information governance in the uk health market
TRANSCRIPT
Information Governancein the UK’s National
Health Service
Alexander BeisserInformation Governance Consultant
Email: [email protected]: www.beisser.info
2
Introduction
• The idea of this presentation is to give the reader an insight into setting up an Information Governance function in a diverse healthcare environment at times of cost savings, service re-configurations and the need to make efficiency gains.
3
Experience
• The author gained experience in developing the IG agenda for a commissioning organisation, a provider organisation (community based health services) and improving the data protection programme for a district hospital all based in a culturally very diverse area of London, UK.
• He provides confidentiality, data protection, information assurance and audit consulting services across the whole healthcare provider spectrum
4
Organisations involved
Hospitals
MentalHealth Trusts
General Practitioners
Dentists
Pharmacists
Opticians
Ambulance Trusts
Com
mercial
3rd P
arties
Department of Health
National Commissioning
Board
Other Commissioners
Social Care
Voluntary Sector
Clinical Commissioner
Groups
Providers Commissioners
5
Information Governance defined
• Information Governance (IG) is using defined standards to protect the confidentiality of Person Identifiable Data
• Standards are aligned with ISO27001, ISO 9001 and BS 25999
• Best practice guidelines for staff to ensure that data protection is maintained from the point when data is received until it is ultimately destroyed.
• Information Governance is often also known as Information Assurance and supports the secure sharing of medical and other sensitive data
Key concepts are Confidentiality – Integrity – Accuracy
6
Person Identifiable Data
• Data relating to living (or deceased) individuals from which they can be identified (such as Name, Date of Birth, Social Security Number, etc.)
• Sensitive Personal Data relates to an individual where the release could negatively affect the data subject (such as medical and mental health, sexual orientation, criminal convictions etc.)
• Information Governance provides best practice guidelines on keeping this kind of information safe.
7
How to implement Information Governance
• Start with the development of a basic Information Governance Framework (IGF) that includes relevant policies
• Engage with clinicians and assure them that confidentiality is everyone's responsibility and IG will support them in providing safe and efficient care for their patients.
• Involve corporate and shared services from the outset as you require their support in setting up an IG function.
• Keep your stakeholders updated
• Develop IG training tailored for different staff groups
• Setup shared IG function across healthcare organisations (sharing costs and responsibilities)
8
How to measure the success
• IG integrated into business processes (especially around IT systems and projects)
• Number of queries raised by staff, stakeholders and patients (expect to be busy)
• Uptake of training
• Number of IG related incidents (expect them to rise at the start, but they will fall with better education and awareness)
• Responses to education, awareness and communication campaigns
• Completing self assessment to understand your strength and weaknesses
9
Self assessment (I)
• All organisations who (want to) have access to the NHS Network (N3 network) in the UK are required to complete an Information Governance Toolkit (IGT) assessment.
• This is an annual process which is now in its 10th year.
• System is centrally managed by the Department of Health with some administration undertaken locally by IGT Administrator
10
Self assessment (II)
• The assessment is based on the type of organisation
– Hospitals
– General Practitioners
– Other Primary Care providers (dentists, opticians etc.)
– Ambulance Services
– Pharmacies
– Commissioners (PCTs, SHAs, Clinical Commissioning Groups etc.)
– Social Care Providers
– Voluntary Organisations
– Commercial Third Parties / NHS Business Partners
11
Information Governance Management
Comprises of
• Policy Framework
• Contract Management
• Training
• Human Resources procedures and policies
Information Governance Policy Framework
• Data Protection Policy
• Confidentiality Policy
• Information Security Policy
• Email and Internet Policy
• Records Management Policy
• Access to Information Policy
12
Confidentiality and Data Protection Assurance
Includes
• Information Risk Management
• Caldicott and Data Protection Principles
• Data Flow mapping and management
• Information Sharing
• Access to clinical information and HR records
Key staff:
• Senior Information Risk Owner
• Caldicott Guardian
• Data Protection Officer
13
Information Security Assurance
Focuses on
• IT Security
• User and access control management
• Incident Management and mitigating reoccurrences
• IT Asset Management
• De-identification / annonymisation
14
Clinical Information AssuranceCare Records Assurance
Concentrates on
• Use of clinical data
• Patient identifiers
• Data Quality
• Records Management
• Verification of accuracy and integrity
Key staff:
• Records Manager
• Data Quality Team
• Information Analysts and Managers
15
Secondary Use Assurance
• Use of clinical data for non-medical purposes
• Clinical coding
• Billing and reporting on service lines (commissioned clinical services)
• Use of clinical data in research and audit
• Planning of services by commissioners
• Public Health
16
Corporate Information Assurance
Incorporates
• Describing, categorising, recording, management and sharing of corporate data across organisation(s)
• Access to corporate information by public, public and governmental organisations
• Management of electronic corporate information; including audit use of such information
17
Services provided
The author provides the following services
• Development of IG Policy Framework
• Tailored Information Governance, Records Management and Data Quality Training
• Privacy Impact Assessments
• Information Assurance, Audits and Improvement Programmes
• Business continuity and disaster recovery
• Supporting tender projects
• IG Gap Analysis