Information Governance

Information is a vital asset, both in terms of the clinical management of individual patients and the efficient management of services and resources. It plays a key part in clinical governance, service planning and performance management.

It is therefore of paramount importance to ensure that information is efficiently managed, and that appropriate policies, procedures and management accountability provide a robust governance framework for information management.

The implementation information governance is designed to improve the service to patients and ensure their safety and well-being. It applies to all members of the clinical team supported by ancillary and attached staff.

The Practice recognises the need for an appropriate balance between openness and confidentiality in the management and use of information. The Practice fully supports the principles of corporate governance and recognises its public accountability, but equally places importance on the confidentiality of, and the security arrangements to safeguard, both personal information about patients and staff and commercially sensitive information. The Practice also recognises the need to share patient information with other health organisations and other agencies in a controlled manner consistent with the interests of the patient and, in some circumstances, the public interest. The practice also recognises, and works within the computer misuse act.

Computer Misuse Act
The computer misuse act 1990 established three prosecutable offences against unauthorised access to any software or data held on any computer. The offences are:
• Unauthorised access to computer material
• Unauthorised access with intent to commit or facilitate the commission of further offences
• Unauthorised modification of computer material

The Practice believes that accurate, timely and relevant information is essential to deliver the highest quality health care. As such it is the responsibility of all clinicians and managers to ensure and promote the quality of information and to actively use information in decision making processes.

There are 4 key interlinked strands to the information governance policy:

• Openness
• Legal compliance
• Information security
• Quality assurance

• Non-confidential information on the Practice and its services should be available to the public through a variety of media, in line with the Practice’s code of openness
• The Practice will establish and maintain policies to ensure compliance with the Freedom of Information Act
• The Practice will undertake or commission annual assessments and audits of its policies and arrangements for openness
• Patients should have ready access to information relating to their own health care, their options for treatment and their rights as patients
• The Practice will have clear procedures and arrangements for liaison with the press and broadcasting media
• The Practice will have clear procedures and arrangements for handling queries from patients and the public

Legal Compliance
• The Practice regards all identifiable personal information relating to patients as confidential
• The Practice will undertake or commission annual assessments and audits of its compliance with legal requirements
• The Practice regards all identifiable personal information relating to staff as confidential except where national policy on accountability and openness requires otherwise
• The Practice will establish and maintain policies to ensure compliance with the Data Protection Act, Human Rights Act and the common law confidentiality
• The Practice will establish and maintain policies for the controlled and appropriate sharing of patient information with other agencies, taking account of relevant legislation (e.g. Health and Social Care Act, Crime and Disorder Act, Protection of Children Act)

Information Security
• The Practice will establish and maintain policies for the effective and secure management of its information assets and resources
• The Practice will undertake or commission annual assessments and audits of its information and IT security arrangements
• The Practice will promote effective confidentiality and security practice to its staff through policies, procedures and training
• The Practice will establish and maintain incident reporting procedures and will monitor and investigate all reported instances of actual or potential breaches of confidentiality and security

• Use your Smartcard responsibly and in line with your access rights.
• Inform the Practice Manager immediately should your Smartcard be lost, stolen or misplaced.
• Ensure that you report any misuse of the Smartcards
• Ensure that you keep your Smartcard and log-in details confidential. In particular you must not leave your PC logged in and you must not share or provide access to your Smartcards or passwords.
• Ensure that you accurately complete the necessary paperwork, provides suitable identification and attends any appropriate appointments in order to register on the system or have your Smartcard updated/re-issued.
• All members of staff using Smartcards should follow the organisation’s suite of Information Governance policies and procedures; adhere to the Data Protection and Caldicott Principles, and the Confidentiality Code of Practice and the Care Records Guarantee.

Information Quality Assurance
• The Practice will establish and maintain policies and procedures for information quality assurance and the effective management of records
• The Practice will undertake or commission annual assessments and audits of its information quality and records management arrangements
• Managers are expected to take ownership of, and seek to improve, the quality of information within their services
• Wherever possible, information quality should be assured at the point of collection
• Data standards will be set through clear and consistent definition of data items, in accordance with national standards.
• The Practice will promote information quality and effective records management through policies, procedures/user manuals and training

Patient involvement: We will seek patient participation and provide patients with the mechanism to feedback and suggest.

Clinical Audit: We will undertake regular clinical audits, record the results, and plan improvements to patient benefit. We will also undertake audit of administrative procedures to ensure that they are working effectively.

Evidence-based medical treatment: We will maintain an up to date knowledge of current developments and research and assess these against established and proven methods of working. We will share expertise and opinion within the practice and between clinicians to promote learning and discussion.

Staff and staff management: We will encourage team working across the practice, establish a “no-blame” learning culture, and provide an open and equal working relationship with colleagues. We will seek to work to an “Investor in People” standard and support training, development, devolution of control and empowerment.

Information and its use: We will make full use of information both electronic and paper-based in clinical and non-clinical decision making. We will share best practices with others both inside and outside the practice. We will seek to improve data quality and encourage patients to participate in their own clinical treatment, their records, and decisions which affect them.

Risk control: We will operate a free system of Significant Event Reporting to encourage review, feedback and learning from incidents in an open and no-blame culture. All significant events will be discussed and documented within the forum of a clinical review / policy meeting.

Continuing Professional Development (CPD): We will ensure CPD via full participation in appraisal, revalidation, attendance at training events, and the organisation of regular in-house clinical seminars from specialist consultants. All development activity will be documented as part of individual learning portfolios. Non-clinical staff will be encouraged to attend events related to their own specialism or professional development needs, and it is not intended that this will be cash-limited.

Patient experience: We will discuss feedback received from patients and publicise both suggestions and the practice response. Where individuals are identifies they will receive a personal response. We will view the practice from the patient perspective (in particular from formal patient survey results) and actively seek to implement feasible and beneficial ideas.

Dr Ian Wear and Laura Hodgkinson are the Clinical Governance leads for the practice. They are responsible for –

• Promotion of quality care within the practice
• Provide clinical governance leadership and advice
• Keeping up to date with research and governance recommendations, and communicating these accordingly
• To act as an expert resource and advisor in the examination and review of significant events
• To initiate and review clinical audits
• To oversee the management of the key Policy provisions above

Calidcott Guardian: Laura Hodgkinson
Data Protection Officer: Laura Hodgkinson