Information Governance Policy

Introduction: 

Space 2B You is committed to providing a high standard of service. Therefore, Space 2B You recognise that Information is vital in terms of the clinical management of clients and the efficient management of services and resources. In addition, information plays a key role in clinical governance, service planning and performance management. Therefore, it is essential information is efficiently managed, and that appropriate policies, procedures, management accountability and structures provide a robust governance framework for information management.  

Scope: 

This policy applies to every person working with Space 2B You regardless of position and level of responsibility. Therefore, each staff member should have a clear understanding of this policy.  

Purpose of the Policy: 

Space 2B You are committed to providing a high standard of services. This Information Governance policy provides an overview of Space 2B You approach to information governance. 

The Caldicott Principles:  

'The Caldicott Committee: Report on the Review of Patient-identifiable Information', was published in December 1997. The Report made sixteen recommendations. One of the key recommendations was organisations would appointment an Information Governance (IG) Lead, who should be either a senior professional or an existing member of the management board. The IG leads is responsible for agreeing and reviewing protocols for governing the disclosure of personal-identifiable information across organisational boundaries. The Committee initially developed a set of six general principles which has now been expanded to 8 principles for the safe handling of personal-identifiable information and work alongside the Principles of the Data Protection Act 1998. They both cover information held in whatever format -electronic, paper, verbal, or visual.  

The six Caldicott Principles must be adhered to when collecting, transferring, or generally working with personal identifiable information.  

The Principles 

Principle 1: Justify the purpose(s) for using confidential information: 

Every proposed use or transfer of confidential information should be clearly defined, scrutinised and documented, with continuing uses regularly reviewed by an appropriate guardian. 

Principle 2: Use confidential information only when it is necessary: 

Confidential information should not be included unless it is necessary for the specified purpose(s) for which the information is used or accessed. The need to identify individuals should be considered at each stage of satisfying the purpose(s) and alternatives used where possible. 

Principle 3: Use the minimum necessary confidential information: 

Where use of confidential information is considered to be necessary, each item of information must be justified so that only the minimum amount of confidential information is included as necessary for a given function. 

Principle 4: Access to confidential information should be on a strict need-to-know basis: 

Only those who need access to confidential information should have access to it, and then only to the items that they need to see. This may mean introducing access controls or splitting information flows where one flow is used for several purposes. 

Principle 5: Everyone with access to confidential information should be aware of their responsibilities: 

Action should be taken to ensure that all those handling confidential information understand their responsibilities and obligations to respect the confidentiality of patient and service users. 

Principle 6: Comply with the law: 

Every use of confidential information must be lawful. All those handling confidential information are responsible for ensuring that their use of and access to that information complies with legal requirements set out in statute and under the common law. 

Principle 7: The duty to share information for individual care is as important as the duty to protect patient confidentiality: 

Health and social care professionals should have the confidence to share confidential information in the best interests of patients and service users within the framework set out by these principles. They should be supported by the policies of their employers, regulators and professional bodies. 

Principle 8: Inform patients and service users about how their confidential information is used: 

A range of steps should be taken to ensure no surprises for patients and service users, so they can have clear expectations about how and why their confidential information is used, and what choices they have about this. These steps will vary depending on the use: as a minimum, this should include providing accessible, relevant and appropriate information - in some cases, greater engagement will be required. 

GPDR (General Data Protection Regulation) General Data Protection Regulation: 

GDPR is a UK law and came into effect on 01 January 2021. It sets out the key principles, rights, and obligations for most processing of personal data in the UK, except for law enforcement and intelligence agencies. 

The UK GDPR sets out seven key principles: 

  1. Lawfulness, fairness, and transparency. 

  2. Purpose limitation. 

  3. Data minimisation. 

  4. Accuracy. 

  5. Storage limitation. 

  6. Integrity and confidentiality (security) 

  7. Accountability.  

 Space 2B You’s Approach to Information Governance:  

 Space 2B You aim to implement information governance effectively and will ensure the following:  

  • Information will be protected against unauthorised access. 

  • Confidentiality of information will be assured. 

  • Integrity of information will be maintained. 

  • Regulatory and legislative requirements will be met. 

  • Business continuity plans will be produced, maintained, and implemented.  

  • Information governance training will be available to all staff and contractors as necessary to their role. 

  • All breaches of confidentiality and information security, actual or suspected, will be reported and investigated by the IG leads.  

 Information Governance Policies and Procedures:  

 This Information Governance policy is underpinned by Space 2B You’s policies and procedures to ensure all staff and contractors are compliant with Information Governance requirements. Staff members are required to have read and understood the appropriate IG policies:  

  • Safeguarding Policy  

  • Code of Conduct 

  • Record Keeping and Record Management 

  • Information Sharing Policy  

  • Confidentiality Policy 

  • Mobile Phone Policy  

  • IG Incident Reporting Form  

  • IG Incident Register 

  • Information Sharing Procedure 

  • Privacy Notice  

 Responsibilities and Accountabilities IG Leads: 

 The designated Information Governance lead for Space 2B You are the two Directors. The key responsibilities of the IG lead are:  

  1.  Developing and implementing IG procedures and processes.  

  2. Raising awareness and providing advice and guidelines about IG to all staff.  

  3. A commitment to improving confidentiality and data protection within Space 2B You.  

  4. To be comfortable acting in an advisory capacity to all staff and contractors.  

  5. Ensuring that any training is made available.  

  6. To liaise with all staff and contractors to ensure they understand this policy.   

  7. Ensuring all activities of staff, contractors, students, and volunteers are compliant with data protection, confidentiality, information quality, records management and Freedom of Information responsibilities meets information governance standards. 

  8. Ensuring that client’s data is kept secure and that all data flows, internal and external flow of data is periodically checked against the Caldecott Principles and GDPR compliant.  

  9. The IG Lead is responsible for ensuring sufficient resources are provided to support the effective implementation of IG and to ensure compliance with the law, professional codes of conduct and practice procedures.  

 Procedures for Disclosures: 

 If Staff or contractors become aware of an Information Governance breach, they must: 

  • complete the ‘Information Governance Incident form’. This should then be emailed to: 

    www.barbara.johnston@space2byou.co.uk 

    alison.joyce@space2byou.co.uk 

    marie-anne.mckee@space2byou.co.uk 

  • If the staff member or contractor believe the Information Governance breach needs to be addressed immediately, they must phone the Directors to discuss their concerns.  

  • Space 2B You will log the breach on the ‘Information Governance Breach Register.’ 

  • The Breach will then be discussed at the business meeting and the Directors will take appropriate actions.  

  • Space 2B You will inform the staff member or contractor of the investigation outcomes.   

Data Security and Protection:  

Personal identifying Information concerning clients or staff is strictly confidential and must not be disclosed to unauthorised persons. This obligation shall continue in perpetuity. Disclosures of confidential information or disclosures of any data of a personal nature can result in prosecution for an offence under the General Data Protection Regulations 2018 or an action for civil damages under the same Act.  

Disciplinary Actions: 

Breach of this policy may result in disciplinary action.  

Contact Details: 

If staff members have any concerns, they must inform Information Governance leads Marie-Anne McKee and Alison Joyce. 

Telephone: 

020 3048 3331 (ext. 301) 

Email: 

www.barbara.johnston@space2byou.co.uk 

alison.joyce@space2byou.co.uk 

marie-anne.mckee@space2byou.co.uk