Page 1

06 IG/21/10

Information Governance Policy

Responsible Directorate:

Corporate Services

Responsible Director:

Director of Corporate Services

Date Approved:

March 2010

Committee: Information Governance

NICE GUIDANCE Once NICE guidance is published, health professionals are expected to take it fully into account when exercising their clinical judgment. However, NICE guidance does not override the individual responsibility of health professionals to make appropriate decisions according to the circumstances of the individual patient in consultation with the patient and/or their guardian or carer.

Page 1 of 11

Page 2 of 11

Version Control Current versions of all policies can be found on NHS Kirklees internet and intranet. If printing a document, please check internet/intranet for most up-to-date version. Document Title: Document number: Author: Contributors: Version: Date of Production: Review date: Postholder responsible for revision: Primary Circulation List: Web address: Restrictions:

Information Governance Policy 2.0 Senior Confidentiality IM & T Security Officer Information Governance Group

All Staff None

Standard for Better Health Map Domain: Core Standard Reference: Performance Indicators:

Governance 1. 2. 3.

Page 3 of 11


Section 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15.

Page Introduction Associated Policies and Procedures Aims and Objectives Scope of the Policy Accountability and Responsibilities Implementation of this Policy Equality Impact assessment Training Needs Analysis Monitoring Compliance with this Policy References

Appendices A B C D E F G H

Definitions Key Stakeholders consulted/involved in the development of the policy/procedure Equality Impact Assessment Tool

Page 4 of 11

Policy Statement NHS Kirklees recognises the importance of reliable information, both in terms of clinical management of individual patients and efficient management of services and resources. Information Governance plays a key part in supporting Clinical Governance, service planning and management



Information Governance addresses the demands that law, ethics and policy place upon information processing – holding, obtaining, recording, using and sharing of information. This Policy covers all aspects of information within NHS Kirklees, including (but not limited to): Patient/Client/Service User information Personnel/Staff information Organisational information All aspects of handling information, including (but not limited to): Structured record systems - paper and electronic Transmission of information – fax, e-mail, post and telephone All information systems purchased, developed and managed by/or on behalf of NHS Kirklees


Associated policies & procedures

This policy should be read in accordance with the following Trust policies, procedures and guidance: Confidentiality Policy Records Management Policy Disciplinary Policy 3.

Aims and objectives

Implementation of a robust framework to support information governance gives assurance to NHS Kirklees and to individuals that personal information is dealt with legally, securely, efficiently and effectively, in order to deliver the best possible care. NHS Kirklees will comply with any guidance issued by the Department of Health following on from the Information Governance Assurance Process. NHS Kirklees will establish and maintain policies and Page 5 of 11

procedures to ensure compliance with requirements contained in the Connecting for Health (CfH) Information Governance Toolkit, which defines the standards of best practice. These standards are:Information Governance Management Confidentiality and Data Protection Assurance Information Security Assurance Clinical Information Assurance Secondary Use Assurance Corporate Information Assurance


Scope of the policy

This policy must be followed by all NHS Kirklees employees. It must be followed by all staff who work for NHS Kirklees, including those on temporary or honorary contracts, bank staff and students. Breaches of this policy may lead to disciplinary action being taken against the individual. Independent Contractors are responsible for the development and management of their own procedural documents and for ensuring compliance with relevant legislation and best practice guidelines. Independent Contractors are encouraged to seek advice and support as required 5.

Accountabilities and Responsibilities


The Chief Executive

The Chief Executive of NHS Kirklees is ultimately responsible for ensuring that NHS Kirklees has good Information Governance 5.2

Lead Director

The Director of Corporate Services is the lead for information governance and has been nominated as the Senior Information Risk Owner 5.3

Line Managers

All line managers are responsible for ensuring that their staff are both conversant and aware of this policy 5.4

All NHS Kirklees employed staff

All staff have the responsibility for ensuring they follow this policy, failure to comply with this policy may result in disciplinary action


Implementation of this Policy Page 6 of 11



Openness 

NHS Kirklees recognises the need for an appropriate balance between openness and confidentiality in the management and use of information.

Information will be defined and where appropriate kept confidential, underpinning the principles of Caldicott and legislation as detailed in the Data Protection Act.

Information about NHS Kirklees and the services it provides will be available to the public through the Freedom of Information Act unless an exemption applies

Patients will have access to information relating to their own health care, options for treatment and their rights as patients. There will be clear procedures and arrangements for handling queries from patients and the public.

NHS Kirklees will have clear procedures and arrangements for liaison with the press and broadcasting media.

