Information Governance Jym Bates Head of Information Assurance.
-
Upload
moris-merritt -
Category
Documents
-
view
212 -
download
0
Transcript of Information Governance Jym Bates Head of Information Assurance.
![Page 1: Information Governance Jym Bates Head of Information Assurance.](https://reader030.fdocuments.us/reader030/viewer/2022032802/56649e005503460f94ae8c91/html5/thumbnails/1.jpg)
Information GovernanceInformation Governance
Jym BatesJym Bates
Head of Information Head of Information AssuranceAssurance
![Page 2: Information Governance Jym Bates Head of Information Assurance.](https://reader030.fdocuments.us/reader030/viewer/2022032802/56649e005503460f94ae8c91/html5/thumbnails/2.jpg)
What Is Information What Is Information Governance?Governance?
Data ProtectionData Protection Freedom Of InformationFreedom Of Information Information SecurityInformation Security
![Page 3: Information Governance Jym Bates Head of Information Assurance.](https://reader030.fdocuments.us/reader030/viewer/2022032802/56649e005503460f94ae8c91/html5/thumbnails/3.jpg)
Relevant PoliciesRelevant Policies Data Protection Act 1998 (and subsequent Special Information Data Protection Act 1998 (and subsequent Special Information
Notices)Notices) Human Rights Act 1998Human Rights Act 1998 Access to Health Records act 1990 (where not superseded by the Access to Health Records act 1990 (where not superseded by the
Data Protection Act 1998)Data Protection Act 1998) Computer Misuse Act 1990Computer Misuse Act 1990 Copyright, Designs and Patents Act 1988 (as amended by theCopyright, Designs and Patents Act 1988 (as amended by the Copyright (Computer Programs) Regulations 1992).Copyright (Computer Programs) Regulations 1992). Crime & Disorder Act 1998Crime & Disorder Act 1998 Electronic Communications Act 2000Electronic Communications Act 2000 Regulation of Investigatory Powers Act 2000 (& Lawful BusinessRegulation of Investigatory Powers Act 2000 (& Lawful Business Practice Regulations 2000Practice Regulations 2000 Freedom of Information Act 2000Freedom of Information Act 2000 Gender Recognition Act 2004Gender Recognition Act 2004
![Page 4: Information Governance Jym Bates Head of Information Assurance.](https://reader030.fdocuments.us/reader030/viewer/2022032802/56649e005503460f94ae8c91/html5/thumbnails/4.jpg)
EmailEmail
Ownership of emailsOwnership of emails Addressing emailsAddressing emails Personal emailsPersonal emails Freedom of informationFreedom of information AttachmentsAttachments SpamSpam
• Why it occursWhy it occurs• Actions to takeActions to take
![Page 5: Information Governance Jym Bates Head of Information Assurance.](https://reader030.fdocuments.us/reader030/viewer/2022032802/56649e005503460f94ae8c91/html5/thumbnails/5.jpg)
Internet UseInternet Use Personal accessPersonal access
• Out of working hoursOut of working hours Monitoring - Disciplinary Monitoring - Disciplinary
ActionAction Not to be viewedNot to be viewed
• Adult/Sexually explicit Adult/Sexually explicit topic topic
• HackingHacking• Alcohol & Tobacco Alcohol & Tobacco • SpywareSpyware• Intolerance & HateIntolerance & Hate
• Criminal Activity Criminal Activity • GamblingGambling• Personals & Dating Personals & Dating • Tasteless & OffensiveTasteless & Offensive• Glamour & Intimate Glamour & Intimate
Apparel Apparel • Illegal DrugsIllegal Drugs• Violence Violence • WeaponsWeapons• Streaming Media Streaming Media
DownloadsDownloads• ChatChat
![Page 6: Information Governance Jym Bates Head of Information Assurance.](https://reader030.fdocuments.us/reader030/viewer/2022032802/56649e005503460f94ae8c91/html5/thumbnails/6.jpg)
Data Protection ActData Protection Act
Security of Person Identifiable Security of Person Identifiable Information (PII)Information (PII)
ConfidentialityConfidentiality StorageStorage TransferTransfer
![Page 7: Information Governance Jym Bates Head of Information Assurance.](https://reader030.fdocuments.us/reader030/viewer/2022032802/56649e005503460f94ae8c91/html5/thumbnails/7.jpg)
