document title… · cntw(o)14 cumbria northumberland, tyne and wear nhs foundation trust cntw(o)14...

Document Title Limiting Access and Patient Electronic Health Records

Reference Number CNTW(O)14

Lead Officer Medical Director

Author(s)

(Name and designation)

Angela Faill – Head of Information Governance and Medico Legal.

Claire Aberdeen –Deputy Head Customer Operations Informatics

Ratified by Business Delivery Group

Date ratified Sep 2018

Implementation date Sep 2018

Date of full implementation

Sep 2018

Review date Sep 2021

Version number V04.1

Review and Amendment Log

Version Type of change

Date Description of Change

V04 Update Sep 18 Review

V04.1 Review Oct 19 Governance changes

This policy supersedes which must now be destroyed:-

Reference Number Title

CNTW(0)14 –V04 Limited Access and Patient Electronic Health Records

Limiting Access and Patient Electronic Records

Section Contents Page No

1 Introduction 1

2 Purpose 2

3 Policy Scope 2

4 Duties and Responsibilities 3

5 Information Sharing 4

6 Creation of a Limiting Access Record 7

7 NHS Number 11

8 Identification of Stakeholders 12

9 Definition of Terms Used 12

10 Equality and Diversity 12

11 Training 12

12 Implementation 12

13 Monitoring Compliance 13

14 Fair Blame 13

15 Associated Documentation 13

16 References 13

Standard Appendices – attached to policy

Appendix A Equality and Diversity Impact Assessment Form 14

Appendix B Training and Communication Checklist and Needs Analysis

16

Appendix C Audit and Monitoring Tool 18

Appendix D Policy Notification Record Sheet - click here

https://www.cntw.nhs.uk/about/policies/appendix-d-policy-notification-record-sheet/

CNTW(O)14

Cumbria Northumberland, Tyne and Wear NHS Foundation Trust CNTW(O)14 – Limiting Access and patient electronic records (RiO) – V04.1 Oct 19

1

1. Introduction

1.1 Service users have rights and protection granted to them by:-

Common law duty of confidences

The Data Protection Act 2018

The Human Rights Act 1998

Professional obligations

Contract of Employment

DoH Confidentiality Code of Practice

CNTW(O)29 - Confidentiality Policy

CNTW(C)20 - Care Coordination and Care Programme Approach

Process

CNTW(C)48 - Care Coordination (including CPA (Care Programme

Approach)) within Children and Young Peoples Services

1.2 However, Health Care Professionals owe a Duty of Care to provide appropriate and timely treatment to service users. This requires comprehensive, accurate and accessible records.

1.3 Service users entrust us with, or allow us to gather, sensitive information relating to their health and other matters as part of their seeking care and treatment. They do so in confidence and they have the legitimate expectation that staff will respect their privacy and act appropriately.

1.4 One consequence of this is that information which can identify individual service users, must not be used or disclosed for purposes other than healthcare without the individual’s consent, some other legal basis, or where the public interest in sharing information is greater than the public interest in maintaining confidentiality.

1.5 It is a key responsibility of all staff to ensure that service users understand that information needs to be shared between members of Care Teams and between different organisations involved in healthcare provision. Care Co-ordination/CPA provides a framework to enable this including the recording of consent to share information.

1.6 Electronic health records are designed to facilitate the sharing of service user’s information easily and accessibly between those professionals involved in the service user’s care. The information stored will vary depending on the length and type of contact the service user has had with Cumbria Northumberland, Tyne and Wear NHS Foundation Trust (the Trust/CNTW). As with any record, the electronic health record should only be accessed by staff that have a genuine need to do so in the context of the individual service user’s care.

CNTW(O)14


2

2. Purpose

2.1 The Trust recognises that there are some service users for whom they have a duty to take additional steps to ensure confidentiality due to the individual also being a Trust employee or the individual’s demographic details being highly recognisable. These will be referred to as Limiting Access Records.

