information governance strategy 2016 - 2019 information... · ig03 information governance strategy...

Information

Governance

Strategy

2016 - 2019

2/18 IG03 Information Governance Strategy 2016/2019

Version 2

Applies to All Staff

Committee for Approval Quality and Governance Committee

Date of Approval July 2016

Review Date July 2019

Name of Originator/Author Head of Governance and Patient Safety

Information Governance Manager

Version V2


Version 2

Contents

Section Page

Foreword

1 Trust Vision and Values 4

2 Wirral Community NHS Foundation Trust Strategic Objectives

5

3 Wirral Community NHS Foundation Trust Board’s Commitment to Information Governance

6

4 Aims and Objectives for 2016 - 2019 6

Review and Amendment Log

Version Number

Type of Change

Date Description of Change

1 New Developed to outline the trust’s priorities in relation to the Trust’s commitment to Information Governance

2 Edits April 2016 Amendments to roles and responsibilities and updates to reflect current legislation and guidelines.


Version 2

1. Foreword

The availability of reliable information is an essential element in the delivery of appropriate and effective healthcare. It is used in the:

Management of individual patient/client care

Effective management of services and resource

Monitoring of the organisation’s performance

Day to day running of the Trust

It is, therefore, of paramount importance, to ensure that information is efficiently managed and that appropriate policies, procedures and management accountability and structures provide a robust governance framework for information management, so as to assure and demonstrate the proactive use of information as determined by legislative acts, statute and best practice. Wirral Community NHS Foundation Trust’s Information Governance Strategy describes the information governance framework that enables the organisation to: Establish good practice around the handling of information Promote a culture of awareness and improvement Comply with legislation and other mandatory standards To carry out this process, formal structures are required which enable the organisation to identify, assess, control and minimise risks attached to Information Governance Management. The Information Governance Strategy identifies how the Wirral Community NHS Foundation Trust will ensure clear and effective management and accountability structures, governance processes, documented policies and procedures, trained staff and adequate recourses for information governance. Karen Howell Chief Executive 2. Trust Vision and Values The trust vision is to be the outstanding provider of high quality, integrated community care to Wirral and the communities we serve. Our values show what we stand for, believe in and are passionate about:

Health is our passion, with patients at the heart of everything we do

Exceptional care as standard

Actively supporting each other to do our jobs

Responsive, professional and innovative


Version 2

Trusted to deliver 3. Wirral Community NHS Foundation Trust Strategic Objectives Our Patients and Community: Putting our patients and communities at the centre

We will deliver safe and effective patient care.

We will deliver a positive experience of our services.

We will engage effectively with the patients and communities we serve.

Reducing inequalities will be integral to all service development and delivery. Our Services: Leading, developing and delivering high quality services

We will effectively manage and develop our relationships with our current and new commissioners and stakeholders.

We will defend and grow our core business.

We will lead the delivery of out of hospital integrated care.

We will deliver to expectations of our commissioners and demonstrate quality and value.

Our People: Valuing the individual, the team and the organisation

We will further develop and maintain a competent, caring and flexible workforce.

We will develop leadership at every level of the organisation.

We will continuously develop the organisation and its governance framework. Our Sustainability: Supporting sustainable delivery

We will optimise the use of our resources.

Our support and infrastructure services will operate to enhance the delivery of our services and secure future sustainability.

We will develop our information and business intelligence to make informed decisions about what we do.

We will effectively manage our finances and fully deliver our efficiency programmes.

We will deliver transformation supported by innovation and research.


Version 2

4. Wirral Community NHS Trust Board’s Commitment to Information Governance. The Information Governance Strategy cannot be seen in isolation, as information plays a key part in corporate governance, strategic risk, clinical governance, service planning, informatics, performance and business management. The Information Governance Strategy is, therefore, closely linked with other strategies to ensure integration with all aspects of the trust’s business activities. Information Governance should, therefore, be viewed in the overall context of governance within the trust as a vital component of both planning and providing healthcare. This Strategy sets out the approach taken by the Trust Board to provide a robust Information Governance framework for the current and future management of information.

5. Aims and Objectives for 2016 - 2018 The trust aims to achieve a standard of excellence in information governance by ensuring that information is dealt with legally, securely, efficiently and effectively in the course of trust business, in order to support high quality patient care. All information processing will be undertaken in accordance with relevant legislation and best practice. The trust will set policies and procedures in place to ensure that appropriate standards are defined, implemented and maintained.

The Trust aims to minimise the risks arising from information handling processes, these are:

Legal action due to noncompliance with statutory and regulatory requirements.

Loss of public confidence in the Trust.

Contribution to clinical or corporate negligence.

Damage or stress to an individual. The trust aims to provide support to its staff to be consistent in the way they handle personal information and to avoid duplication of effort. This will lead to improvements in:

Information handling activities.

Patient confidence in the NHS and the Trust.

Staff training and development.


Version 2

INFORMATION GOVERNANCE FRAMEWORK

SENIOR ROLES RESPONSIBILITIES

The Trust Board

Ensuring that responsibilities for the management and co-ordination of Information Governance within their spheres of control are clear. Ensuring the ratification of Information Governance policies and procedures takes place through the appropriate structures. Identifying and allocating the required resources to implement the Information Governance Strategy. Ensuring that the Business Planning process takes into account Information Governance issues which are fed into the performance management process for regular review. Ensuring that appropriate Information Governance safeguards and information sharing agreements are in place in respect of any joint working with partner organisations. Ensuring probity and scrutiny of Information Governance management functions.

Chief Executive Overall accountability for Information Governance management within Wirral Community NHS Trust.

Senior Information Risk Owner (SIRO) Ensuring the organisations information risk policy is implemented throughout the organisation. Lead and implement the information governance risk assessment and advise the Board on the effectiveness of risk management across the organisation. As the organisations Data Controller determines the purposes and the manner for


Version 2

which any personal data is processed. Review each requirement in the Information Governance Toolkit (IGT) and confirm that the requirement is complete and the uploaded evidence meets the attainment levels within each requirement as part of the annual assessment process.

Caldicott Guardian Protecting the confidentiality of patient and service user information Enable appropriate information sharing in the organisation Ensure best practice for using and sharing identifiable personal information is applied whenever a disclosure of personal information is being considered. Acting as the “Conscience” of the Organisation.

KEY GOVERNANCE BODIES RESPONSIBILITIES

Information Governance Group (reporting to the Quality and Governance Committee)

This group ensures the effective management of Wirral Community NHS Trust’s Information Governance processes. The group will provide information and assurance to the Quality and Governance Committee regarding how risks are being managed within the organisation and on a monthly basis will review the IG events and incidents which have occurred in the organisation and review any IG risks on the Divisional risk registers which score 12 or more on the organisations risk scoring matrix. Any new risk, which scores 15 or above on the organisational risk scoring matrix and which after considering the available risk control and resources the group believe may impact on the organisation’s strategic objectives will be escalated to the Quality and Governance Committee in the form of a risk escalation report. The group also provides guidance around complex information governance risk and


Version 2

makes recommendations for Committee assurance.

Quality and Governance Committee

(Q&G)

The Q&G Committee oversees, with delegated responsibility from the Board all aspects of IG. The Quality, Patient Experience & Risk Group (QPER) monitors operational performance and reports to Quality and Governance Committee.

The Committee is also responsible for the approval of General polices and procedures including Information Governance policies and procedures and receives minutes and Information Governance Group.

The Quality and Governance Committee will provide quarterly assurance to the Board that the management and accountability arrangements for IG in the organisation are adequate.

KEY TRUST POLICIES NOTES

Information Governance Policy

Caldicott and Data Protection Policy

Information Lifecycle Policy

FOI Policy

Corporate Records Policy

RESOURCES RESPONSIBILITIES

Information Governance Lead Developing, implementing and monitoring the organisation’s Information Governance Strategy and Policy. Coordinating the Information Governance work programme, ensuring effective management, accountability, compliance and assurance for all aspects of information governance.


Version 2

Developing and maintaining comprehensive and appropriate documentation that demonstrates commitment to and ownership of IG responsibilities. Ensuring that there is top level awareness and support for IG resourcing and implementation of improvements. Providing direction in formulating, establishing and promoting IG policies. Co-ordinate the activities of staff given IG responsibilities and progress initiatives. Ensure annual assessments and audits of IG policies and arrangements are carried out, documented and reported. Ensuring that the annual assessment and improvement plans are prepared for approval by the senior level of management, e.g. the Board or senior management team, in a timely manner. Ensuring that the approach to information handling is communicated to all staff and made available to the public. Ensuring that appropriate training is made available to staff and completed as necessary to support their duties. Liaising with other committees, working groups and programme boards in order to promote and integrate IG standards. Providing a focal point for the resolution and/or discussion of IG issues.


Version 2

Health Records Manager Ensuring that the organisation has a process in place for dealing with access requests and providing guidance for staff on subject access requests. Ensuring that the organisation has a process in place for dealing with requests for access to records and providing guidance for staff on the process. Ensuring that the organisation has a Health Records Policy Ensuring that the organisation has a process in place for Records Management Assurance. Ensuring that the organisation has a process in place for dealing with Missing Clinical Records and providing training and guidance for staff on the policy through the Essential Learning programmes for clinical and non clinical staff. The investigation process for incidents which relate to health records and ensuring that any learning is shared and implemented within the organisation.

Data Protection /Privacy officer Developing, implementing and monitoring the organisation’s Information Governance Confidentiality and Data Protection Policy. The investigation process for Data breaches from outside the organisation and ensuring that any learning is shared and implemented within the organisation. Developing Information sharing agreements with other organisations which promote and ensure that best practice for using and sharing identifiable personal information is applied whenever a disclosure of personal information is being considered.

The investigation process for Electronic Staff Record (ESR) summary care records breaches and ensuring that any learning is shared and implemented within the organisation.


Version 2

Developing, implementing and monitoring the organisation’s Confidentiality Policy. Developing, implementing and monitoring the organisation’s Data Protection Policy.

Freedom of Information Officer Processing Freedom of Information requests

Developing and implementing the Freedom of Information Policy Developing and maintaining the Freedom of Information database

Head of Informatics Maintaining a database of the organisation’s Information assets The organisation’s information technology systems Developing and implementing the Policy for the Identification and assessment of new processes and systems. Developing, implementing and monitoring the organisation’s Information Lifecycle Management Policy (records management and information quality).

Head of HR, Workforce Planning and Resources

Ensuring that the contracts of employment for all staff employed by Wirral Community NHS Trust include reference to confidentiality and compliance with the Information Governance Policy of the Trust. To provide an overview of Information Governance responsibilities through the Trust’s On-Boarding Programme

Registration Authority Manager Responsibility for implementing quality standards in relation to Registration Authority processes and reporting systems undertaken through monitoring and audit of the organisation’s Registration Authority Processes as detailed in the Registration Authority Policy.

Information Security Manager Developing, implementing and monitoring the organisation’s Information Governance Security Policy, the organisation’s information security assessment and management programme


Version 2

The Internal audit process for the information security assessment and management programme The organisations information security assessment and management programme Business Continuity plans

Head of Communications and Marketing

Ensuring the public are able to access communications materials on use of information

Ensuring the staff can access communications materials on use of information

Trust Board Secretary Developing, implementing and monitoring the organisation’s Information Governance Corporate Governance Policy

Implementing, maintaining and auditing the Corporate Records system

Head of Governance and Patient Safety

The Clinical Record Keeping procedures

An annual Clinical Record Keeping Audit

Providing Clinical Record Keeping Training through the Patient Safety and Human Factors training programme

Information Lead Responsibility for assuring that mechanisms are in place for assessing the validity, quality and timeliness of data entered into the Trust’s core clinical systems. Data collected should conform to national data definitions where they exist and locally agreed standards and values when not specifically covered by national guidance. Tools to support data assurance should include data quality and completeness reports, benchmarking and audit.


Version 2

Information Governance Toolkit Requirement Owners

To work proactively throughout the year on developing effective IG processes for their identified requirement on the IGT. To update the IG group on a monthly basis of progress with their identified requirement on the IGT and to raise any risks to completing their Requirement by the end of year assessment in a timely way so those risks can be managed To upload/review the evidence that demonstrates compliance with at least level 2 in their identified requirement on the IGT on the each year prior to the self assessment at the end of March each year To address any areas identified in the annual IG improvement plan for their identified requirement on the IGT To mark each “Requirement as Complete” they are responsible for prior to the self assessment at the end of March each year

Divisional Managers The Information Assets within their Division

The Business Continuity Planning relating to IG for their Divisions

Ensuring that IG Policies and Procedures are implemented and that appropriate risk management processes for IG are in place within their designated areas and scope of responsibility. In situations where significant risks have been identified and where control measures are considered to be potentially inadequate, Divisional Managers are responsible for bringing these risks to the attention of the relevant Director/senior manager

Implementing a local system for managing and reviewing IG risks through the Divisional Quality, performance and business meetings and reporting on progress with IG risks which score under 12 on the risk matrix and are managed in their Divisional level risk register at the IPG.


Version 2

Escalating risks which score 12 and above on the risk matrix through the IPG.

Carrying out assessment of IG risks in relation to matters of probity and compliance, which serve to populate Wirral Community NHS Trust’s risk register

Ensuring that staff have suitable and sufficient information, instruction, training and supervision to perform their duties in accordance with the organisation’s IG policies and standards Should this be ICCH managers and specialist service managers

Monitoring compliance with their own standards and implementation of the organisation’s procedures

Taking appropriate action in the event of significant errors or deviations to accepted practices

Ensuring their business plans take account of IG risk management issues, which will be monitored through the performance review process.

Information Asset Owners (IAO) An IAO will be responsible for an information asset in terms of, identifying risks associated with the information asset; managing and operating the asset in compliance with policies and standards and ensuring controls manage all risks appropriately. The role is flexible and will undoubtedly be performed in addition to existing duties and for some responsibilities may be shared between many individuals.

Information Asset Administrators (IAA) IAA’s work on a day to day basis with information contained in an information asset (see definition above) They have day to day responsibility, ensure that policies and procedures are followed by staff and recognise actual or potential security incidents, and consult their IAO on incident management The IAAs are senior individuals are usually head of department or with ultimate


Version 2

responsibility for the information asset.

Service Leads Ensuring effective communication and distribution of all policies and guidelines to staff

Employees All Trust employees and anyone else working for the organisation (eg. Agency staff, honorary contracts, management consultants etc) who use and has access to trust information must understand their personal responsibilities for information governance and comply with UK Law. All staff must comply with trust policies, procedures and guidance and attend relevant education and training events in relation to IG.

TRAINING AND GUIDANCE NOTES

All staff sign as having read and understood the Code of Conduct. All staff must undertake mandatory IG E learning annually inline with the requirement in the IG Toolkit. Training for specialist staff is available through the HSCIC e learning site.

INCIDENT MANAGEMENT NOTES

All staff must be aware of the timescales for reporting incidents using the trust on-line incident reporting system, Datix.


Version 2

Equality Impact Assessment During the development of this strategy the trust has considered the needs of each protected characteristic, as outlined in the Equality Act (2010), with the aim of minimising and if possible removing any disproportionate impact on patients for each of the protected characteristics, age, disability, gender, gender reassignment, pregnancy and matern i ty, race, re l ig ion or bel ief , sexual or ienta t ion. If staff become aware of any clinical evidence of exclusion impacting on the delivery of care, a trust incident form must be completed and an appropriate action plan developed. Delivery and Monitoring The implementation of the IG strategy, policy and work programme will ensure that information is more effectively managed in the Trust. Each year the policy will be reviewed and a revised work programme developed against the IG Toolkit attainment levels and scores, thus identifying the key areas for a programme of continuous improvement. Cross references with key trust documents The Information Governance Strategy cannot work in isolation developed a range of strategies to outline its strategic objectives and vision for the future, these include:

Quality Strategy

Risk Strategy

Engagement and Experience Strategy

Research and Innovation Strategy

Equality and Diversity Strategy

Human Resources Strategy

Concerns and Complaints Policy

Incident Reporting Policy

Being Open Policy

Safeguarding Policies This list of documents is not exhaustive; documents should be accessed via the trust’s staff zone to ensure they are the most up-to-date version.


Version 2

Consultation

Staff Council Communication Team Directors

Quality and Governance Committee

Quality and Governance Team

Non Executives

Director of Quality and Nursing

Medical Director

Strategic Review

This strategy will be reviewed annually by the Information Governance Group and the Quality and Governance Committee.

information governance strategy 2016 - 2019 information... · ig03 information governance strategy...

Documents