Académique Documents
Professionnel Documents
Culture Documents
Policy: GV00
Policy Descriptor
This Policy defines the Strategy for the Information Governance framework,
including people, resources, the culture and the processes necessary to
ensure efficient management of the information needed to support the core
purpose of the Trust in caring for individuals and improving public health.
Document Control
Policy Ref No & Title: GV00 Information Governance, Policy & Strategy
Version: v1.5
Replaces / dated: Previous Policy dated Jan 15
Author(s) Names / Job Title Susan Banham, Information Governance Manager
responsible / email: susan.banham@nhs.net
Ratifying committee: IM&T strategy group
Director / Sponsor: Helen Smith, Medical Director
Primary Readers: All Staff
Additional Readers
Date ratified: 28 Feb 2017
Date issued: June 2016
Date for review: February 2019
Date archived:
Other Relevant Standards met: Requirements 8-101,8-105,8-300,8-301,8-302,8-307 IG Toolkit
Contents
1. Introduction ............................................................................................................................ 3
2. Purpose .................................................................................................................................. 3
5. Principles ............................................................................................................................... 6
7. References ............................................................................................................................. 8
2
1. Introduction
1.1. This Policy sets out the Strategic approach that Devon Partnership NHS Trust will adopt to
provide a robust Information Governance framework for the future management of
information.
1.2. Information is a vital asset, both in terms of the clinical management of individual patients
and the efficient management of services and resources. It plays a key part in clinical
governance, service planning and performance management.
2. Purpose
2.1. The purpose of this Policy is to define the Strategy for the Information Governance
framework, including people, resources, the culture and the processes necessary to ensure
the information needed to support the core purpose of the Trust in caring for individuals and
improving public health.
3.1. It is the role of Devon Partnership NHS Trust Board to define the Trust’s policy in respect
of Information Governance, taking into account legal and NHS requirements. The Board is
also responsible for ensuring that sufficient resources are provided to support the
requirements of the policy.
3.2. The IM&T strategy Group is responsible for overseeing day to day Information
Governance issues; developing and maintaining policies, standards, procedures and
guidance, coordinating Information Governance in Devon Partnership NHS Trust and
raising awareness of Information Governance.
3.3. The Trust Medical Director is the Caldicott Guardian. The Caldicott Guardian is
responsible for supporting appropriate information sharing, advising on options for lawful
and ethical processing of information and acting as advocate for confidentiality and
information sharing requirements and issues on the Board.
3.4. The Trust Chief Information Officer is the Senior Information Risk Officer (SIRO) and is
responsible for taking ownership of the Trust’s information risk policy and acting as
advocate for information risk on the Board.
3.5. The Chief Information Officer is the Trust’s nominated Data Protection officer and is
responsible for ensuring that the Trust meets it’s legal obligations in relation to the Data
Protection Act (1998) and the Freedom of Information Act (2000).
3.6. The Information Governance Manager is responsible for leading on the Trusts
Information Governance Agenda including monitoring and co-ordinating Subject Access
Requests under the Data protection Act and requests under the Freedom of Information
Act, issues on confidentiality and data protection and Records Management, drawing up the
Trust response to the Information Governance Toolkit, identifying areas for improvement
and producing and implementing an action plan to address any deficiencies.
3.7. Information Asset Owners (IAOs) are responsible for understanding and addressing risks
to the information assets they ‘own’ and for providing assurance to the SIRO on the security
and use of those assets
3
3.8. Managers within Devon Partnership NHS Trust are responsible for ensuring that the policy
and its supporting standards and guidelines are built into local processes and that there is
on-going compliance.
3.9. All staff, whether permanent, temporary or contracted, and contractors are responsible for
ensuring that they are aware of the requirements incumbent upon them and for ensuring
that they comply with these on a day to day basis.
4.1. There are two key components underpinning this strategy which are:
The Trust Information Governance Policy, which outlines the objectives for information
governance; and
An annual action plan arising from a base line assessment against the standards set
out in the NHS Information Governance toolkit (NHS Digital).
