Information Governance Policy
Information is a vital asset. It plays a key part in governance, service planning and performance management.
It is therefore of paramount importance to ensure that information is efficiently managed, and that appropriate policies, procedures and management accountability and structures provide a robust governance framework for information management.
Healthcare Computing recognises the need for an appropriate balance between openness and confidentiality in the management and use of information. Healthcare Computing fully supports the principles of information, and places importance on the confidentiality of, and the security arrangements to safeguard, both personal information about NHS patients and staff and any other commercially sensitive information.
Healthcare Computing believes that accurate, timely and relevant information is essential to deliver the highest quality service. As such it is the responsibility of all staff to ensure and promote the quality of information and to actively use information in decision making processes.
There are 4 key interlinked strands to the information governance policy:
- Legal compliance
- Information security
- Quality assurance
- Healthcare Computing will undertake or commission annual assessments and audits of its policies and arrangements for openness
- Healthcare Computing will have clear procedures and arrangements for handling queries from customers and the public
- Healthcare Computing regards all identifiable personal information relating to NHS patients as confidential
- Healthcare Computing will undertake or commission annual assessments and audits of its compliance with legal requirements
- Healthcare Computing regards all identifiable personal information relating to staff as confidential
- Healthcare Computing will establish and maintain policies to ensure compliance with the Data Protection Act, Human Rights Act and the common law confidentiality
- Healthcare Computing will establish and maintain policies for the effective and secure management of its information assets and resources
- Healthcare Computing will undertake or commission annual assessments and audits of its information and IT security arrangements
- Healthcare Computing will promote effective confidentiality and security practice to its staff through policies, procedures and training
- Healthcare Computing will establish and maintain incident reporting procedures and will monitor and investigate all reported instances of actual or potential breaches of confidentiality and security
Information Quality Assurance
- Healthcare Computing will establish and maintain policies and procedures for information quality assurance and the effective management of records
- Healthcare Computing will undertake or commission annual assessments and audits of its information quality and records management arrangements
- Managers are expected to take ownership of, and seek to improve, the quality of information within their services
- Wherever possible, information quality should be assured at the point of collection
- Data standards will be set through clear and consistent definition of data items, in accordance with national standards
- Healthcare Computing will promote information quality and effective records management through policies, procedures/user manuals and training
- It is the role of Healthcare Computing Board to define Healthcare Computing policy in respect of Information Governance, taking into account legal and NHS requirements.
- The Board is also responsible for ensuring that sufficient resources are provided to support the requirements of the policy.
- The Board is responsible for overseeing day to day Information Governance issues; developing and maintaining policies, standards, procedures and guidance, coordinating Information Governance in Healthcare Computing and raising awareness of Information Governance.
- Managers within Healthcare Computing are responsible for ensuring that the policy and its supporting standards and guidelines are built into local processes and that there is on-going compliance.
- All staff, whether permanent, temporary or contracted, and contractors are responsible for ensuring that they are aware of the requirements incumbent upon them and for ensuring that they comply with these on a day to day basis.
Healthcare Computing acknowledges that information is a valuable asset, therefore it is wholly in its interest to ensure that the information it holds, in whatever form, is appropriately governed, protecting the interests of all of its stakeholders.
This policy, and its supporting standards and work instruction, are fully endorsed by the Board through the production of these documents and their minuted approval.
I trust that all staff, contractors and other relevant parties will, therefore, ensure that these are observed in order that we may contribute to the achievement of the company objectives and the delivery of effective services to our customers.
The staff, physical security, IT systems, applications and all Patient Identifiable Information (PII) held or accessed at the Head Office location.