Sample. Information Governance. Copyright Notice. This booklet remains the intellectual property of Redcrier Publications L td

Similar documents
sample Coping with Aggression in the Workplace Copyright Notice This booklet remains the intellectual property of Redcrier Publications L td

sample Fire Safety and Awareness Copyright Notice This booklet remains the intellectual property of Redcrier Publications L td

sample Pressure Sores Prevention & Awareness Copyright Notice This booklet remains the intellectual property of Redcrier Publications L td

STEP BY STEP SCHOOL. Data Protection Policy and Privacy Notice

Lawful basis for processing personal and special category data guidance

Fundamental Standards - Duty of Candour. Shaun Marten Inspector June 2015

About us. What we do and how we do it. About us What we do and how we do it 1

The Code Standards of conduct, performance and ethics for chiropractors. Effective from 30 June 2016

Summary Privacy Notice

Enforcement (if provider is not meeting the regulation)

Research Code of Practice

The NHS Constitution

Data Protection Privacy Notice

Standard Operating Procedures (SOP) Research and Development Office

High level guidance to support a shared view of quality in general practice

Deputise and take charge of the given area regularly in the absence of the clinical team leader who has 24 hour accountability and responsibility.

Draft Code of Practice FOR PUBLIC CONSULTATION

FAMILY MEMBERS % STAFF % PROFESSIONALS % TOTAL %

Action required: To agree the process by which Governors will meet with the inspection team.

NHS GP practices and GP out-of-hours services

Your Rights and Responsibilities

Privacy Policy - Australian Privacy Principles (APPs)

(NAME OF HOME) 2.1 This policy is based on the Six Principles of Safeguarding that underpin all our safeguarding work within our service.

Crest Healthcare Limited - 10 Oak Tree Lane

Adult social care: hospice services

Contract of Employment

Clinical Lead. Contract of Employment

Personal Identifiable Information Policy

Your guide to the CQC Fundamental Standards

POLICY STATEMENT PRIVACY POLICY

Your Guide to the proposed NHS Constitution

AUSTRALIAN RESUSCITATION COUNCIL PRIVACY STATEMENT

JOB DESCRIPTION. As specified in the job advertisement and the Contract of. Lead Practice Teacher & Clinical Team Leader

NHS and independent ambulance services

Safeguarding Adults Policy March 2015

ADVOCATES CODE OF PRACTICE

Code of Guidance for Private Practice for Consultants and Speciality Doctors

Appendix A: CQC Fundamental Standards - Overview of each regulation

Rainbow Trust Children's Charity 6

QUICK REFERENCE TO CALDICOTT & THE DATA PROTECTION ACT 1998 PRINCIPLES

GDPR readiness at efinancialcareers. Our Responsibilities and the General Data Protection Regulation

DOCUMENT CONTROL Title: Use of Mobile Phones and Tablets (by services users & visitors in clinical areas) Policy. Version: Reference Number: CL062

Standards for pharmacy professionals. May 2017

How CQC monitors, inspects and regulates adult social care services

DATA PROTECTION POLICY

Home Group. Home Group Limited. Overall rating for this service. Inspection report. Ratings. Good

I SBN Crown copyright Astron B31267

NHS Constitution summary of rights and responsibilities

CLINICAL AND CARE GOVERNANCE STRATEGY

Standard Specification

Responsive, Flexible & Sensitive Domiciliary Care. Service User Handbook

Nightingales Home Care

CLINICAL SERVICES POLICY & PROCEDURE (CSPP No. 25) Clinical Photography Policy in the Pre-Hospital Setting. January 2017

We are the regulator: Our job is to check whether hospitals, care homes and care services are meeting essential standards.

A Case Review Process for NHS Trusts and Foundation Trusts

Quality Assurance Framework Adults Services. Framework. Version: 1.2 Effective from: August 2016 Review date: June 2017

The EU GDPR: Implications for U.S. Universities and Academic Medical Centers

National Standards for the Conduct of Reviews of Patient Safety Incidents

Pendennis House. Pendennis House Ltd. Overall rating for this service. Inspection report. Ratings. Good

Code of Ethics and Professional Conduct for NAMA Professional Members

Regulation 5: Fit and proper persons: directors

We are the regulator: Our job is to check whether hospitals, care homes and care services are meeting essential standards.

Clover Independent Living

GPs as data controllers under the General Data Protection Regulation

We are the regulator: Our job is to check whether hospitals, care homes and care services are meeting essential standards.

