Information governance, or IG, relates to ensuring appropriate security and safeguards are in place when dealing with personal and patient information. This can be in relation to anything from patient scan results, birth certificates or personnel data such as home addresses; and applies to all information held within an organisation or transferred out of or into an organisation,for example in the form of patient referrals or consultation notes. In order to demonstrate that healthcare providers are meeting the appropriate IG standards, NHS Connecting for Health requires all healthcare providers, both within the NHS and Independent, to demonstrate robust policies and practices by declaring compliance against their Information Governance standards.
The way in which healthcare providers make their declaration of compliance is via the completion of an online assessment form known as the IG Toolkit. This self assessment needs to be carried out annually before the end of each financial year. In addition to completing the online form, providers are required to attach certain pieces of supporting documentation, such as a security policy, to evidence the level of compliance that they are declaring. Furthermore, as part of their review and audit process, NHS Connecting for Health can request any item of evidence they wish to support the healthcare provider's compliance declaration. This means that healthcare providers must have all of the required evidence and documentation in place prior to submitting their online compliance form.
The information governance requirements and standards vary depending on the type of organisation and the services that they deliver, for example whether it is an acute trust, a pharmacy or a commercial third party. There is a maximum of 21 Information Governance standards which cover a variety of areas including; Confidentiality and Data Protection Assurance, Clinical Information Assurance and Corporate Information Assurance. The type of evidence required for each includes:
- IT specific policies
- Logs on Caldicott breaches, security breaches, etc
- Registers; such as a Risk Register
- Job Descriptions for individuals who have responsibility for IG as part of their role
- Structure charts to demonstrate how instances of Information Governance risks are communicated throughout an organisation
- Minutes from meetings, or planned meeting frameworks for meetings that have not yet taken place (that relate to information Governance Standards, such as Caldicott, Risk, Security, etc)
- Patient-facing information that explains to patients how their personal information is used
- Staff-facing documentation to provide training on Information Governance issues
- Details of contracts with third party suppliers, demonstrating that Information Governance is thought about when contracts are written and signed.
No comments:
Post a Comment