Information Governance (IG) is a set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage information at an organisational level. Information Governance supports Acle Medical Partnership’s immediate and future regulatory, legal, risk, environmental and operational requirements.
Information is a vital asset, both in terms of the commercial development and the efficient management of services and resources. It plays a key part in governance, service planning and performance management.
It is therefore of critical importance to ensure that information is appropriately managed, and that policies, procedures and management accountability and structures provide a robust governance framework for information management.
Acle Medical Partnership recognises the need for an appropriate balance between openness and confidentiality in the management and use of information. Acle Medical Partnership fully supports the principles of clinical and corporate governance and recognises the power of public accountability, but equally places importance on the confidentiality of, and the security arrangements to safeguard, both personal information about patients, the public and staff and commercially sensitive information. Acle Medical Partnership also recognises the need to share information with commissioners, partners and other third parties in a controlled manner consistent with the established lawful basis.
This overarching Information Governance Policy and the associated protocols sets out Acle Medical Partnership’s policy with respect to the governance of;
2. Statutory Mandatory Framework
This policy serves to support Acle Medical Partnership to navigate and comply with the complex framework within which Information Governance operates.
This framework includes but is not limited to;
3. Accountable Parties
The Acle Medical Partnership has overall responsibility for Information Governance at Acle Medical Partnership. As the senior accountable officer, he/she is responsible for the management of the organisation and for ensuring appropriate mechanisms are in place to provide the necessary assurance to internal and external stakeholders.
Acle Medical Partnership has a particular responsibility for ensuring that Acle Medical Partnership meets its corporate legal responsibilities, and for the adoption of internal and external governance requirements.
Senior Information Risk Owner (SIRO)
Information Asset Owners (IAOs)
The IAO will;
Hold local responsibility for information risk management, devolved to the relevant directors, department leads by the SIRO. Business function leads within Acle Medical Partnership have overall responsibility for the management of risks generated by their information assets and are supported on a daily basis by Information Asset Administrators.
Caldicott Guardian Function
The Caldicott Guardian will;
Data Protection Officer (DPO)
The DPO Will;
All staff, whether clinical or administrative, who create, receive and use data have information governance responsibilities. Employees have a contractual and legal obligation to read and comply with all company policies and to attend mandatory training to support the appropriate management of information.
Non-confidential information related to Acle Medical Partnership and its services will be available to the public through a variety of media, in line with Acle Medical Partnership’s overall commitment to transparency
Acle Medical Partnership will adopt and maintain clear procedures and arrangements for liaison with the press and broadcasting media
Acle Medical Partnership will adopt and maintain an Information Rights and Access Protocol and a Freedom of Information Protocol to provide guidance for handling queries from data subjects and the public.
5. Privacy and Information Rights
Acle Medical Partnership is committed to the privacy of its patients, staff and the public. Acle Medical Partnership will undertake or commission annual assessments and audits of its compliance with privacy legislation and will adopt and maintain protocol for completion of Data Protection Impact Assessments.
Acle Medical Partnership regards all Personal Data relating to staff as confidential except where national policy on accountability and openness requires otherwise
Acle Medical Partnership will adopt and maintain protocols to ensure compliance with the Data Protection Act, General Data Protection Regulations, Human Rights Act and the common-law confidentiality
Acle Medical Partnership will establish and maintain protocols for the controlled and appropriate sharing of personal information with other agencies, taking account of relevant legislation (e.g. Data Protection Act, Human Rights Act).
Acle Medical Partnership will ensure that contractual or best practice documents are in place for routine sharing of information between sharing partners.
6. Information Security
Acle Medical Partnership will adopt and maintain protocols for the effective and secure management of its information assets and resources
Acle Medical Partnership will undertake or commission annual assessments and audits of its information and IT security arrangements
Acle Medical Partnership will promote effective information and cyber security practice to its staff through policies, procedures and training
Acle Medical Partnership will establish and maintain incident reporting procedures and will monitor and investigate all reported instances of actual or potential breaches of information and cyber security
7. Information Quality and Records Management
Acle Medical Partnership will establish and maintain protocols and procedures for information quality assurance and the effective management of records
Acle Medical Partnership will undertake or commission annual assessments and audits of its information quality and records management arrangements
Managers will be expected to take ownership of, and seek to improve, the quality of information within their services
Wherever possible, information quality will be assured at the point of collection
Data standards will be set through clear and consistent definition of data items, in accordance with national standards.
Acle Medical Partnership will promote information quality and effective records management through protocols, procedures/user manuals and training
8. Associated Protocols
This policy should be read in conjunction with;
9. Audit Schedule
Compliance with this policy will be audited and the results fed into the Plan, Do, Check, Act Cycle described in the Information Risk and Audit Protocol.