raising the bar on information governance in primary care dr lorna ramsay clinical lead nhs scotland...
TRANSCRIPT
Raising the Bar on Information Governance
in Primary Care
Dr Lorna RamsayClinical Lead
NHS Scotland IG Programme, ISD
Information Governance
“Information governance aims to support theprovision of high quality care by promoting theeffective and appropriate use of information.”
• Confidentiality• Data Protection• Information Security• Records Management• Freedom of Information• Data Quality Assurance
Primary Care IG Baseline
Benchmarking Information Governance and Data Quality Standards, Directed Enhanced Service, circular PCA(M)(2007)11
All practices should:– be compliant with a basic list of standards for information
governance – have completed and implemented an action plan (agreed with
the host NHS Board) on how they will improve data quality and information governance
What’s been going on?
– high profile data disclosures– growing expectations of the general public– continued eHealth progress
• What’s changed in IG?– updated guidance from professional bodies– evolving requirements from regulators
• How can NHSS ‘raise the bar’?– new guidance– ongoing activities– training and awareness
Session overview
GMC Confidentiality Guidance
Principles“Confidentiality is central to trust between doctors and patients. Without assurances about confidentiality, patients may be reluctant to seek medical attention or to give doctors the information they need in order to provide good care.
But appropriate information sharing isessential to the efficient provision of safe,effective care, both for the individual patientand for the wider community of patients.”
Regulator changes: Data Protection
• Privacy Impact Assessment (PIA) • DP registration changes• Extended Powers & Penalties
– Fines - monetary penalties for reckless breaches– Enhanced powers of inspection – Prosecution - prison sentences for s55 offences
• New offence:– Wilful or reckless breach of the DP Principles leading
to damage or distress
http://www.ico.gov.uk
Regulator changes: Freedom of Information
• Sets out types of information routinely made available by a public authority.
• Should specify classes of information, how available, and if charge.
• Current NHS schemes expire on 31 May 2010• 5 updated NHS model schemes proposed,
including one specifically for General Practices – developed by SGPC of the BMA
• Consultation: Nov to mid Dec• Revised submissions by 28 Feb 2010
http://www.itspublicknowledge
Patients Bill of Rights
• Consultation Sept 08 -Jan 09• Patients' Rights Bill and
introduction of legislation in 2010• Includes patient rights to privacy
and confidentiality
Scottish Government Draft Identity Management and Privacy Principles
• Developed by expert group for Scottish Ministers – Help public service organisations comply with
data protection and human rights legislation– Enable public organisations to build on these
requirements and to achieve good practice • Aimed at both policy makers and practitioners in
public service organisations• 5 sections:
– Proving Identity and Entitlement– Governance and Accountability– Risk Management– Data and Data Sharing– Education and Engagement
• Closes 23/11/2009
NHS Scotland IG programme
• Standards & Toolkit• Communications &
Networks• Education & Training• Knowledge Base• National IG Framework of
Policies & GuidelinesDeveloping & Implementing
Fully Implemented
Evaluation & Monitoring
Changes Implemented
Continuous Improvemen
t Cycle
National IG Guidance 1
• NHS Scotland Code of Protecting Patient Confidentiality (review)
• NHS Scotland Information Security standards and guidance (review)– Mobile data protection standard (encryption)
• Caldicott Guardians Manual, July 2008 (review/ replacement)
National IG Guidance 2
• Refreshed NHS Scotland Code of Practice in Records Management– Health and administrative records into single document – Improved guidance re disposal of records, esp. in site
decommissioning - Strathmartine review recommendations• Develop dataset for compiling records inventory
(Nov 2009)• Develop guidance on operational physical security
and transportation of manual records (Dec 2009)
Ongoing national IG activities
• IG Access Framework for national systems• Role Based Access Control model for clinical
portal• Information Classification Scheme• Incident Reporting guidance• Guidance for patients seeking opt out from
electronic records• Training requirements and awareness raising
tools for NHSS staff
Training in place/ in development
• IG Educational Competency Framework, NES • Advanced practitioners:
– Postgraduate educational programmes for IG Practitioners– Initial and ongoing training for Caldicott Guardians
• Intermediate 2:– DOTS – IG module for junior doctors– Flying Start – IG module for newly qualified nurses,
midwives and AHPs
• Various materials:– Brief Guide to IG– Information Security Good Practice Guide
Proposed Training Model
Intermediate 2
Intermediate 1
Foundation
Supervisory rolesMiddle managersHealth Professionals
AdministratorsMedical RecordsClinical CodingHealthcare Assistants
IG LeadsIG Practitioners
Clinical/ professional
System administratorsClinical Administrators
Healthcare Administrators
All NHS employees/ contractors
Advanced
IG competency Levels (NES)
Role(RBAC Model)
Indicative staff groups (NES)
Training Plans/ Proposals
Proposals for comprehensive programme of IG awareness raising, training packages and work-based assessment :
• Intermediate 2:– Senior medical, nursing, midwifery and AHP staff– Other healthcare professionals
• Intermediate 1:– Administrative and clerical staff– Health Records staff, etc
• Foundation: – All NHS employees and contracted staff
Future activity
• NHSS IG standards for Primary Care • Self assessment using electronic IG toolkit
Key Contacts/ Sources of Advice
Topic Area Policy & Strategy: development &
advice (SG)
(Implementation of policy)
NHSS IG Team
Advice on & interpretation
of law
Day to day Operational & Management
Informal Advice
Data Protection/ Confidentiality
Kim Kingan IG Lead
IG Co-ordinator – post vacant
Information Security David Armstrong Security Lead
Colin Howarth NHSS IS Consultant
Records
Management (Pts & Corporate)
Robert Bryden Records Management
Lead
IG Co-ordinator – post vacant
Freedom of Information
- IG Co-ordinator – post vacant
Caldicott - N/A
Central Legal Office ICO
SICO
NHS Board subject topic
experts & Caldicott
Guardians
IG e-Library Shared Space Peer Forums Future: new
Caldicott Guardian Manual
Internal: Line ManagerPractice ManagerGP Lead
External:
Specialist e-Library/ IG Portalhttp://www.elib.scot.nhs.uk/IG
IG Bulletinhttp://www.elib.scot.nhs.uk/portal/ig/pages/index.aspx
eHealth Websitehttp://www.ehealth.scot.nhs.uk/
Further Information
Contacts NHSS IG Team: [email protected]
Lorna Ramsay, Clinical Lead, IG team, [email protected]
Kim Kingan, Information Governance Lead, [email protected]
David Armstrong, Enterprise Architect-Security, SGHD [email protected]
Robert Bryden, Records Management Lead, SGHD [email protected]
• How might primary care respond to ‘raising the bar’ around IG? – Participation in developments– Implementation of new guidance– Compliance with evolving requirements
• What barriers and enablers might there be?
Discussion points
Questions?
Better information.….better decisions…..better health.