Information Governance Management Framework

Similar documents
BUSINESS CONTINUITY MANAGEMENT POLICY

DATA PROTECTION POLICY

Commissioning Policy

Incident Reporting and Management Policy

DATA PROTECTION ACT (1998) SUBJECT ACCESS REQUEST PROCEDURE

NHS Nottinghamshire County PCT Information Governance, Management & Technology Sub-Committee. Terms of Reference

STATUTORY & MANDATORY TRAINING POLICY

RESEARCH GOVERNANCE POLICY

Independent Group Advising (NHS Digital) on the Release of Data (IGARD)

Access to Records Procedure under Data Protection Act 1998 Access to Health Records Act 1990

Board Report In Public Meeting Title of Paper Information Governance Annual Report inc. Caldicott Guardian Annual Activity/Assurance Reports Author(s)

RECORDS MANAGEMENT POLICY

Guidance for MRC units on HTA licence applications for storage of human samples for research purposes

Informal Patients to take Leave from Adult Mental Health Inpatient Wards. Standard Operating Procedure

Date 4 th September 2015 Dr Ruth Charlton, Joint Medical Director / Jill Down, Associate Director of Quality Laura Rowe, Compliance Manager

Slips Trips and Falls Policy (Staff and Others)

Version 1.0. Quality, Performance & Finance. Date Ratified 31 st March 2015 Iain Stewart, Head of Direct Commissioning

Safeguarding Annual Assurance Self-assessment Tool. Sheffield Health and Social Care NHS Foundation Trust

This policy sets out the framework of good practice and the principles underpinning this when conducting Clinical Audit

Health and Safety Policy

Access to Health Records Procedure

Securing excellence in IT Services. Operating Model for Community Pharmacies, Appliance Contractors, Dental Practices and Community Optometry

JOB DESCRIPTION. Standards and Compliance. Call Centres - Wakefield, York and South Yorkshire. No management responsibility

SOP 5 PRIVACY and DATA PROTECTION

CLINICAL SERVICES POLICY & PROCEDURE (CSPP No. 25) Clinical Photography Policy in the Pre-Hospital Setting. January 2017

Policy to Manage. Information and Records

Procedure For Training In Use Of Human Tissue Obtained For Research Purposes

Corporate. Research Governance Policy. Document Control Summary

DATA QUALITY STRATEGY IM&T DEPARTMENT

Personal Electronic Devices Acceptable Use Policy

Health & Safety Policy

Fair Processing Strategy

Job Description. CNS Clinical Lead

Central Alerting System (CAS) Policy

Version: 5 Date Issued: 24 October 2017 Review Date: 24 October 2020 Document Type: Policy. Sharps Safety Policy Quick Reference Guide

Prof. Paula Whitty Director of Research, Innovation and Clinical Effectiveness. Author(s) (name and designation) Date ratified January 2015

Health & Safety Policy

JOB DESCRIPTION. Service Manager AMH Inpatient Services. Enhanced CRB with Both Barred List Check

WARD MANAGER. Ward Manager/Specialty Sister

QUALITY COMMITTEE. Terms of Reference

PARLIAMENTARY AND HEALTH SERVICE OMBUDSMAN. Information Sharing Policy Sharing and Publishing information about NHS Complaints. Version 2.

Being Open and Duty of Candour Policy

Information Lifecycle and Records Management Policy

Complaints, Compliments and Concerns (CCC) Policy

COMMISSIONING FOR QUALITY FRAMEWORK

SystmOne COMMUNITY OPERATIONAL GUIDELINES

PORTER S AVENUE DOCTORS SURGERY UPDATE

Clinical Lead. Contract of Employment

Job Description NHS Dumfries and Galloway Occupational Health and Safety Services

Policy No. (HR30) Whistleblowing Policy and Procedure (Raising Concerns at Work)

Procedure for Discharge from Inpatient Units including 48 hour Follow Up. (Wotton Lawn only)

