Information governance ensures necessary safeguards for, and appropriate use of, patient and personal information.
The Information Governance Framework is the means by which the NHS handles information about patients and employees - in particular, personal and sensitive information. It allows individuals and NHS and partner organisations to ensure that personal information is dealt with legally, securely, efficiently and effectively in order to deliver the best possible care.
The Information Governance Framework, which is managed by NHS Connecting for Health, brings together all the requirements, standards and best practice that apply to the handling of personal information to ensure:
- Compliance with the law
- Implementation of Department of Health advice and guidance
- Planned year on year improvement
The Information Commissioners Office (ICO) is the UK's independent public body set up to protect personal information and promote public access to official information.
All public and private organisations are legally obliged to protect anypersonal information they hold. Public authorities are also obliged to provide public access to official information.
The NHS CFH website area for Information Governance provides up to date information for the following key areas of information governance:
- Information Governance Statement of Compliance (IGSoc); the agreement between NHS Connecting for Health and Approved Service Recipients that sets out the information governance policy and terms and conditions for use of NHS Connecting for Health services.
- Information Governance Toolkit; a tool with which organisations can assess their compliance with current legislation, Government directives and other national guidance. The Toolkit covers these areas as a set of six initiatives:
- Information Governance Management
- Confidentiality and Data Protection Assurance
- Confidentiality NHS Code of Practice
- Data Protection Act
- Information Security Assurance
- Information Security Management NHS Code of Practice
- Clinical Information Assurance
- Health Records Management
- Records Management NHS Code of Practice
- Secondary Uses Assurance
- Information Quality
- Payment by Results
- Corporate Information Assurance
- Freedom of Information Act
- Corporate Records Management
- Records Management NHS Code of Practice
- Information Governance Training Tool; a structured eLearning programme with Introductory, Foundation and Practitioner level modules. Introductory materials are designed for all staff members. Foundation materials build upon introductory modules and are relevant to those who process personal information as part of their role. Practitioner materials are primarily aimed for those in Information Governance roles. This tool enables NHS organisations to train all their staff in information governance principles and to ensure their obligations to govern information properly are met.
- The first modules released in May 2008 include:
- Introduction to IG for NHS organisations - Introductory
- Introduction to IG for general practices - Introductory
- Password management - Introductory
- Information security guidelines - Foundation
- Secure transfers of personal data - Foundation
- The role of the Caldicott/IG Lead in general practice – Foundation
- More modules released in February 2009 were:
- Introduction to Information Risk Management for SIROs and IAOs – Introductory
- Information Risk Management – Introductory
- Information Risk Management – Foundation
- 40 hours more eLearning modules are under development and will be released in phases during 2009/10.
- Confidentiality; detailed information on key patient confidentiality topics
- Information Security
- NHS Records Management; including:
- The Records Management Roadmap
- Records Management: NHS Code of Practice
- Training modules (PPT presentations)
- Standards & Guidance: a range of standards to ensure that information is processed securely and with proper regard for its confidentiality, integrity and availability.
- The Information Commissioner's Office -
- The Data Protection Act which gives individuals the right to know what information is held about them, and sets out rules to make sure that this information is handled properly.
- Privacy & Electronic Communication Regulations which set out rules for people who wish to send electronic direct marketing, for example, email and text messages.
- The Freedom of Information Act which gives individuals the right to obtain information held by public authorities unless there are good reasons to keep it confidential.
- Environmental information regulations which give individuals the right to obtain information about the environment held by public authorities, unless there are good reasons to keep it confidential.
The responsibilities of the Information Commissioner's Office cover: