Information is a vital asset, both in terms of the clinical management of individual patients and the efficient management of services and resources. It plays a key part in clinical governance, service planning and performance management.
It is therefore of paramount importance to ensure information is efficiently managed, and that appropriate policies, procedures and management accountability and structures provide a robust governance framework for information management
The Practice recognises the need for an appropriate balance between openness and confidentiality, both in the management and use of information.
The Practice fully supports the principles of corporate governance and recognises its public accountability, but equally places importance on the confidentiality of, and the security arrangements to safeguard, personal information about patients and staff as well as commercially sensitive information.
The Practice also recognises the need to share patient information with other health organisations and agencies in a controlled manner, consistent with the interests of the patient and, in some circumstances, the public interest.
The Practice believes that accurate, timely and relevant information is essential to deliver the highest quality health care. As such, it is the responsibility of everyone in the Practice to ensure and promote the quality of information and to actively use information in decision-making processes.
There are four key interlinked strands to the Information Governance Policy:
· Legal compliance
· Information security
· Quality assurance
· Non-confidential information about the Practice and its services will be available to the public through a variety of media, in line with the Practice’s code of openness.
· The Practice will establish and maintain policies to ensure compliance with the Freedom of Information Act.
· The Practice will undertake or commission annual assessments and audits of its policies and arrangements for openness.
· Patients will have ready access to information relating to their own health care, their options for treatment and their rights as patients.
· The Practice will have clear procedures and arrangements for liaison with the press and broadcasting media.
· The Practice will have clear procedures and arrangements for handling queries from patients and the public.
· Information will be defined and kept confidential where appropriate, underpinning the principles of Caldicott and the regulations outlined in the Data Protection Act 2018 (which incorporates the EU General Data Protection Regulations).
· Information that is not confidential about the Practice and services will be available to the public through a variety of means, in compliance with the Freedom of Information Act, Code of Conduct for Confidentiality, the Data Protection Act 2018 and Access to Records Policy.
· The Practice regards all person identifiable information, including that relating to patients, as confidential.
· The Practice will undertake or commission annual assessments and audits of its compliance with legal requirements.
· The Practice regards all identifiable personal information relating to staff as confidential, except where national policy on accountability and openness requires otherwise.
· The Practice will establish and maintain policies to ensure compliance with the Data Protection Act, Human Rights Act, common law confidentiality and Confidentiality: NHS Code of Practice.
· The Practice will establish and maintain policies for the controlled and appropriate sharing of patient information with other agencies, taking account of relevant legislation (e.g. Health and Social Care Act, Crime and Disorder Act, Protection of Children Act).
· The Practice will establish and maintain policies for the effective and secure management of its information assets and resources.
· The Practice will undertake or commission annual assessments and audits of its information and IT security arrangements.
· The Practice will establish and maintain standards and policies for the disclosure of information.
· The Practice will promote effective confidentiality and security practice to its staff through policies, procedures and training.
· The Practice will establish and maintain incident reporting procedures and will monitor and investigate all reported instances of actual or potential breaches of confidentiality and security.
Information Quality Assurance
· The Practice will establish and maintain policies and procedures for information quality assurance and the effective management of records.
· The Practice will undertake or commission annual assessments and audits of its information quality and record management arrangements.
· Managers are expected to take ownership of, and seek to improve, the quality of information within their services.
· Wherever possible, information quality should be assured at the point of collection.
· The practice will promote information quality and effective records management through policies, procedures/user manuals and training.
It is the role of (Enter the names of the Senior Partners in the Practice Setup screen) in the Practice to define the Practice’s policy in respect of Information Governance, taking into account legal and NHS requirements.
(Enter the names of the Senior Partners in the Practice Setup screen) is/are also responsible for ensuring that sufficient resources are available to support the requirements of the policy.
Lidia Kostuch-Bush is the designated Information Governance Lead in the Practice and is responsible for:
· Overseeing day-to-day Information Governance issues;
· Developing and maintaining policies, standards, procedures and guidance;
· Coordinating Information Governance in the Practice;
· Raising awareness of Information Governance; and
· Ensuring that there is on-going compliance with the policy and its supporting standards and guidelines.
All staff, whether permanent, temporary or contracted, and contractors are responsible for ensuring that they remain aware of the requirements incumbent upon them for ensuring compliance on a day to day basis.
The Practice acknowledges that information is a valuable asset, therefore, it is wholly in its interest to ensure that the information it holds, in whatever form, is appropriately governed, protecting the interests of all of its stakeholders.
This Policy, and its supporting standards and work instruction, are fully endorsed by the PCT through the production of these documents and their formal approval by the Practice.
The Practice will, therefore, ensure that all staff, contractors and other relevant parties observe this policy, in order to ensure compliance with Information Governance and contribute to the achievement of the Primary Care objectives and delivery of effective healthcare to the local population.