2.2 All electronic health record users have agreed to abide by the requirements of the legislation and policy detailed in section 1.1. For electronic health record users this is done when signing into the system. The use of the electronic health records is supported by a comprehensive Audit Trail which is monitored on a regular basis by Informatics. Any erroneous or suspicious access will be reported by Informatics to the appropriate Manager and the Caldicott Guardian.

2.3 Additionally Limiting Access Records created will be communicated by Informatics to the Caldicott Guardian on a monthly basis who will ensure ongoing audit by members of the Caldicott and Health Informatics Group, to gain assurance that standards are being adhered to.

2.4 This policy sets out a pragmatic guide to assist clinicians in addressing issues related to service users for whom confidentiality of electronic records may be a concern and also those for whom providing additional levels of confidentiality is appropriate, i.e. the creation of Limiting Access Records. These procedures should apply to all those referred to or receiving services from the Trust where any record will be held on the electronic health records system.

3. Policy Scope 3.1 This policy is applicable to all users of electronic health records including

personnel of the Informatics Department of the Trust and agreed users, including those with read only access within Partner agencies.

3.2 It is strictly forbidden for any users of electronic health records to access an

individual's record unless for a legitimate reason, i.e. provision of healthcare and treatment. Electronic health record users must not look at any information relating to themselves, their own family, friends, acquaintances, colleagues or because they recognise a name.

3.3 Access to electronic health records is monitored and inappropriate access may

result in legal action and/or disciplinary action. 3.4 Students who are on placement in the Trust will have access to electronic

health records if required by the nature of their placement and under the supervision of their placement supervisor. They will be required to complete the same documentation as other patient electronic record users and to abide by the requirements of this policy including the legislation and policy detailed in Section 1.1. Any breach of confidentiality will lead to an immediate termination of the placement and the reason being shared with their course tutor It may also lead to legal action.

CNTW(O)14


3

3.5 Temporary staff, whether clinical or administrative, will have access to electronic health records if required by the nature of their temporary employment. They will be required to complete the same documentation as other patient electronic record users and to abide by the requirements of this policy including the legislation and policy detailed in section 1.1. Any breach of confidentiality will lead to an immediate termination of their temporary contract. It may also lead to prosecution under UK law.

4. Duties and Responsibilities

4.1 The Chief Executive on behalf of the Trust retains ultimate accountability for the health, safety and welfare of all service users, carers, staff and visitors; however key tasks and responsibilities will be delegated to individuals in accordance with the content of this policy.

4.2 The Caldicott Guardian is the Trusts’ Medical Director and is responsible for protecting the confidentiality of service user information and enabling appropriate information sharing. This includes the confidentiality of service user information held in the electronic health records.

4.3 The Caldicott Guardian retains ultimate accountability for decision making for any Caldicott issues, and in particular for those that may have a major impact on the organisation.

4.4 The Senior Information Risk Owner (SIRO) is the Trust’s Executive Director of Commissioning and Quality Assurance and is responsible for identifying and managing information risks to the organisation. This includes oversight of the information security incidents and responses.

4.5 The SIRO is supported in their role by information asset owners who have assigned responsibility for the Trust information assets. This is the Trusts Executive Director of Nursing and Chief Operating Officer in respect of electronic health records. The corporate governance arrangements relevant to this policy are shown in the diagram below:-

Board of Directors

CNTW Quality and Performance Committee

CNTW Trust wide Caldicott and Health Informatics Group

Local Care Group Triumvirate

CNTW(O)14


4

4.6 All staff, whether clinical, administrative or managers, have a responsibility to

maintain confidentiality and to only access records that they have a genuine need to, in the context of service user’s care. It is strictly forbidden for staff to access an individual's record whether paper or electronic without a legitimate reason, i.e. provision of healthcare and treatment.

4.7 Individuals must not look at any information relating to their own family, friends, acquaintances or because they recognise a name.

4.8 Individuals who are employed by the Trust and who are also service users must not access their own electronic health record or ask others to do so. If an individual wants to access their own health records they should follow the practice guidance note with the Trust’s policy CNTW(O)09 – Records Management, - RM-PGN-05 – Access to Records in accordance with General Data Protection Regulations.