Principles of the Data Protection Principles of the Data Protection ActAct
Fairly and lawfully processed Fairly and lawfully processed Processed for limited purposes Processed for limited purposes Adequate, relevant and not excessive Adequate, relevant and not excessive Accurate and up to date Accurate and up to date Not kept for longer than is necessary Not kept for longer than is necessary Processed in line with your rights Processed in line with your rights Secure Secure Not transferred to other countries Not transferred to other countries
without adequate protectionwithout adequate protection
![Page 8: Information Governance Jym Bates Head of Information Assurance.](https://reader030.fdocuments.us/reader030/viewer/2022032802/56649e005503460f94ae8c91/html5/thumbnails/8.jpg)
ConfidentialityConfidentiality
Security risksSecurity risks• Not following the clear desk policyNot following the clear desk policy• Not logging off a PC when it is not being Not logging off a PC when it is not being
usedused• Talk e.g. the canteenTalk e.g. the canteen• Telephone conversations e.g. open wardTelephone conversations e.g. open ward• Patients seeing their own notesPatients seeing their own notes
![Page 9: Information Governance Jym Bates Head of Information Assurance.](https://reader030.fdocuments.us/reader030/viewer/2022032802/56649e005503460f94ae8c91/html5/thumbnails/9.jpg)
Storage of PII - ElectronicStorage of PII - Electronic
PII must not be stored on: -PII must not be stored on: -• Unencrypted laptopsUnencrypted laptops• Non Biometric USB memory sticks Non Biometric USB memory sticks • CDROM / DVD unless encryptedCDROM / DVD unless encrypted• External hard drives unless encryptedExternal hard drives unless encrypted• Any home PC Any home PC • Any PC not on central storageAny PC not on central storage
![Page 10: Information Governance Jym Bates Head of Information Assurance.](https://reader030.fdocuments.us/reader030/viewer/2022032802/56649e005503460f94ae8c91/html5/thumbnails/10.jpg)
Storage of PII - PaperStorage of PII - Paper
Medical notes must be held in Medical notes must be held in Medical Records, in a locked office or Medical Records, in a locked office or in a locked notes trolleyin a locked notes trolley
Any PII should always be locked in a Any PII should always be locked in a filing cabinet or desk drawer unless it filing cabinet or desk drawer unless it is in a secure officeis in a secure office
![Page 11: Information Governance Jym Bates Head of Information Assurance.](https://reader030.fdocuments.us/reader030/viewer/2022032802/56649e005503460f94ae8c91/html5/thumbnails/11.jpg)
Transfer of PII – ElectronicTransfer of PII – Electronic
Whenever possible PII should not be Whenever possible PII should not be transferredtransferred
Email should not be used unless it is Email should not be used unless it is encryptedencrypted
PII should only be uploaded to secure PII should only be uploaded to secure web sitesweb sites
For support please contact ISC Help For support please contact ISC Help DeskDesk
![Page 12: Information Governance Jym Bates Head of Information Assurance.](https://reader030.fdocuments.us/reader030/viewer/2022032802/56649e005503460f94ae8c91/html5/thumbnails/12.jpg)
Transfer of PII – Paper / LettersTransfer of PII – Paper / Letters Whenever possible PII should not be Whenever possible PII should not be
transferredtransferred Ensure that the correct information is Ensure that the correct information is
being sent to the correct personbeing sent to the correct person Any letters containing PII should be clearly Any letters containing PII should be clearly
addressed addressed ‘Private & Confidential’ ‘Private & Confidential’ and and only this & the contact details should be only this & the contact details should be visiblevisible
Requests for tests etc must always be Requests for tests etc must always be sealed in an envelopesealed in an envelope