4.3. The IM&T strategy Group reports assurance to the Finance and Investment Committee.
The Terms of Reference identify the scope and purpose of this group for taking forward
improvements in Information Governance.
4.4. The IM&T strategy Group has overall responsibility for overseeing the implementation of
this strategy, the Information Governance policy and the Information Governance action
plan. All will be subject to periodic review and progress reported to the Senior Management
Board. There is representation within the organisation to ensure that Information
Governance is embedded within the organisation structure.
4.5. The Medical Director and Caldicott Guardian is the named representative on the Board with
responsibility for Information Governance. The Caldicott Guardian will also identify a
number of Safer Information champions to assist in monitoring progress towards improving
performance. The following staff members are registered as champions of the Information
Governance Toolkit, which will support the Information Governance Manager:
Medical Director
Risk Manager
4
PALS Manager
4.6. The Trust will complete a self-assessment against the objectives for Information
Governance utilising the NHS Information Governance web based toolkit by 31st March
each year. Completing this toolkit will identify the gaps in the Trust’s Information
Governance systems and an action plan will be drawn up with proposed solutions and
timescales. The IM&T strategy group will monitor and performance manage these actions
plans to ensure continual progress towards improvement.
4.7. This strategy cannot be seen in isolation as information plays a key part in Governance,
Strategic Risk, Clinical Governance and service planning and performance management.
The Strategy therefore links into all of these aspects of the organisation. In addition the
Trust has identified Information Governance as a risk within the organisation. The
implementation of this strategy will undoubtedly reduce the level of the current risk.
The Trust will ensure that all staff receive training in the areas of Information
Governance.
The Trust will ensure that the staff induction programme includes Data Protection and
Caldicott awareness.
There will be specific detailed training in the area of Information Governance for staff
where appropriate to their roles.
All Managers will be responsible for raising Information Governance awareness within
their teams.
The Trust will ensure that suitable guidance is made available to staff by appropriate
means including on the Trust intranet DAISY.
4.9. This information Governance policy and strategy will be posted under the policy section of
the Trust’s website. Managers are to ensure that their staff are aware of and adhere to the
Trust s Information Governance policy and procedures.
4.10. The IM&T strategy Group will identify any associated resource implications incurred by the
implementation of the Information Governance policy and action plan. Business cases will
be developed and submitted for consideration.
4.11. Information Governance will be performance managed by the IM&T strategy Group and
assurance will be reported to the Finance and Investment Committee. A performance
report will also be submitted to the Department of Health on an annual basis, via the
Information Governance Toolkit.
5. Principles
5.1. Devon Partnership NHS Trust recognises the need for an appropriate balance between
openness and confidentiality in the management and use of information. Devon Partnership
NHS Trust fully supports the principles of corporate governance and recognises its public
accountability, but equally places importance on the confidentiality of, and the security
arrangements to safeguard, both personal information about patients and staff and
commercially sensitive information. Devon Partnership NHS Trust also recognises the need
to share patient information with other health organisations and other agencies in a
controlled manner consistent with the interests of the patient and, in some circumstances,
the public interest.
5.2. Devon Partnership NHS Trust believes that accurate, timely and relevant information is
essential to deliver the highest quality health care. As such it is the responsibility of all
clinicians and managers to ensure and promote the quality of information and to actively
use information in decision making processes.
5.3. There are 4 key interlinked strands to the information governance policy:
Openness
Legal compliance
Information security
Quality assurance
5.4. Openness
Non-confidential information on Devon Partnership NHS Trust and its services should
be available to the public through a variety of media, in line with the Trust’s code of
openness and the Freedom of Information Act 2000.
Devon Partnership NHS Trust will establish and maintain policies to ensure compliance
with the Freedom of Information Act 2000 and the Environmental Information
Regulations 2004. See GV05 Freedom of Information
Devon Partnership NHS Trust will undertake or commission regular assessments and
audits of its policies and arrangements for openness.
Patients should have ready access to information relating to their own health care, their
options for treatment and their rights as patients. See GV01 Access To Health
Records Policy
Devon Partnership NHS Trust will have clear procedures and arrangements for liaison
with the press and broadcasting media. Contact the Communications department at
Wonford House, Exeter on 01392 208693 for further details.