4.9 Informatics is responsible for ensuring that there is a comprehensive Audit Trail functionality on RiO Monitoring Policy.

4.10 Care Coordinators/Lead Professionals and others in the Clinical Team providing care and treatment are able to see who has accessed their service users electronic health record through the audit trail function on the service users case record. They also share responsibility for monitoring access to all records including Limiting Access Records. If a Care Coordinator/Lead Professional and others in the Clinical Team providing care and treatment identifies that a record may have been accessed inappropriately they should report this to their line manager as soon as possible and follow the guidance in Section 7.

4.11 Managers receiving a report from Caldicott Support, with support from HR, will

be responsible for initiating the appropriate action in response. This may be disciplinary action which may include action due to gross misconduct and/or legal proceedings.

5. Information Sharing 5.1 All service users should be made aware that their information is shared with

other professionals and agencies with which they have contact. This should ideally be discussed during the service user’s first assessment or as soon as possible and revisited as part of the care planning process. These discussions should be recorded by the completion of the Care Coordination Consent to Share Information documentation.

5.2 The clinician who undertakes the discussion with the service user about

information sharing at assessment is responsible for ensuring that the consent screen is completed appropriately and the setting of the consent indicator on the case record screen.

5.3 The clinician who undertakes the discussion with the service user about

information sharing during care planning is responsible for ensuring that the

CNTW(O)14


5

consent screen is updated appropriately and the setting of the consent indicator on the case record screen if required.

5.4 Service users should also be offered a copy of the leaflet “Information that

Cumbria Northumberland Tyne and Wear NHS Foundation Trust keeps about you”.

5.5 Some service users may not have the capacity to consent, or be able to

understand the implications of sharing information either at assessment or care planning, or both. If concerns about the service user’s capacity to consent arise for adults a decision will be made by the “decision maker” following an assessment of capacity with clear reference to the Mental Capacity Act best interest checklist.

5.6 Assessment of capacity should involve discussion with relevant members of any

Multi-Disciplinary Team, carers and/or advocates 5.7 Where a service user does not have capacity to make the decision about

sharing of information, the assessment of capacity and if required the best interest decision in relation to sharing, information can be recorded in a progress note. Good practice is to begin this entry with the phase “Capacity assessment regarding sharing information”. The relevant tick box on the paper form should also be completed.

5.8 The outcome of this best interest decision should inform the setting of the

consent status button on the case record screen of the electronic health record and the consent status set due to best interest decision box should also be “ticked”.

5.9 It is good practice to use the free text box to identify the progress note where

the best interest determination has been recorded. 5.10 If a child/young person does not have the capacity to understand the process

and requirements of consent even with the support of parents or carers, then consent to share information should be discussed and agreed with parents or others with parental responsibility.

5.11 Under the Children Act 1989, any child of 16 or over is presumed to be mentally

competent to give their own consent to medical treatment. This means that children of 16 or over should also be presumed competent to give their own consent to information sharing.

5.12 Under the Fraser Guidelines (formerly commonly known as Gillick Competence)

children under the age of 16 may also be competent to give their own consent to the sharing of information about themselves between different agencies provided they are sufficiently mature to understand the implications of information sharing, including the implications of not doing so in terms of the possible impact on the quality of service provision. This is a judgment to be made by the professionals involved with the child.

CNTW(O)14


6

5.13 If a child is competent (either because they are 16 or over or because they are under 16 and competent under the Fraser guidelines) to give their own consent, that consent should be sought from them. If however they are assessed as not yet competent to give informed consent, the consent should be sought from a person who has parental responsibility for the child. Mothers automatically have parental responsibility. A married couple who have children together both automatically have parental responsibility. Parental responsibility continues after divorce.