GCP Training for Research Staff. Document Number: 005

CLINICAL GOVERNANCE AND QUALITY COMMITTEE. Final - Terms of Reference - Final

Carers Strategy

Document Title: Training Records. Document Number: SOP 004

Patient Safety, Quality & Risk Committee Terms of Reference

Implied Consent Model and Permission to View

Internal Audit. Health and Safety Governance. November Report Assessment

NHS WOLVERHAMPTON CLINICAL COMMISSIONING GROUP CONSTITUTION

JOB DESCRIPTION DIRECTOR OF SCREENING. Author: Dr Quentin Sandifer, Executive Director of Public Health Services and Medical Director

Burton Hospitals NHS Foundation Trust POLICY DOCUMENT. On: 26 October Review Date: October Department Responsible for Review:

Contract of Employment

Section 132 of the Mental Health Act 1983 Procedure for Informing Detained Patients of their Legal Rights

Did Not Attend (DNA) and Cancellation Policy and Operational Guidelines

Document Title: Informed Consent for Research Studies

Agenda Item: REPORT TO PUBLIC BOARD MEETING 31 May 2012

Deputise and take charge of the given area regularly in the absence of the clinical team leader who has 24 hour accountability and responsibility.

MATERNITY SERVICES RISK MANAGEMENT STRATEGY

Personal Identifiable Information Policy

Improvement Plan in response to recommendations outlined in the Independent Investigation into the Care and Treatment of P 14 June 2017

BUSINESS CONTINUITY MANAGEMENT POLICY

Annual Review of NHS Outreach Library Services in North Staffordshire

Date ratified November Review Date November This Policy supersedes the following document which must now be destroyed:

Clinical Audit Policy

Mortality Policy. Learning from Deaths

Briefing: Quality governance for housing associations

APPROVED CLINICIAN (AC) POLICY FOR MEDICAL STAFF

Job Description. Hours: 37.5 Last updated: April 2015 Worrall House 30 Kingshill Ave Kent ME19 4AE AFC Banding: 4

CREATIVE SOLUTIONS FORUM. Terms of Reference

Child Protection Supervision Policy. Version No:1.3. Review: May 2019

Plan For VIPs and Protected Persons

Safeguarding Children Policy

Incident Management Plan

Healthcare Improvement Scotland (HIS) Improvement Plan for the Review of Significant Adverse Events

QUICK REFERENCE TO CALDICOTT & THE DATA PROTECTION ACT 1998 PRINCIPLES

Replacement. Supersedes: Complaints Procedure ( ) and the Patient Advice and Liaison Service Policy ( )

Research Policy. Date of first issue: Version: 1.0 Date of version issue: 5 th January 2012

POLICY FOR SPONSORSHIP OF ACTIVITIES, JOINT WORKING AND TRAINING AND EDUCATION BY THE PHARMACEUTICAL INDUSTRY WITH

LOCKED DOORS AND DOOR CONTROL POLICY

SABP/INFORMATIONSECURITY- SUMMARY CARE RECORD ACCESS/0003

Data Provision Notice

Performance and Quality Committee

Corporate/General Finance

Management of Audio-visual Records Policy

MHRA Findings Dissemination Joint Office Launch Jan Presented by: Carolyn Maloney UHL R&D Manager

Patient Experience Strategy

Mandatory Training Policy

Working with Information Governance INFORMATION GOVERNANCE REFRESHER TRAINING WORK BOOK

Department. Clinical Coding. Comment / Changes / Approval Initial version published on Tarkanet.

Policy on Sponsorship and Joint Working with the Pharmaceutical Industry and other Commercial Organisations

Transcription:

Framework Policy Folder / Number Folder 3 Version: 1 Ratified by: Policy No. 3.2 Audit Committee Date ratified 5 th March 2013 Name of originator/author: Name of responsible committee/individual: Senior & Security Manager, Staffordshire Commissioning Support Service Audit Committee Date issued: 5 th March 2013 Review date: March 2014 Date of first issue 5 th March 2013 Target audience: All staff, including temporary staff and contractors for NHS Stoke on Trent CCG

CONSULTATION AND RATIFICATION SCHEDULE Name and Title of Individual Senior & Security Manager, Staffordshire Commissioning Support Service Chief Finance, NHS Stoke on Trent Clinical Commissioning Group Date Consulted January 2013 February 2013 Name of Committee Date of Committee NHS Stoke on Trent CCG Audit Committee 5 th March 2013 NHS Stoke on Trent CCG Governing Board 26 th March 2013 VERSION CONTROL Policy Name: Version Valid From Valid To Document Path/Name 1.0 March 2013 March 2014 2

Senior Roles within the CCG Requirement Accountable : Andrew Bartlam, Clinical Accountable Senior Risk Owner: Tony Matthews, Chief Finance Detail The Accountable of the NHS Stoke on Trent Clinical Commissioning Group and has overall accountability and responsibility for in the CCG and is required to provide assurance through the Annual Statement l that all risks to the organisation, including those relating to information, are effectively managed and mitigated. The Senior Risk Owner (SIRO) is an Executive Director of the NHS Stoke on Trent Clinical Commissioning Group Governing Body. The SIRO is expected to understand how the strategic business goals of the Trust may be impacted by information risks. The SIRO will act as an advocate for information risk on the Board and in internal discussions, and will provide written advice to the Accounting on the content of their annual Statement of Internal Control (SIC) in regard to information risk. The SIRO will provide an essential role in ensuring that identified information security threats are followed up and incidents managed. They will also ensure that the Board and the Accountable are kept up to date on all information risk issues. The role will be supported by the Staffordshire Commissioning Support Services Senior and Security Manager, the Senior Records Manager and the Caldicott Guardian, although ownership of the Risk Policy and Risk assessment process will remain with the SIRO. The SIRO will be supported through a network of Asset Owners and Administrators who have been identified and trained throughout the organisation. Caldicott Guardian: Dr Stephen Fawcett, Clinical Director Planned Care The NHS Stoke on Trent Clinical Commissioning Group Caldicott Guardian has particular responsibility for reflecting patients interests regarding the use of patient identifiable information and to ensure that the arrangements for the use and sharing of clinical information comply with the Caldicott principles. The Caldicott Guardian, supported by the Caldicott function, will advise on lawful and ethical processing of information and enable information sharing. They will ensure that confidentiality requirements and issues are represented at Board level and within the NHS Stoke on Trent Clinical Commissioning Group overall governance framework. 3

Organisational Lead: Hayley Jones, Senior & Security Manager (Staffordshire Commissioning Support Service) The key purpose of the role is to ensure the NHS Stoke on Trent Clinical Commissioning Group successfully manages the risks associated with & Security. The post holder will ensure the establishment of corporate standards and a consistent CCG wide approach to & Security and will be responsible for assuring the implementation of a range of policies, processes, monitoring audits and training and awareness mechanisms to ensure a high level of compliance with external assessments including the Toolkit, Care Quality Commission and the NHS Litigation Authority. The Senior and Security Manager will also be responsible for the implementation and ongoing development of the SIRO framework, ensuring that IAOs and IAAs fulfil their duties and promote an information risk management approach when dealing with information assets. Senior IG and Is manager are part of the CSU dedicated research for information governance as detailed below. Senior & Security Manager Primary Care IG Facilitator & Security 1WTE & Records []Key Policies Policies set out the scope and intent of the organisation in relation to the management of. Ratification Schedule: Policy Strategy Risk Assessment and Programme Incidents and SUIs Reporting & Policy Audit Committee Governing Board Policies are communicated to appropriate staff via the membership of the groups at which they are ratified, and through internal communications utilising the CCGs intranet site, staff briefing announcements and the RSM Tennon Policy Acceptance software. All policies are available on the CCGs intranet sites and the shared network drive. 4

Key Bodies A group, or groups, with appropriate authority should have responsibility for the IG agenda. Resources Details of key staff roles Group Dedicated Staff The Audit Committee is responsible for overseeing day to day issues, developing and maintaining policies, standards, procedures and guidance, coordinating and raising awareness of in the CCG. Senior & Security Manager Primary Care IG Facilitator & Security 1WTE & Records Framework Details of how responsibility and accountability for IG is cascaded through the organisation. Asset Owners Asset Administrators Caldicott Leads Dr Stephen Fawcett, Clinical Director Planned Care Asset Owners are senior individuals involved in running the relevant business. The IAOs role is to: - Understand and address risks to the information assets they own ; and - Provide assurance to the SIRO on the security and use of these assets. Asset Owners have been nominated across the whole organisation and have received specialist information risk training to allow them to be effective in their role. The Asset Administrators and will: - Ensure that policies and procedures are followed - Recognise potential or actual security incidents - Consult their IAO on incident management - Ensure that information assets registers are accurate and maintained up to date. Asset Owners have received specialist information risk training to allow them to be effective in their role. The main role of the Caldicott Lead will be to review records prior to release under the following legislation: Data Protection Act 1998 rights of access for living individuals Access to Health Records 1990 rights of access to deceased patient health records Medical Reports Act 1998 rights of access for individuals to have access to reports relating to themselves provided for employment or insurance purposes 5

It is a legal requirement that an appropriate health professional must approve exemptions applied to subject access requests under the Data Protection Act. Therefore the organisation must ensure that any requests for access to health records are reviewed by trained clinicians (Caldicott Leads) prior to release. Caldicott Assistants Dr Ruth Chambers Clinical Director Practice Development & Performance Caldicott Assistants are appointed to support Caldicott Leads in their role. The role of Caldicott Assistant is: To attend Caldicott Assistant training To seek advice and support from the team and Caldicott Lead(s) To adhere to local policies and procedures To obtain appropriate consent and ID before sharing/releasing information To appropriately redact information identified by the Caldicott Lead To issue approved fees notices in accordance with local procedures To share information and maintain confidentiality appropriately at all times To maintain the log (template available within the Data Protection Procedures) of requests and provide statistical information as required To update the Caldicott Issues log with any issues which are escalated to the Caldicott Guardian. Training and Guidance Staff need clear guidelines on expected working practices and on the consequences of failing to follow policies and procedures. The approach to ensuring that all staff receive training appropriate to their roles should be detailed. Confidentiality: Staff Code of Conduct Purpose of the Code: To inform staff of the need and reasons for keeping information confidential To inform staff about what is expected of them To protect the Organisation as an employer and as a user of confidential information This Code has been written to meet the requirements of: The Data Protection Act 1998 The Human Rights Act 1998 The Computer Misuse Act 1990 The Copyright Designs and Patents Act 1988 The NHS Code of Confidentiality 2003 This Code has been produced to protect staff by making them aware of the correct procedures so that they do not inadvertently breach any of these requirements. If the Code is breached then this may result in legal action against the individual and/or Organisation as well as investigation in accordance with the Organisation s disciplinary procedures. The Staff Code of Conduct will be disseminated to all staff working for the CCG and they will be required to acknowledge that they have received and understand the document. In future, any new starters to the organisation will receive a copy of this with their contract. Both should be signed and returned to the HR department and kept on file. 6

Training for all staff All staff with access to a computer will receive basic IG training through the Connecting for Health E-Learning Tool. Progress against this will be monitored by both the Training Department and the Department of Health, ensuring compliance against requirement 9-112 within the IG Toolkit. For those staff that do not have computer access, additional training will be provided in the form of a taught training session, using the Connecting for Health E-Learning slides. Additional workshops will be put on for staff as required following identification of training needs through a TNA. These workshops will focus on the practical elements of the organisations policies and procedures. Security Policy & Procedures The organisations Security Policy and Procedures are central to the information governance agenda. The procedures are disseminated through a variety of media including: Intranet Team Briefings Training Workshops Policy Acceptance Software Due to the nature of the Security Procedures, these can be updated and added to several times within a 12 month period where this is the case the procedures are disseminated again to staff, acknowledging that there has been an update, using the above procedure. Incident Clear guidance on incident management procedures should be documented and staff should be aware of their existence, where to find them, and how to implement them. Training for specialist IG Roles Documented Procedures and Staff Awareness As required specialist IG training will be provided across the organisation for those staff that are given additional responsibility for IG within their areas. Current specialist training includes: Asset Owner Training Asset Administrator Training Security System Workshops Caldicott Lead Training Caldicott Assistant Training Off-site storage (archiving) champion workshops Incident in the CCG is covered in the following organisational policies and Procedures: NHS Stoke on Trent CCG Incident Risk Reporting Policy Security Policy Security Procedures Staff awareness is raised through the following ways: Staff Induction Training (All Staff) Asset Owner Training Asset Administrator Training 7

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback