Information Governance

1. Introduction

Information Governance was introduced as an NHS initiative in 2003/2004. This policy outlines the approach adopted by PCL to ensure a robust framework for the current and future management of information activities within its interactions and service environment. 

Information Governance is the framework for handling information in a confidential and secure manner to the appropriate ethical and quality standards in a modern health service. It brings together in a single framework the interdependent requirements and standards of practice including:

General Data Protection Regulation
Confidentiality Code of Practice
Freedom of Information
Health Records
Information Quality Assurance
Information Security – BS7799
Information Governance Management
PCL recognises the importance of reliable information, both in terms of healthcare governance of individual patients and the efficient management of services and resources. Information governance plays a key part in supporting healthcare governance, service planning and performance management.

It is, therefore, important to ensure that information is effectively managed, and that appropriate policies, procedures and management accountability and structures provide a robust governance framework for information management.

There is a comprehensive range of policies to support the information governance area and reference must be made to these alongside this policy. 

Legal and professional guidance should also be considered where appropriate.

2. Scope

This Policy covers all aspects of holding, obtaining, recording, using, sharing and disposing of information within PCL, including (but not limited to):

Patient/client/service user information

Personnel information

Organisational information

This Policy covers all information systems purchased, developed and managed by/or on behalf of PCL and any individual directly employed or otherwise by PCL.

The Information Governance Policy cannot be seen in isolation as information plays a fundamental part in corporate governance, strategic risk management, clinical governance, service planning, performance management, business management and public health.

Fundamental to the success of delivering the Information Governance Policy is developing an Information Governance culture within PCL and ensuring providers understand their responsibilities . Awareness and training needs to be provided to all staff within PCL who utilise information in their day-to-day work to promote this culture. 

3. Principles

PCL recognises the need for an appropriate balance between openness and confidentiality in the management and use of information.
PCL fully supports the principles of corporate governance and recognises its public accountability, but equally places importance on the confidentiality of, and the security arrangements to safeguard, both personal information about patients, staff and commercially sensitive information.
PCL also recognises the need to share patient information with other health organisations and other agencies in a controlled manner consistent with the interests of the patient and, in some circumstances, the public interest.
PCL will ensure that the patient information shared will not be used to discriminate against anyone on the basis of their ethnicity, gender, disability, age, sexual orientation and religion or belief. On request this Policy will be provided in a different language or format as required.
PCL has identified that accurate, timely and relevant information is essential to deliver the highest quality healthcare. As such it is the responsibility of all staff to ensure and promote the quality of information and to actively use information in decision-making processes.
Information on different equality groups needs to be collected and analysed to inform healthcare governance, service planning and performance management.
There are 4 key interlinked strands to the information governance policy:
– Openness – Maintaining policies to ensure compliance
– Legal compliance – Ensure we comply with the law
– Information security – Protect and secure IT assets
– Quality assurance – Commission annual audits and spot checks

4. Responsibilities

4.1 The Board

It is the role of the Board to define policy in respect of Information Governance, taking into account legal and NHS requirements. The Board is also responsible for ensuring that enough resources are provided to support the requirements of the policy.

4.2 Executive Management

The Chief Executive has overall responsibility for maintaining an acceptable level of corporate governance, however responsibility for PCL Information Governance is tasked to the Caldicott Guardian, Dr Aruna Garcea. 

4.3 Information Governance Lead and Data Protection Officer (DPO)

The Information Governance Lead and DPO is responsible for overseeing day-to-day Information Governance issues; developing and maintaining policies, standards, procedures and guidance, coordinating Information Governance within PCL and raising awareness of Information Governance. It is also his responsibility for ensuring the evaluation, monitoring and review of the Policy.

4.4 All staff employed directly by PCL

All staff, whether permanent, temporary or contracted, and contractors are responsible for ensuring that they are aware of the requirements incumbent upon them and for ensuring that they comply with these on a day to day basis. 

5. Training/Awareness

All staff as part of their induction, will be briefed on Information Governance. 

Annual information governance training will be mandatory for all staff to complete. 

Additional training will be provided at the request of an individual wanting personal development or arranged at the discretion of a manager.

PCL will use the website, intranet, email and other such documents to advise staff of training opportunities, to increase awareness and to advise of new or amended policies, procedures and guidelines relating to information governance

6. Legislation applying to Information Governance

The main laws include, but are not limited to, the following:

Common Law Duty of Confidentiality 
Data Protection Act 2018
The Data Protection Order 2000
Human Rights Act 1998
Freedom of Information Act 2000
The Re-use of Public Sector Information regulations 2005
The National Health Service Act 2006
Access to Health Records Act 1990 (where not superseded by the Data Protection Act)
Computer Misuse Act 1990 (amended in 2005)
Copyright, designs and patents Act 1988 (as amended by the Copyright Computer programs regulations 1992)
Crime and Disorder Act 1998
Electronic Communications Act 2000
Regulation of Investigatory Powers Act 2000
Civil Contingency Act 2004
Race Relations Amendment Act (RRAA) 2000
Disability Discrimination Act (DDA) 2005