5.14 Where the parents are not married, the unmarried father has parental

responsibility if:-

His name is registered on the birth certificate - this is the case for births registered after 1 December 2003. Fathers can re-register if their names have not been placed on the birth certificate before this date

He later marries the mother

Both parents have signed an authorised parental responsibility agreement

He obtains a Parental Responsibility Order from the Court

He obtains a Residence Order from the Court

He becomes the child's guardian

Others do not have parental responsibility. They can acquire it by:-

- In the case of a local authority with a Care Order

- Being appointed as a guardian for care for a child if their parent dies

- Obtaining a Residence Order form the Court for a child to live with them

- Adopting the child

5.15 Children in the ‘Looked After’ System may have carers who do not have parental responsibility and it is very often inappropriate for information to be shared with parents. To ensure consideration specific to the issues involving children in the care of the Local Authority the Newcastle ‘Looked After’ Children Team uses an additional consent recording tool on electronic health record.

5.16 If a service user expresses concern about electronic information systems and

access, the member of staff concerned must take time to explain that information sharing is part of our Duty of Care to an individual, and who would normally access the record, i.e. members of the individual’s Care Team, Crisis service if there was contact with the service user. The service user should understand that there is a visible record as to who has accessed the electronic health record, and that should any member of staff access their record inappropriately they may be subject to legal action and/or disciplined.

CNTW(O)14


7

5.17 It may also be relevant to discuss with the service user the potential additional benefits of information being held in this way, for example information being recorded on electronic health record enables:-

The ability to support their care in the future, by the appropriate sharing of information to inform their new care and treatment by services of the Trust. Or should they move out of area in response to a request from the service in the area they have moved to

Continuity of care if the service user was to be detained through the criminal justice system by ensuring that prison based services can be put in touch with their previous Care Co-ordinator

The opportunity to participate in the national patient surveys to anonymously express their view of the care they receive

5.18 If the service user continues to express concern then the opportunity to have a

Limiting Access Record created should be explained, providing that the assessment of risk does not indicate that having a Limiting Access Record would increase the risk to the service user or others.

5.19 If the individual is one for whom a Limiting Access Record may be appropriate

it is essential that they are informed of the implications of having this type of record. That:-

There could be a delay in clinical staff having relevant information in a crisis

There could be a delay in continuity of care.

They will not have the opportunity to participate in the national patient surveys

5.20 The option of creating a Limiting Access Record should always be considered, but not assumed to be appropriate without discussion with the service user, when the individual is:-

a member of staff

highly recognisable from their demographic information

the subject of significant media interest both past and present

is under witness protection

5.21 Wherever possible this should be considered in partnership with the service user, however clinical judgement will need to be used if the service user lacks the capacity to either make the decision or understand the consequences of the decisions they make, or where not having a Limiting Access Record would increase the risk to the service user or others (see 5.2 and 5.3).

6. Creation of a Limiting Access Record

CNTW(O)14


8

6.1 The decision to create a Limiting Access Record, following discussions with the service user (as outlined in Section 5) will be made by the assessing professional or subsequently by the Care Coordinator/Lead Professional or the Inpatient Team.

6.2 Support to make this decision, if needed, can be sought from the Head of

Information Governance and Medico Legal. 6.3 The electronic health record system has a registration screen with a number of

mandatory fields – i.e. fields that must be entered before the service user’s record can be saved. These are:-

Forename

Surname

Date of Birth

Gender

Ethnic Background

Address/Postcode

GP

6.4 Staff with direct access to electronic health record create a Limiting Access

Record by completing these mandatory fields in the following way:-

6.5

Forename First initial only

Surname First initial only

Date of Birth Full details

Gender Full details

Ethnic Background Completed with the ethnicity identified by the service user

Address/Postcode House number/name and post code only

Use the * symbol for any other required fields

GP Full details

NHS number Full details (see section 8)

6.6 The consent to sharing information indictor on the case record screen should

be set to red. 6.7 To support clinical practice it is also important that within the electronic health

record the service user’s full name and demographic details can be found, e.g. to facilitate contact out-of-hours and to enable appropriate letters to be sent.

6.8 The service user’s full demographics should be entered into the personal

contacts section of electronic health record, which can be accessed via the demographics screen:-

CNTW(O)14


9

6.9 The contact type “Patient” should be selected and relation type “Limiting Access Record” selected.

6.10 Documents that are captured in images should be an exact record of that sent

out, therefore even documents created/relating to a service user with a Limiting Access Record should show all demographic information. This must not be deleted/redacted prior to uploading the image onto electronic health record.

