Information governance Flashcards
What is the information governance toolkit?
The information governance toolkit (IG toolkit) addresses the governance, policy and management aspects of security.
What legislation is the information toolkit based on?
NHS Act 2006
Health and Social Care Act 2012
The Data Protection Act
The Human Rights Act
What is the role of a Caldicott Guardian?
Each trust will have at least one caldicott guardian whos role is to :
- Ensures NHS England satisfies the highest practical standards for handling patient information
- Facilitates and enables appropriate information sharing and make decisions on behalf of NHS England following advice for lawful and ethical processing of information.
- Represents and champions information governance requirements and issues at board level.
- Ensure that confidentiality issues are appropriately reflected in organisational practice, strategies and policies
- Oversee arrangements, protocols and procedures where confidential patient information may be shared with external bodies both within and outwith the NHS.
What are the key information governance policies?
- Data protection policy. This policy sets out the roles and responsibilities for compliance with the Data Protection Act.
- Freedom of Information policy. This policy ste sout the roles and responsibilities for compliance with the Freedom of Information Act
- Confidentiality policy. This policy lays down the principles which must be followed by all who work in the NHS and access personal or confidential business information. All staff must be aware of their responsibilities for safeguarding confidentiality and preserving information security in order to comply with common law obligations of confidentiality.
- Information Security Policy. This policy is to protect to a consistently high standard all information assets. It defines security measures.
- Documents & Records management policy. This policy promotes effective management and use of information.
- Information Sharing Policy. This policy ensures that all information held or processed is made subject to appropriate protection of confidentiality. This policy sets out what is required to ensure fair and equal access is provided.
What are the three main aspects of data security?
Confidentiality
Integrity
Availability
What are the two exceptions to confidentiality?
A legal reason to disclose information such as acts of parliament or court orders
A public interest justification such as a serious crime
What are the main rights of the data protection act 1998?
- The right to be informed about what your data is being used for and who is using it
- To see and have a copy of the information
- To have objections to their information being processed where they claim unwarranted damage or distress as a result
- To have objection to the use and sharing of the information unless there are exceptional reasons to the contrary
What are the three means of communication a freedom of information request can be made?
Letter / Post
Fax
Email
(NOT verbal)
What is the turnaround time for a freedom of information request?
20 days
What are the attributes of good record keeping?
- Information is accurate and up to date
- Recorded and complete
What are the three main types of security breach in the NHS?
- Loss or theft of paperwork
- Data posted or faxed to the wrong recipient
- Failure to have in place appropriate security to prevent personal data being accidentally or deliberately compromised.