Information Governance Policy

Summary

Information is a vital asset. It plays a key part in governance, service planning and performance management.

It is therefore of paramount importance to ensure that information is efficiently managed, and that appropriate policies, procedures and management accountability and structures provide a robust governance framework for information management.

Principles

Trusted Technology recognises the need for an appropriate balance between openness and confidentiality in the management and use of information. Trusted Technology fully supports the principles of information, and places importance on the confidentiality of, and the security arrangements to safeguard, both personal information about NHS patients and staff and any other commercially sensitive information.

Trusted Technology believes that accurate, timely and relevant information is essential to deliver the highest quality service. As such it is the responsibility of all staff to ensure and promote the quality of information and to actively use information in decision making processes.

There are 4 key interlinked strands to the information governance policy:

  • Openness

  • Legal compliance

  • Information security

  • Quality assurance

Openess

  • Trusted Technology will undertake or commission annual assessments and audits of its policies and arrangements for openness

  • Trusted Technology will have clear procedures and arrangements for handling queries from customers and the public

Legal Compliance

  • Trusted Technology regards all identifiable personal information relating to NHS patients as confidential

  • Trusted Technology will undertake or commission annual assessments and audits of its compliance with legal requirements

  • Trusted Technology regards all identifiable personal information relating to staff as confidential

  • Trusted Technology will establish and maintain policies to ensure compliance with the Data Protection Act, Human Rights Act and the common law confidentiality

Information Security

  • Trusted Technology will establish and maintain policies for the effective and secure management of its information assets and resources

  • Trusted Technology will undertake or commission annual assessments and audits of its information and IT security arrangements

  • Trusted Technology will promote effective confidentiality and security practice to its staff through policies, procedures and training

  • Trusted Technology will establish and maintain incident reporting procedures and will monitor and investigate all reported instances of actual or potential breaches of confidentiality and security

Information Quality Assurance

  • Trusted Technology will establish and maintain policies and procedures for information quality assurance and the effective management of records

  • Trusted Technology will undertake or commission annual assessments and audits of its information quality and records management arrangements

  • Managers are expected to take ownership of, and seek to improve, the quality of information within their services

  • Wherever possible, information quality should be assured at the point of collection

  • Data standards will be set through clear and consistent definition of data items, in accordance with national standards

  • Trusted Technology will promote information quality and effective records management through policies, procedures/user manuals and training

Responsibilities

  • It is the role of Trusted Technology Board to define Trusted Technology policy in respect of Information Governance, taking into account legal and NHS requirements.

  • The Board is also responsible for ensuring that sufficient resources are provided to support the requirements of the policy.

  • The Board is responsible for overseeing day to day Information Governance issues; developing and maintaining policies, standards, procedures and guidance, coordinating Information Governance in Trusted Technology and raising awareness of Information Governance.

  • Managers within Trusted Technology are responsible for ensuring that the policy and its supporting standards and guidelines are built into local processes and that there is on-going compliance.

  • All staff, whether permanent, temporary or contracted, and contractors are responsible for ensuring that they are aware of the requirements incumbent upon them and for ensuring that they comply with these on a day to day basis.

Policy Approval

Trusted Technology acknowledges that information is a valuable asset, therefore it is wholly in its interest to ensure that the information it holds, in whatever form, is appropriately governed, protecting the interests of all of its stakeholders.

This policy, and its supporting standards and work instruction, are fully endorsed by the Board through the production of these documents and their minuted approval.

I trust that all staff, contractors and other relevant parties will, therefore, ensure that these are observed in order that we may contribute to the achievement of the company objectives and the delivery of effective services to our customers.

Scope

The staff, physical security, IT systems, applications and all Patient Identifiable Information (PII) held or accessed at the Head Office location.