6.11 This approach aims to balance the service user’s need for confidentiality and the Trust and clinician’s Duty of Care, by providing enough information for members of the Care Team and crisis services to identify service users they have contact with, without the most identifiable information (the service users name) being easily accessible to all users.

6.12 A member of staff who undertakes a search on the system to identify if a service

user is/has been known to services and to gain access to records needed for their care and treatment will do so using the case record screen ideally using the persons NHS number. If this is not available demographic information, which must include the person’s date of birth, will be used.

6.13 If this results in a Limiting Access Record being identified as a potential match

the information presented will only consist of initials, gender, postcode and date of birth. Further entry to the record would only be justified if there was a match with the information about the service user which the search relates to, and the reason would have to be entered and recorded before accessing the case record screen. Access to this screen will include the additional information of the individual’s GP and Care Coordinator (if allocated).

6.14 Further entry into the electronic health record would only be justified if this

additional information was indicative of the record relating to the service user the search relates to.

6.15 Each stage of this access would enable staff to identify if the service user has

an electronic health record. 6.16 Each stage of this access would be recorded on the audit trail.

CNTW(O)14


10

6.17 A search that was inappropriately undertaken, for example in relation to

someone who was of significant media interest, by entering the individuals name alone would not result in an electronic health record being identified and consequently not enable them to be identified as a service user of the Trust if they had a Limiting Access Record.

6.18 Creating a Limiting Access Record for a service users who has an existing record

6.18.1 There may be occasions where it is appropriate that a service user’s existing electronic health record is changed to a Limiting Access Record. This may be due to a request of the service user in which case where the process set out in sections 5.16 to 5.19 should be undertaken. It could also be because the individual is now

the subject of significant media interest

under witness protection

6.18.2 Ideally this change should this should be considered in partnership with the service user, however clinical judgement will need to be used if the service user lacks the capacity to either make the decision or understand the consequences of the decisions they make, or where not having a Limiting Access Record would increase the risk to the service user or others (see Section 5.2 and 5.3).

6.18.3 Support to make this decision, if needed, can be sought from the Head of Information Governance and Medico Legal.

6.18.4 There may be rare occasions where the Caldicott Guardian may make this decision on a temporary basis usually in response to anticipated significant media interest.

6.18.5 Whoever changes the service user’s electronic health record to a Limiting Access Record must ensure that this change is communicated to all members of the care team and any clinician / team where there is an open referral.

6.18.6 To change an existing electronic health record to a Limiting Access the registration screen with a number of mandatory fields – i.e. fields that must be entered before the service user’s must be amended.

6.18.7 The service user’s full demographics should be entered into the personal contacts section of electronic health record, which can be accessed via the demographics screen see Sections 6.7-6.8

6.18.8 Staff with direct access to electronic health record can create a Limiting Access Record by amending these mandatory fields ONLY in the following way:-

Forename Change to first initial only

Surname Change to First initial only

Address/Postcode Change to House number/name and postcode

CNTW(O)14


11

Only – Use the * symbol for any other required fields

6.18.9 Set the date of address to the date of the address to the date of the change to a Limiting Access Record

6.18.10 When these changes have been made click save and you will be prompted to decide if the old name should be set as an alias select No.

6.18.11 The consent to sharing information indictor on the case record screen should be set to red.

6.18.12 To support clinical practice it is also important that within the electronic health record the service user’s full name and demographic details can be found, e.g. to facilitate contact out-of-hours and to enable appropriate letters to be sent.

7. National Health Service (NHS) Number

7.1 The NHS number provides a unique identifier for all individuals and can further

assist in ensuring rapid access to individual electronic health records in a crisis situation. In the creation of a Limiting Access Record the clinician making the entry on the electronic health record must take responsibility for the identification and entry of the service users NHS number.

7.2 The Information Team within Informatics are able to provide NHS numbers on

request. 7.3 The weekly data quality checks undertaken by Informatics where service users

missing NHS numbers are traced and entered by Informatics will not be possible

for a Limiting Access Record.

CNTW(O)14


12

8. Identification of Stakeholders

8.1 This is an existing policy and its review has resulted in additional/changed content that relates to operational and/or clinical practice. Consequently it was consulted on for the period required as set out in Trust policy CNTW(O)01 – Development and Management of Procedural Documents, through the Standard Policy Distribution process, and both the Operational Group and

Trustwide Caldicott and Health Information Group meetings. North Locality Care Group

Central Locality Care Group

South Locality Care Group

North Cumbria Locality Care Group

Corporate Decision Team

Business Delivery Group

Safer Care Group

Communications, Finance, IM&T

Commissioning and Quality Assurance

Workforce and Organisational Development

NTW Solutions

Local Negotiating Committee

Medical Directorate

Staff Side

Internal Audit

9. Definition of Terms Used

RiO is the Trusts electronic health record system

10. Equality Impact Assessment

10.1 In conjunction with the Equality and Diversity Officer of the Trust this policy has undergone an Equality and Diversity Impact Assessment which has taken into account all human rights in relation to disability, ethnicity, age and gender. The Trust undertakes to improve the working experience of staff and to ensure

everyone is treated in a fair and consistent manner.

11. Training

11.1 All users of the electronic health records system are provided with training by

the Informatics directorate. Including how to create a Limiting Access Record and their responsibilities in relation to confidentiality, including Limiting Access Records, is incorporated into the training programme and supporting guides.

12. Implementation

12.1 This is an existing policy and its review. The implementation date is the same

as the date of ratification.

CNTW(O)14


13

12.2 The Trust wide Caldicott and Health Informatics Group will receive the outcomes of policy monitoring and agree any action planning, if gaps are identified and how learning will take place.

13 Monitoring Compliance

13.1 Monitoring of this policy will focus on compliance though reporting on any instances of inappropriate access and ensuring that the electronic health record has the appropriate consent status set. See ‘Appendix C’ Audit and Monitoring Tool.

14 Fair Blame

14.1 The Trust is committed to developing an open learning culture. It has endorsed the view that, wherever possible, disciplinary action will not be taken against members of staff who report near misses and adverse incidents; Although there may be clearly defined occasions where disciplinary action will be taken.

15 Associated Documentation

CNTW(C)20 - Care Coordination and Care Programme Approach Process

CNTW(C)48 - Care Coordination for Children and Young People Service

CNTW(O)01 - Development and management of Procedure Documents

CNTW(O)05 - Incident Reporting Policy and Practice Guidance Notes

CNTW(O)29 - Confidentiality Policy 16 References

The Data Protection Act 2018

The Human Rights Act 1998

Contract of Employment

DoH Confidentiality Code of Practice

CNTW(O)14


14

Appendix A

Equality Analysis Screening Toolkit

Names of Individuals involved in Review

Date of Initial Screening

Review Date Service Area / Locality

Angela Faill/Claire Aberdeen Sep 2018 Sep 2021 Trust-wide

Policy to be analysed Is this policy new or existing?

Limiting Access and patient electronic records (RiO) – V04

Existing

What are the intended outcomes of this work? Include outline of objectives and function aims

The Trust recognises that there are some service users for whom they have a duty to take additional steps to ensure confidentiality due to the individual also being a Trust employee or the individual’s demographic details being highly recognisable. These will be referred to as Limiting Access Records.

Who will be affected? e.g. staff, service users, carers, wider public etc

Staff /Service Users

Protected Characteristics under the Equality Act 2010. The following characteristics have protection under the Act and therefore require further analysis of the potential impact that the policy may have upon them.

Disability Accessible formats for information through Patient Information Centre.

Sex NA

Race Consider and detail any evidence on difference ethnic groups, nationalities, Roma gypsies, Irish travellers, language barriers.

Age Accessible formats for information through Patient Information Centre. Gillick

competency addressed

Gender reassignment

(including transgender)

NA

Sexual orientation. NA

Religion or belief NA

Marriage and Civil Partnership

NA

Pregnancy and maternity

NA

CNTW(O)14


15

Carers NA

Other identified groups NA

How have you engaged stakeholders in gathering evidence or testing the evidence available?

