Information Governance - bartshealthstatmand.org.uk

1 Information Governance Study guide Information Governance Regulations CQC Outcome 21. Information Governance provides relevant Confidentiality Code of Practice safeguards for the security and appropriate use of Person Identifiable Data (PID*) and The Department of Health's Confidentiality Code confidential of Practice sets standards that staff must follow to ensure patient Information is kept confidential: Barts Health NHS Trust takes Information security seriously. As a member of staff, you . All patient Information held by the Trust is bound must be aware of your responsibilities when by the Confidentiality Code of Practice.

2 Handling confidential Information .. Staff must only share patient Information Information is essential to provide safe and high- with those who need to know ie are involved quality care for patients and to manage our services in direct care. and resources.. Staff who wish to use patient Information for In order to successfully deliver highest quality purposes other than the delivery of patient care services, we must manage Information securely, eg research, presentations, must obtain the efficiently and effectively, based on robust consent of the patient in advance.

3 Policies, procedures, management accountability . The Trust's Caldicott Guardian is responsible for and a sound Governance framework for ensuring compliance with this code of practice Information management. and the Caldicott principles. Benefits of Information Governance Caldicott Guardian . Supports Barts Health's vision and values The Caldicott principles define how the NHS should . Provides assurance to patients and staff that use Information about patients for reasons other we take the security of their personal than direct provision of patient care eg management Information seriously of Trust services, complaints, monitoring and auditing Trust performance.

4 Supports patient quality and safety by ensuring that Information that is used to inform clinical For further advice on Caldicott Guardian process is accurately recorded responsibilities and principles: . Prevents unnecessary duplication of work http://bartshealthintranet/About-Us/Corp orate- Directorates/Corporate-Affairs/Informati on- . Helps to protect our staff by providing clear guidance on expected behaviour and acceptable practice.. * Name, address, full postcode, date of birth, financial details of patients or staff Pictures, photographs, videos, audio-tapes or other images of patients; copies of passports, birth certificates of staff NHS number and local patient identifiable codes; national insurance number or payroll number of staff Anything else that may be used to identify an individual directly or indirectly.

5 For example, rare diseases, drug treatments or statistical analyses with very small numbers within a small population. 1. Records management Search for: Millennium Training . Advantages of using electronic health records are The NHS care record guarantee promises that that they are immediately visible across the Trust, the NHS will take appropriate steps to make much more legible than handwriting, and the sure personal Information is accurate. All staff date/time and your name (from your SmartCard) is MUST follow record keeping guidelines to ensure added automatically.

6 Records are: . Accurate, legible and up-to-date Freedom of Information (FoI).. Free from duplication . Complete, including NHS number . The FoI Act 2000 gives the public the right to . Stored in a central manual or electronic access/view all recorded non-personal public filing system authority Information upon request. Failure to comply with the Act may damage the Trust's . tracked / traced easy-to-locate files and reputation and inappropriate handling of FoIs documents should be clearly titled and given and could also lead to investigation by the logical names Information Commissioner's Office (ICO).

7 Teams should have a central filing system with . The requester of Information must put their one or two individuals who have a designated request in writing to the Trust and has the right responsibility for managing it. All staff should to be told whether the Information is held know how to use the filing system and all staff and for it to be released, subject to certain should understand their responsibilities in regards exemptions. Exemptions apply to particular types to filing of Information , as well as to whether answering.

8 Have a documented, consistent titling system the request will take longer than 18 hours. which all staff can understand and follow. File . Written requests for Information do no have to titles should be relevant to the contents, and make reference to FoI and any member of staff reference codes where used should be logical may receive a FoI request. and include the year. All files should have their covering dates marked clearly on them . The Trust must respond to a FoI request within 20 working days.. In line with national targets outlined in Information for Health, the NHS number must be.

9 All staff have a legal duty to help individuals included in all patient correspondences obtain Information .. The Retention and Disposal of Trust Records Immediately contact if . Policy sets the timescales for the length of time you are sent a request. records must be kept. If the FoI team requests Information from your department, you must provide all relevant All staff leaving the Trust should organise / hand over Information as soon as possible and let the team their records before they leave. know if you have any issues or whether the The Trust's Corporate Records Centre provides request should be sent to a different department.

10 Storage for some types of corporate/administrative records. Data Protection Act (DPA) 1998. Electronic Patient Records The Data Protection Act 1998 sets standards for holding, obtaining, recording, using or sharing of Cerner Millennium is the core clinical IT system used data about living individuals. at Barts Health to manage electronic patient records . Personal data is Information from which an (sometimes called EHR or EPR). Training in Cerner individual can be identified eg name, address, Millennium is available at all sites.