Good medical practice

SOP 5 PRIVACY and DATA PROTECTION

Standards for Registered Pharmacies

!!!!!!!!!!!!!!!!!!!!!!!!!!! For Physician Assistant Practitioners in Australia !!!!!!!!!!!!!!!!!! !!! Effective from September 2011 Version 1

The Trainee Doctor. Foundation and specialty, including GP training

BOURNEMOUTH AND POOLE SAFEGUARDING ADULTS BOARD

THE ADULT SOCIAL CARE COMPLAINTS POLICY

We are the regulator: Our job is to check whether hospitals, care homes and care services are meeting essential standards.

NHS England Complaints Policy

Job Description & Person Specification Job Title:

Maidstone Home Care Limited

Decision-making and mental capacity

CODE OF CONDUCT POLICY

Consultation on initial education and training standards for pharmacy technicians. December 2016

ACC Privacy Policy. Policy Statement. Objective. Scope. Policy system. Policy standards. Collection

Your guide to the National Standards for Safer Better Maternity Services

Complaints, Compliments and Concerns (CCC) Policy

Counselling Policy. 1. Introduction

RQIA Provider Guidance Day Care Settings

We are the regulator: Our job is to check whether hospitals, care homes and care services are meeting essential standards.

The Code. Professional standards of practice and behaviour for nurses and midwives

RQIA Provider Guidance Nursing Homes

NHS Constitution The NHS belongs to the people. This Constitution principles values rights pledges responsibilities

Application for Recognition or Expansion of Recognition

Rights and Responsibilities. A guide for patients, carers and families

Standards conduct, accountability

DATA PROTECTION POLICY

NHS CONSTITUTION (MARCH 2013) RIGHTS AND PLEDGES TO PATIENTS AND THE PUBLIC

We are the regulator: Our job is to check whether hospitals, care homes and care services are meeting essential standards.

Standards of Practice for Optometrists and Dispensing Opticians

Summary guide: Safeguarding Adults: Pan Lancashire and Cumbria Multi Agency Policy and Procedures. For partner agencies staff and volunteers

6Cs in social care - mapped to the Care Certificate

Harrow All Practice Meeting 16 September New CQC inspection process: How to prepare for a successful outcome

Fair Processing Notice or Privacy Notice

CODE OF CONDUCT POLICY

Transcription:

First name: Surname: Company: Date: Information Governance Please complete the above, in the blocks provided, as clearly as possible. Completing the details in full will ensure that your certificate bears the correct spelling and date. The date should be the day you finish & must be written in the DD/MM/YYYY format. Copyright Notice This booklet remains the intellectual property of Redcrier Publications L td The material featured in this document is subject to Redcrier Publications L td copyright protection unless otherwise indicated; any breach of this may result in legal action.any other proposed use of Redcrier Publications L td material will be subject to a copyright licence available from Redcrier Publications L td.the information enclosed is not to be used, leased or lent to any one intending to use its contents for training purposes, neither is it to be stored on any retrieval systems for use at a later date. V10.1217.03 Redcrier Publications Limited 2017

Contents Index. Page 2 Learning outcomes. Page 3 Fundamental standards. Pages 3-4 Introduction. Page 5 Unit One. Pages 6-10 What is information governance? Unit One Exercises. Pages 6 / 10 Unit Two. Pages 11-14 Agreed ways of working and recording information. Unit Two Exercise. Page 11 / 12 / 14 Unit Three. Pages 15-19 Confidentiality. Unit Three Exercises. Pages 16 / 19 Unit Four. Pages 20-23 Security of information. Unit Four Exercise. Page 21 Conclusion. Page 23 Appendix Data security standards. Pages 24 / 25 Preparing for GDPR. Page 26 N.B: We are aware that official practice is to use the terms service users or people using this service to describe those receiving care. We prefer the term client and use it throughout our training package. Key: worksheet example important 2

Learning outcomes. Understand the need for agreed ways of working. Identify relevant legislation. Understand confidentiality and when to share information. Recognise data protection principles. Identify the need for clear recording. Know how to report concerns about the recording storage and sharing of information. Fundamental standards. The fundamental standards are the standards by which CQC will inspect social care. The standards are based on the regulations from the Care Act 2014 and CQC have changed the focus for the purposes of inspection. The fundamental standards are those standards that no care setting must fall below. The standards are based on five areas as follows: Safe. Effective. Caring. Responsive. Well led. People are protected from abuse and avoidable harm. People s care, treatment and support show quality of life and promote good outcomes, and providers should show evidence to prove it. Care should be person centred involving dignity and respect, and compassion. Following correct working procedures as agreed by your workplace and as set out in the client s care plan. Management leadership and governance should ensure all of the above happens. Staff training should be recognised and openness and fairness be apparent. These areas are known as key lines of enquiry or KLOES. Each KLOE has a set of criteria which CQC use to check whether the fundamental standards are being met. 3

The fundamental standards are as follows: Person centred care. Dignity and respect. Need for consent. Safe care and treatment. Safeguarding service users from abuse. Meeting nutritional needs. Cleanliness, safety and suitability of premises and equipment. Receiving and acting on complaints. Good governance. Staffing. Duty of candour. Ensuring that those receiving the care are at the centre of all decisions. Providing the client with dignity and respect in all aspects of their care. Asking the client s permission before carrying out tasks that affect them. Following correct working procedures as agreed by your workplace and the client s care plan. Following agreed working and safeguarding procedures and being aware of signs and symptoms. Being aware of dietary needs, working with the care plan, ensuring clients have the right equipment and conditions to eat. Carrying out required checks of premises and equipment, implementing cleaning rotas and carrying out safety checks. Having a complaints policy and procedure in place that is accessible to all and act in accordance with the policy when dealing with complaints. Ensuring that all aspects of the workplace is overseen and policies and procedures are implemented and monitored regularly. Fit and proper persons employed. Fit and proper person requirement for Directors is followed. Relevant information must be volunteered to all persons who have or may have been harmed by the provision of services, whether or not the information has been requested and whether or not a complaint or a report about that provision has been made. Our Redcrier manuals will provide your staff with training to support attainment of the fundamental standards. 4

Introduction. Handling information is a big part of your role, it is also a big responsibility as much of the information will be confidential. We now have more ways to communicate than ever before including social media and mobile devices such as mobile phones and laptops. Although this makes it easier to share things with many people quickly, it also means that there is more chance of information being sent to the wrong people by mistake. Breaches of confidentiality are very serious in any workplace, so it is important that you know what your workplace policies are regarding storage, use, disposal and sharing of information. This manual will help you to understand relevant legislation, such as Data Protection including GDPR (General Data Protection Regulation) and the Protection of Freedom Act. It will also look at confidentiality and sharing information as well as the need to ensure records are clear and up to date. If you are completing the care certificate, the information in this manual will help you with your knowledge and understanding. 5

What is information governance? Unit One Information governance is a term used to describe the systems and processes in the storing, handling and use and sharing of personal information held on an individual. Data controllers (those responsible for the holding of personal data and information) have a statutory duty to ensure that it is held secure, is relevant and used for the purpose for which it is being held. Information Governance applies to both data and information. Data is about factual statements and numbers, so for instance it may be the number of clients who your workplace supports. Information is the interpretation or representation of data, for instance the detail about those clients such as who they are, information about them and how they use your service. There are generally two types of information. Personal information This can be things such as name, address etc. Confidential personal information, this is more detailed Information such as might be in a care plan or medical record. Information governance links data protection with the Caldicott principles, information security and information confidentiality. In the care sector, information governance ensures safeguards and appropriate use of personal information. Every client that uses your workplace should feel secure in knowing that their personal and confidential information is protected. They should also feel that those providing their care are using their information appropriately and only when necessary. Make a list of the types of information your workplace needs to keep in order to provide a quality care service. 6

There are a number of pieces of legislation that have relevance to your workplace and impact on information Governance. They are as follows: The Health and Social Care Act 2008 (Regulated Activities) Regulations 2014. This Act sets out the fundamental standards that all health and social care providers must meet to satisfy Care Quality Commission registration criteria. To meet appropriate standards in your workplace you should have the following in place: Adequate training for all staff. Policies and procedures / agreed ways of working. Appropriate recording systems. Relevant risk assessments. Good communication with other services providing care to your clients. Regulation 17 of this Act states: The registered person should be able to assess, monitor and improve the quality and safety of the services they provide. Assess monitor and avoid or reduce any risks to the health and safety of those using the service. Maintain an accurate and up to date record of each person using the service and keep it securely. Maintain records of those carrying out the regulated activities. The Care Act 2014. The Care Act aims to build on good practice in the Health and Social Care Act as well as embedding new reforms to provide clearer and fairer care and support to those who need it. The Care Act provides for a more person centred approach in social care as well as putting a greater focus on prevention and wellbeing. The principle of wellbeing underpins the Act and should be considered in all decision making for individuals. A duty of candour has been placed on all providers ensuring they are open and honest in all of their dealings with their clients including how they will use any personal or confidential information. 7