Use of Fax Machines should be Use of Fax Machines should be discourageddiscouraged
![Page 13: Information Governance Jym Bates Head of Information Assurance.](https://reader030.fdocuments.us/reader030/viewer/2022032802/56649e005503460f94ae8c91/html5/thumbnails/13.jpg)
Transfer of PII – Medical NotesTransfer of PII – Medical Notes
The location of medical records The location of medical records should always be entered on the PAS should always be entered on the PAS tracking systemtracking system
Medical records must always be Medical records must always be sealed in an envelopesealed in an envelope
Staff should not ferry casenotes to Staff should not ferry casenotes to other locations in their carsother locations in their cars
![Page 14: Information Governance Jym Bates Head of Information Assurance.](https://reader030.fdocuments.us/reader030/viewer/2022032802/56649e005503460f94ae8c91/html5/thumbnails/14.jpg)
VirusesViruses
A virus is a malicious code that can A virus is a malicious code that can affect an individual PC or entire affect an individual PC or entire networknetwork
The Trust has a comprehensive virus The Trust has a comprehensive virus scanning and damage control system scanning and damage control system that starts up when a PC is turned onthat starts up when a PC is turned on
Major sources are: -Major sources are: -• Unsolicited emailsUnsolicited emails• Unlicensed softwareUnlicensed software
![Page 15: Information Governance Jym Bates Head of Information Assurance.](https://reader030.fdocuments.us/reader030/viewer/2022032802/56649e005503460f94ae8c91/html5/thumbnails/15.jpg)
PasswordsPasswords
You must You must nevernever let anyone use the let anyone use the password to your PC or any software password to your PC or any software you useyou use
Do not keep lists of your passwordsDo not keep lists of your passwords Regularly change your passwordRegularly change your password Passwords must contain at least one Passwords must contain at least one
number, one lowercase letter and number, one lowercase letter and one uppercase letter.one uppercase letter.
![Page 16: Information Governance Jym Bates Head of Information Assurance.](https://reader030.fdocuments.us/reader030/viewer/2022032802/56649e005503460f94ae8c91/html5/thumbnails/16.jpg)
Unlicensed SoftwareUnlicensed Software
The only software allowed on Trust The only software allowed on Trust PCs are the systems purchased by PCs are the systems purchased by the trustthe trust
You are not allowed to load any You are not allowed to load any software onto a Trust PCsoftware onto a Trust PC
Please contact ISC Help Desk if you Please contact ISC Help Desk if you require a programme for your workrequire a programme for your work
![Page 17: Information Governance Jym Bates Head of Information Assurance.](https://reader030.fdocuments.us/reader030/viewer/2022032802/56649e005503460f94ae8c91/html5/thumbnails/17.jpg)
PII and Audit / ResearchPII and Audit / Research
Always review the need for PII. Could Always review the need for PII. Could you just use an allocated patient you just use an allocated patient identifieridentifier• The NHS number with no further PII is The NHS number with no further PII is
acceptableacceptable Do not Do not pull offpull off PII from a system unless PII from a system unless
you are allowed to do so. you are allowed to do so. • Requests for reports should go through ISC Requests for reports should go through ISC
Help Desk or individual Business Help Desk or individual Business Information SpecialistsInformation Specialists
![Page 18: Information Governance Jym Bates Head of Information Assurance.](https://reader030.fdocuments.us/reader030/viewer/2022032802/56649e005503460f94ae8c91/html5/thumbnails/18.jpg)
GuidanceGuidance
Check the Trust’s Information Check the Trust’s Information Governance Policies on Synapse in Governance Policies on Synapse in
EmailEmail• InformationSecurity&xxxxxxxxxxxxxx@
xxxx.xxx.xx TelephoneTelephone
• (0161 20) 62601 (0161 20) 62601