Through the policy consultation process

How have you engaged stakeholders in testing the policy or programme proposals?

Through the policy consultation process

For each engagement activity, please state who was involved, how and when they were engaged, and the key outputs:

Policy Review Group

Summary of Analysis Considering the evidence and engagement activity you listed above, please

summarise the impact of your work. Consider whether the evidence shows potential for differential impact, if so state whether adverse or positive and for which groups. How you will mitigate any negative impacts. How you will include certain protected groups in services or expand their participation in public life?

No negative impact

Now consider and detail below how the proposals impact on elimination of discrimination, harassment and victimisation, advance the equality of opportunity and promote good relations between groups. Where there is evidence, address each protected characteristic:

Eliminate discrimination, harassment and victimisation

NA

Advance equality of opportunity NA

Promote good relations between groups NA

What is the overall impact? No impact

Addressing the impact on equalities No impact

From the outcome of this Screening, have negative impacts been identified for any

protected characteristics as defined by the Equality Act 2010? No

If yes, has a Full Impact Assessment been recommended? If not, why not?

Manager’s signature: Angela Faill/Claire Aberdeen Date: September 2018

CNTW(O)14


16

Appendix B Communication and Training Check list for policies

Key Questions for the accountable committees designing, reviewing or agreeing a new Trust policy:

Is this a new policy with new training requirements or a change to an existing policy?

Existing Policy

If it is a change to an existing policy are there changes to the existing model of training delivery? If yes specify below.

No changes under this review to existing policy that require changes to mode of training.

Are the awareness/training needs required to deliver the changes by law, national or local standards or best practice?

Please give specific evidence that identifies the training need, e.g. National Guidance, CQC, NHS Resolutions etc.

Please identify the risks if training does not occur.

No changes applicable in this review.

Confidentiality Code of Practice – Department of Health

Please specify which staff groups need to undertake this awareness/training. Please be specific. It may well be the case that certain groups will require different levels e.g. staff group A requires awareness and staff group B requires training.

Newly appointed Front line clinical staff and other RiO users

Is there a staff group that should be prioritised for this training / awareness?

As above

Please outline how the training will be delivered. Include who will deliver it and by what method. The following may be useful to consider: Team brief/e bulletin of summary Management cascade Newsletter/leaflets/payslip attachment Focus groups for those concerned Local Induction Training Awareness sessions for those affected by the new policy Local demonstrations of techniques/equipment with reference documentation Staff Handbook Summary for easy reference Taught Session E Learning

Inclusion in existing training for RiO Policy consultation; Group Caldicott and Heath Information Groups. RiO champions meeting and dissemination to those they represent

Please identify a link person who will liaise with the training department to arrange details for the Trust Training Prospectus, Administration needs etc.

Head of Information Governance and Medico Legal.

CNTW(O)14


17

Appendix B – continued

Training Needs Analysis

Staff/Professional Group Type of training

Duration of

Training

Frequency of Training

RiO users Classroom by RiO Trainers

One day Once unless changes to system that impact on clinical practice when appropriate update training will be provided using a range of methods.

Should any advice be required, please contact:- 0191 2456777 (internal 56777)

CNTW(O)14


18

Appendix C

Audit / Monitoring Tool The Trust is working towards effective clinical governance and governance systems. To demonstrate effective care delivery and compliance, policy authors are required to include how monitoring of this policy is linked to auditable standards/key performance indicators will be undertaken using this framework.

CNTW(O)14 – Limiting Access and Electronic Patient Record (RiO)

Monitoring Framework

Auditable Standard/Key Performance Indicators

Frequency/Method/Person Responsible

Where results and any associated action plan will be reported to, implemented and monitored; (this will usually be

via the relevant governance

group).

1 Identification of inappropriate access to the electronic record

Annual report by Caldicott Support

Trustwide Caldicott and Health Informatics Group

2 Consent indicators are set appropriately on linilted access records

Annual position report by Deputy Head Customer Operations Informatics Department

Trustwide Caldicott and Health Informatics Group