Integrity of information will be developed, monitored and maintained to ensure that it is appropriate for the purposes intended.

Availability of information for operational purposes will be maintained within set parameters relating to its importance via appropriate procedures and computer system resilience.

Legal Compliance 

NHS Kirklees regards all identifiable personal information relating to patients as confidential and compliance with legal and regulatory framework will be achieved, monitored and maintained.

NHS Kirklees regards all identifiable personal information relating to staff as confidential except where national policy on accountability and openness requires otherwise.

NHS Kirklees will establish and maintain policies and procedures to ensure compliance with the Data Protection Act, Human Rights Act, the common law duty of confidentiality and the Freedom of Information Act.

Awareness and understanding of all staff, with regard to responsibilities, will be routinely assessed and appropriate training and awareness provided.

Page 7 of 11




Risk assessment, in conjunction with overall priority planning of organisational activity will be undertaken to determine appropriate, effective and affordable information governance controls are in place.

Information Security 

NHS Kirklees will establish and maintain policies for the effective and secure management of its information assets and resources.

Audits will be undertaken or commissioned to assess information and IT security arrangements.

NHS Kirklees’s Incident Reporting system will be used to report, monitor and investigate all breaches of confidentiality and security.

Information Quality Assurance 

NHS Kirklees will establish and maintain policies for information quality assurance and the effective management of records.

Audits will be undertaken or commissioned of NHS Kirklees’s quality of data and records management arrangements.

Managers will be expected to take ownership of, and seek to improve, the quality of data within their services.

Wherever possible, information quality will be assured at the point of collection.

NHS Kirklees will promote data quality through policies, procedures/user manual and training.

Equality Impact Assessment

All public bodies have a statutory duty under the Race Relation (Amendment) Act 2000 to “set out arrangements to assess and consult on how their policies and functions impact on race equality.” This obligation has been increased to include equality and human rights with regard to disability age and gender. The Trust aims to design and implement services, policies and measures that meet the diverse needs of our service, population and workforce, ensuring that none are placed at a disadvantage over others. In order to meet these requirements, a single equality impact assessment is used to assess all its policies/guidelines and practices. This Policy was found to be compliant with this philosophy (see appendix C). Page 8 of 11


Training Needs Analysis

In order to ensure that policies, guidelines and protocols are introduced and work effectively, there is a need to provide adequate training and instruction. As a result, the author(s) of this document have carried out a training needs analysis which has identified the staff who require training, the methodology of training delivery and the frequency that the training will be provided. The policy author must ensure that the details of this training is passed to the Training and Education Team and where necessary, this will then be included in the Trust Training Prospectus. 9.

Monitoring Compliance with this policy

An assessment of compliance with requirements, within the Information Governance Toolkit (IGT), will be undertaken each year. Annual reports and proposed work programme will be presented to the Governance Committee for approval prior to submission to CfH. The requirements are grouped into the following initiatives: Information Governance Management Confidentiality and Data Protection Assurance Information Security Assurance Clinical Information Assurance Secondary Use Assurance Corporate Information Assurance



Freedom of Information Act 2000 Data Protection Act 1998 Human Rights Act 1998 Common Law Duty of Confidence


Appendices A. Definitions

B. Key stakeholders consulted/involved in the development of the policy/procedure

Stakeholders name and designation Information Governance Group

Page 9 of 11

Key Participant Yes/No Yes

Feedback requested Yes/No Yes

Feedback accepted Yes/No Yes

C. Equality Impact Assessment Tool To be completed and attached to any procedural document when submitted to the appropriate committee for consideration and approval. Insert Name of Policy / Procedure Yes/No 1.

Does the policy/guidance affect one group less or more favourably than another on the basis of: Race Ethnic origins (including gypsies and travellers) Nationality Gender Culture Religion or belief Sexual orientation including lesbian, gay and bisexual people Age Disability - learning disabilities, physical disability, sensory impairment and mental health problems


Is there any evidence that some groups are affected differently?


If you have identified potential discrimination, are any exceptions valid, legal and/or justifiable?


Is the impact of the policy/guidance likely to be negative? Page 10 of 11


Insert Name of Policy / Procedure Yes/No 5.

If so can the impact be avoided?


What alternatives are there to achieving the policy/guidance without the impact?


Can we reduce the impact by taking different action?


If you have identified a potential discriminatory impact of this procedural document, please refer it to [insert name of appropriate person], together with any suggestions as to the action required to avoid/reduce this impact. For advice in respect of answering the above questions, please contact [insert name of appropriate person and contact details].

Page 11 of 11