Introduction & Purpose
The Information Governance Framework brings together related initiatives concerned with improving the security, processing, quality and handling of information. It incorporates the Data Protection Act 1998, the Freedom of Information Act 2000, the Human Rights Act 1998 and the common law duty of confidence. It also incorporates the NHS Code of Confidentiality; Information Security Assurance, Information Quality Assurance and Records Management and underpins the NHS Care Record Guarantee.
The purpose of this document is to provide a robust management framework to ensure that delivery of internal Information Governance assurance is delivered in accordance with national subsidence and operating frameworks.
Scope
The IG Framework is the control assurance framework which is formed by those elements of law and policy from which applicable Information Governance standards are derived. It applies only to internal Information Governance assurance.
IG Roles & Responsibilities
|
IG Function |
Job title
|
|
Director IG Lead
|
Moosa Patel, Director of Corporate Affairs
|
|
SIRO
|
Dave Marsden, Director of Strategic IM&T (CIO) |
|
Caldicott Guardian
|
Dr. David Walker, Regional Director of Public Health
|
|
Workstream Lead
|
Fabian Henderson, Information Governance Workstream Lead
|
|
DPA & FoI
|
Chris Brady, DPA & FoI Manager
|
|
Information Security
|
Julie Painter, DHIS Systems, Standards & Governance Manager (Service provided via DHIS as part of existing SLA)
|
Resources
The Director Lead for IG will hold the budget for internal IG as part of their role as budget holder for NHS East Midlands Corporate affairs and will be responsible for highlighting any resourcing issues and improvements required either in year or for the forthcoming year. IG Management Framework v1.0 Page
IG Polices & Procedures
|
Policy Name
|
Review Date
|
Approval Body
|
Review Body
|
|
IG Policy and Strategy
|
March 2011
|
Exec Team
|
IG Steering Group
|
|
Confidentiality Code of Conduct
|
March 2011
|
Exec Team
|
IG Steering Group
|
|
Creation of Records Procedure
|
March 2011
|
Exec Team
|
IG Steering Group
|
|
Data Protection Policy
|
March 2011
|
Exec Team
|
IG Steering Group
|
|
IMT Security Access Policy
|
March 2011
|
Exec Team
|
IG Steering Group
|
|
Incident Near Miss Reporting Policy
|
March 2011
|
Exec Team
|
IG Steering Group
|
|
Information Risk Policy
|
October 2010
|
Exec Team
|
IG Steering Group
|
|
Mobile Computing Procedure
|
March 2011
|
Exec Team
|
IG Steering Group
|
|
RA Policy & Procedure
|
October 2011
|
Exec Team
|
IG Steering Group
|
|
Records Archiving Procedure
|
March 2011
|
Exec Team
|
IG Steering Group
|
|
Records Mgnt Lifecycle Protocol
|
March 2011
|
Exec Team
|
IG Steering Group
|
|
Records Mgnt Lifecycle Strategy
|
March 2011
|
Exec Team
|
IG Steering Group
|
|
Safe Haven Procedure
|
March 2011
|
Exec Team
|
IG Steering Group
|
|
Transportation of Records Procedure
|
March 2011
|
Exec Team
|
IG Steering Group
|
All policies will be disseminated via NHS East Midlands Communication Team. NHS East Midlands IG Workstream Lead will also attend the Business Managers Meeting, and team meetings if required, in order to brief respective directorates to ensure a robust cascade of information.
To obtain assurance that implementation of policies and the development of robust information governance is subject to effective planning, NHS Easy Midlands IG Workstream Lead will utilise and review findings of IG awareness obtained as part of the NHS Confidential regional IG Campaign.
Internal IG Governance (Bodies & Structure)
Training & Guidance
Staff need clear guidelines on expected working practices and on the consequences of failing to follow policies and procedures. The following approach ensures that all staff receives training appropriate to their roles:
-
All staff will be briefed on IG requirements as part of their induction
-
Receive face to face training if required
-
Complete CfH’s online training tool as part of their mandatory training
IG Awareness
To ensure that raising awareness of and compliance with information governance standards is raised, NHS East Midlands will unitise the NHS Confidential IG Campaign developed in house by NHS East Midlands and deployed regionally.
To ensure that this campaign has been implemented and all staff have been informed of their responsibilities a staff survey will be undertaken post and prior to delivery of the internal campaign. IG Management Framework v1.0 Page 7 of 7
IG Internal Reporting
NHS East Midlands Board and Executive Team receive periodic assurance that management and accountability arrangements are adequate and are informed in a timely manner of future changes in the IG agenda by IG updates within the corporate report.
The IG Workstream will also:
-
Report IG incidents to the IG Steering Group
-
Analyse, investigate and upward report of incidents and any recommendations for remedial action
-
Produce IG work programme progress reports
-
Report on annual IG assessment and improvement plans
-
Communicate IG developments and standards to appropriate forum and staff
Policy and procedures for actual and potential breaches of confidential and person identifiable information are aligned with the guidance provided within the ‘Checklist for Reporting, Managing and Investigating Information Governance Serious Untoward Incidents’ – Gateway ref: 13177.
Caldicott Function
It is recognised that due to the strategic nature of its business NHS East Midlands hold little or no patient identifiable information. Therefore the internal Caldicott function within NHS East Midlands differs greatly from that of a standard patient focused NHS Trust. Notwithstanding this point, NHS East Midlands must have in place a recognised senior level Caldicott guardian. The Caldicott functions will be maintained by the Caldicott guardian by exception with the support of the Information Governance Steering Group and Information Governance Workstream Lead. Any issues, incidents and strategy relating to this function will be incorporated within overarching internal Information governance arrangements.
