This is the limit set out by law. Speak to your Line Manager if you are unsure about your organisation’s procedure for dealing with FOI requests. The Information Commissioners Office (ICO) is the independent regulator set up to uphold people’s information rights by promoting openness for public bodies. The CDDFT Freedom of Information Officer is JOANNA TYRELL (nee JENKINS)
  • 15. www.cddft.nhs.uk NHS Constitution The NHS Constitution was first published on 21 January 2009 and was updated after public consultation in March 2010. It describes the principles of the NHS in England and the rights and responsibilities of patients, public and staff. One such right is that patients can expect the NHS to keep their confidential information safe and secure. All NHS bodies and private and third sector providers supplying NHS services are required by law to take account of the NHS Constitution in their decisions and actions. The NHS Constitution will be renewed every ten years.
  • 16. www.cddft.nhs.uk HANDLING INFORMATION Holding it securely and confidentially Obtaining it fairly and efficiently Recording it accurately and reliably Using it effectively and ethically Sharing it appropriately and lawfully
  • 17. www.cddft.nhs.uk If you are not sure or in doubt, don’t disclose. Immediately seek further advice from your Line Manager or The Caldicott Guardian
  • 18. www.cddft.nhs.uk Follow the Records Management NHS Code of Practice Best Practice Guidance States: All Staff have a legal and professional obligation to be responsible for any records which they create or use in the performance of their duties. Any record created by an individual, up to the end of its retention period, is a public record and subject to Information requests (FOI, DPA and Subject Access).
  • 19. www.cddft.nhs.uk Input Quality Information Right information, Right place, Right time Accuracy is just one quality that we expect in records. But other qualities are also needed for the information to be useful, e.g. it would be pointless having information which was 100% accurate but wasn’t available in time for it to be used. Information is used to make decisions throughout the health sector each day in all sorts of situations. Sometimes this information needs to be extremely high quality, such as quick and accurate test results to help decide a patient’s urgent condition and treatment. Other information may be less urgent or the level of accuracy may be less vital, such as an annual national comparison of ‘flu injections for forward planning. Whatever the situation, the right information should be in the right place at the right time - and that needs to be achieved every time. Poor quality information Poor quality information is bad for patient care, bad for funding and bad for reputation, e.g. Incomplete, inadequately analysed data can lead to serious failures in service. Poor demographic data results in duplicate and confused entries on patient record systems. Confused patient identity numbers can lead to the wrong patient being treated. Inadequate records lead to poorly planned care. Poor data results in poor commissioning, monitoring, planning and financing of services.
  • 20. www.cddft.nhs.uk Input Quality Information High quality information The NHS takes Information Quality very seriously because the consequences can be vital to patient outcomes or, in the case of planning, result in too much or not enough service provision. High quality means: C omplete A ccurate R elevant A ccessible T imely
  • 21. www.cddft.nhs.uk DON’T SHARE YOUR SMARTCARD OR PASSWORD “Can I borrow your Credit Card & PIN number?” “Of course you can!” Could you imagine having this conversation with a colleague?
  • 23. www.cddft.nhs.uk Major causes of breaches include • Information disclosed in error • Lost data/hardware • Information lost in transit • Stolen data or hardware • A technical or procedural failure • Breach arising from non-secure disposal SECURITY BREACHES
  • 24. www.cddft.nhs.uk • Follow Organisation Policies • Protect Information Physically • Practice Password Management • Transfer Information Securely • Report Breaches of Security to Management Keep Information Secure It is your responsibility to keep all personal & sensitive information secure