6
Devon Partnership NHS Trust will have clear procedures and arrangements for
handling queries from patients and the public. Contact PALS Freephone 0800 0730
741 for further details.
Devon Partnership NHS Trust regards all identifiable personal information relating to
patients as confidential.
Devon Partnership NHS Trust will undertake or commission regular assessments and
audits of its compliance with legal requirements.
Devon Partnership NHS Trust regards all identifiable personal information relating to
staff as confidential except where national policy on accountability and openness
requires otherwise.
Devon Partnership NHS Trust will establish and maintain policies to ensure compliance
with the Data Protection Act, Human Rights Act and common law confidentiality.
Devon Partnership NHS Trust will establish and maintain policies for the controlled and
appropriate sharing of patient information with other agencies, taking account of
relevant legislation (e.g. Health and Social Care Act, Crime and Disorder Act,
Protection of Children Act).
Devon Partnership NHS Trust will establish and maintain policies for the effective and
secure management of its information assets and resources.
Devon Partnership NHS Trust will undertake or commission regular assessments and
audits of its information and IT security arrangements. See G03 Information
Management And Technology Security Policy
Devon Partnership NHS Trust will promote effective confidentiality and security practice
to its staff through policies, procedures and training and will ensure that staff contracts
include appropriate clauses covering Information Governance standards and
responsibilities with regard to Data Protection, Confidentiality and Information Security.
Devon Partnership NHS Trust will establish and maintain incident reporting procedures
and will monitor and investigate all reported instances of actual or potential breaches of
confidentiality and security. Disciplinary action will be taken as appropriate in
accordance with the Trust Disciplinary Procedure.
The Trust will establish and maintain procedures to ensure that appropriate Information
Governance requirements are included in contractual arrangements with third parties.
Devon Partnership NHS Trust will establish and maintain policies and procedures for
information quality assurance and the effective management of records. See GV01
Access To Health Records Policy and GV06 Records Management Policy & Strategy
Devon Partnership NHS Trust will undertake or commission regular assessments and
audits of its information quality and records management arrangements.
7
Managers are expected to take ownership of, and seek to improve, the quality of
information within their services.
Data standards will be set through clear and consistent definition of data items, in
accordance with national standards.
Devon Partnership NHS Trust will promote information quality and effective records
management through policies, procedures/user manuals and training.
6. Key Policies/Procedures:
7. References
8
Appendix 1 - Information Governance Framework summary
2017/2018
Key Roles
Key Policies
Note that all policies and procedural documents are disseminated and published on the Trust
website in accordance with the Policy for the Development and management of Policies and
Procedural Documents G01
9
core purpose of the Trust in caring for individuals and
improving public health.
Subject Access
Request and Sets out the procedure and standards for staff to
Reviewed
Access to Health adopt when dealing with requests for Access to Health
February 2017.
Records Policy Records
GV01
Confidentiality The procedures and standards for staff to adopt when Reviewed
Policy GV03 dealing with confidential matters February 2016.
Risk
Management The Trusts Risk Management Strategy and the
Strategy, Policy framework for the establishment and implementation Reviewed
and Risk of a risk management process (Includes Management February 2016
Assessment of Risks relating to Information Assets January 2014)
Process R03
10
Resources
Caldicott Guardian
Budget The budget is set annually for Information Governance although resources
are closely linked with the wider IM&T function. Representations are made to
the Board for authorisation of any additional resource sought.
Information Governance training is part of the core training requirements for all Devon
Partnership Trust staff. For full details refer to the core training grid. Initial “face to face”
training for IG is included in the programme for Corporate Induction which all new staff are
required to attend. All staff are required to complete e learning annually and staff with
specific IG responsibilities are required to complete additional training as appropriate to their
role.
Staff guidance is provided on the Trust intranet DAISY and all policies are published on the
trust website.
Incident Management
11
the appendix to this policy
Governance Framework
Details of responsibilities and accountability are set out in the Information Governance Policy
12