The Care Act aims to put people firmly in control of their own care and support and producing plans for their care. This will help to improve independence and wellbeing and ensure all aspects of a person s life are supported. Local authorities will also need to ensure there are a wide variety of care provisions and services and that information, advice and advocacy are available as needed.ensuring that information collected throughout all of these processes is accurate, used and stored and shared appropriately is key to the health and wellbeing of all involved. Protection of Freedoms Act. As well as providing guidance for creating a multi agency approach to safeguarding which should be referred to when creating policies and procedures for safeguarding, this Act also gives people the right to ask for information from public authorities and puts a duty on public authorities to publish certain information about their activities. Public authorities such as government departments, NHS, Health and Safety executive etc. Local Guidance Documents. All local authorities have been given the brief to co-ordinate agencies to work together to safeguard adults and children. This will involve the necessity to share information at times Data Protection Act 1998. This Act controls how our personal information is used by organisations, businesses or the government. Everyone who uses data must follow a set of principles to ensure safe handling, use and storage. This prevents information from falling into the wrong hands which could increase the likelihood of abuse. The data protection act has 8 principles to guide us when using other peoples information. The principles are: Personal data shall be processed fairly and lawfully and shall not be processed unless at least one of the following conditions have been met: The person has given consent. There is a contract in place with the person. It is part of the process required to enter into a contract. It is necessary for the vital interests of the person e.g. Administration of justice. 1a. Sensitive personal data shall be processed fairly and lawfully and shall not be processed unless at least one of the following conditions have been met. 8

Person has given explicit consent. It is necessary to protect the persons vital interests even though they are unable to give consent: 1. Used for limited specifically stated purpose. 2. Used in a way that is adequate, relevant and not excessive. 3. Accurate. 4. Kept for no longer than is absolutely necessary. 5. Handled according to peoples data protection rights. 6. Kept safe and secure. 7. Not transferred outside of the European economic area without adequate protection. General Data Protection Regulations (GDPR). On 25th May 2018 GDPR will come into force and build on The Data Protection Act 1998 One of the main aims is to give citizens and residents back control of their personal data GDPR will affect all businesses in some way. It will ultimately apply to large businesses but will also apply to small businesses under 250 employees, if the processing carried out is likely to result in a risk to the rights and freedom of data subjects, the processing is not occasional, or the processing includes special categories of data as defined in GDPR Article 9. Article 9. Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a person s sex life or sexual orientation shall be prohibited unless you have consent from the person in question or it is for employment purposes. How personal data is kept, used, stored and shared will need to be transparent. This means that when personal data is collected, the individual needs to know the purpose it is being used for, how you will keep it safe and who you will share it with if it is applicable. The right to be forgotten. As well as having a duty to let people know what we are going to do with the information we have about them, we also need to be aware that under GDPR, customers can withdraw their consent to us keeping information, this is known as the right to be forgotten. This cannot be honoured whilst they are in a legal contract or there is a legal obligation that their information is 9

retained, such as to comply with official authority, needed in defence of a legal claim or if it is in the public interest, such as for health purposes, research or archiving purposes. Subject Access Requests. Under Data protection, individuals have the right to ask to see any personal information that is held on them. The organisation holding the information must enable this to happen, unless they have justification not to. If the information held is not up to date, they may be in breach of data protection. The information must be in a recognised format. Breaches of GDPR can result in fines and / or claims being pursued by the individual. Leaving the EU will not affect the introduction of GDPR as the government have said they will use the basis of these regulations to prepare our own regulations after Brexit. A client has given consent to your workplace holding information on them, what do they need to know in return? 10

Preparing for GDPR. Although it may not be your responsibility to implement the General Data Protection Regulations into your workplace, it is useful to understand what the changes mean as you will have a role in protecting your clients information on a daily basis. Your employer will need to ensure that all people in your organisation are aware of the changes and how it affects them and a Data controller should be identified to monitor the GDPR process. The type of personal data kept, where it comes from and who your workplace shares it with, will need to be identified All privacy notices on documents, systems and website should be reviewed and updated to ensure they identify how the personal data collected will be used and how people can opt in and opt out. All current procedures should be reviewed to ensure individuals rights are not being breached, this may include looking at how data is stored, used and deleted and ensuring electronic data is in a commonly used format to meet subject access requests. A procedure should be in place for investigating data breaches. Subject access requests procedure should be updated with the timescales for providing information as follows. Requests must be met within 28 days from receipt of the request. If it is a complex request it can be extended to up to 3 months provided the requester has been notified with an explanation within the 28 days. You may ask the person to be specific about the information required. In most cases the information must be provided free of charge. Ensuring your basis for processing personal data is lawful. In the case of your staff and residents, Contractual necessity is likely to be your lawful basis. Personal data may be processed on the basis that it is necessary in order to enter into a contract with the data subject. There should be clarity on what information is required in order to maintain the service you are offering them and make it clear in the setup of their account that it is a requirement of the service contract and be able to justify the information required. Some of the everyday information collected will be done on a consenting basis. Although providing a care plan may be part of the contract, it will be expected that the care plan will be prepared where possible with the client or their representative and they will be consenting to what goes into it. Keeping data for under 18 s requires parent / guardian consent. 26

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback