STANDARDS FOR HANDLING PERSONAL...
Transcript of STANDARDS FOR HANDLING PERSONAL...
![Page 1: STANDARDS FOR HANDLING PERSONAL INFORMATIONssrg.org.uk/wp-content/uploads/2012/01/2004files/slowles.pdf · WHAT I WANT TO DO • explain the standards, and the acronym HORUS • explain](https://reader038.fdocuments.us/reader038/viewer/2022110110/5a75cb5c7f8b9a93088ca93e/html5/thumbnails/1.jpg)
SSRG SCOTLAND – 1ST MARCH 2004.
STANDARDS FOR
HANDLING PERSONAL INFORMATION
Simon Lowles
Social Care Information Governance Toolkit Project
Dept. of Health/ADSS IMG
![Page 2: STANDARDS FOR HANDLING PERSONAL INFORMATIONssrg.org.uk/wp-content/uploads/2012/01/2004files/slowles.pdf · WHAT I WANT TO DO • explain the standards, and the acronym HORUS • explain](https://reader038.fdocuments.us/reader038/viewer/2022110110/5a75cb5c7f8b9a93088ca93e/html5/thumbnails/2.jpg)
WHAT I WANT TO DO
• explain the standards, and the acronym HORUS
• explain why we need to move past ‘just’ information sharing
• explain the Social Care Information Governance Toolkit project
• illustrate the standards, requirements, guidance & examples
• remind us all that standards and principles need a solid practice-base
• suggest where we are going next
![Page 3: STANDARDS FOR HANDLING PERSONAL INFORMATIONssrg.org.uk/wp-content/uploads/2012/01/2004files/slowles.pdf · WHAT I WANT TO DO • explain the standards, and the acronym HORUS • explain](https://reader038.fdocuments.us/reader038/viewer/2022110110/5a75cb5c7f8b9a93088ca93e/html5/thumbnails/3.jpg)
Effective Information Governance
Records Management
Data Processing
Management Information
PerformanceMeasurementCommunications
PolicyConfidentiality
PolicyCode of Conduct
PUBLIC RECORD PERSONAL INFORMATION
Information Sharing
Freedom of Information Act Data Protection ActHuman Rights Act
CaldicottE-Govt E-Govt
(Penny Hill – NE Lincs)
![Page 4: STANDARDS FOR HANDLING PERSONAL INFORMATIONssrg.org.uk/wp-content/uploads/2012/01/2004files/slowles.pdf · WHAT I WANT TO DO • explain the standards, and the acronym HORUS • explain](https://reader038.fdocuments.us/reader038/viewer/2022110110/5a75cb5c7f8b9a93088ca93e/html5/thumbnails/4.jpg)
Governance ofPerson - identifiable Information
“A framework for handling personal information in a confidential and secure manner to appropriate ethical and quality standards in a modern personal care service”
(adapted from NHS)
![Page 5: STANDARDS FOR HANDLING PERSONAL INFORMATIONssrg.org.uk/wp-content/uploads/2012/01/2004files/slowles.pdf · WHAT I WANT TO DO • explain the standards, and the acronym HORUS • explain](https://reader038.fdocuments.us/reader038/viewer/2022110110/5a75cb5c7f8b9a93088ca93e/html5/thumbnails/5.jpg)
Where we have started -Caldicott & The Principles for Sharing Information
Formal justification of purpose
Identifiable information transferredonly when absolutely necessary
Only the minimum required
Need-to-know access controls
All to understand their responsibilities
Comply with and understand the law
![Page 6: STANDARDS FOR HANDLING PERSONAL INFORMATIONssrg.org.uk/wp-content/uploads/2012/01/2004files/slowles.pdf · WHAT I WANT TO DO • explain the standards, and the acronym HORUS • explain](https://reader038.fdocuments.us/reader038/viewer/2022110110/5a75cb5c7f8b9a93088ca93e/html5/thumbnails/6.jpg)
Information Sharing –Lots of (England) examples
Dept. of Constitutional Affairs – all public sector
DfES - IRT policy
DH – social care information policy
Home Office – Crime Reduction
NHS Information Authority - Mental Health
Special areas – sexual health, violent offenders etc.
NHS new Model of Confidentiality & Code
NHS Information Governance model & Toolkit
![Page 7: STANDARDS FOR HANDLING PERSONAL INFORMATIONssrg.org.uk/wp-content/uploads/2012/01/2004files/slowles.pdf · WHAT I WANT TO DO • explain the standards, and the acronym HORUS • explain](https://reader038.fdocuments.us/reader038/viewer/2022110110/5a75cb5c7f8b9a93088ca93e/html5/thumbnails/7.jpg)
Managing Information Sharing is critical …
to work with older people through the Single Assessment Process
to mental health service teamsthrough the CPA
to Children’s Services through ‘IRT’
to the NHS Care Record, through access to the national spine, and through ‘messaging’
… to practitioners and good practice
![Page 8: STANDARDS FOR HANDLING PERSONAL INFORMATIONssrg.org.uk/wp-content/uploads/2012/01/2004files/slowles.pdf · WHAT I WANT TO DO • explain the standards, and the acronym HORUS • explain](https://reader038.fdocuments.us/reader038/viewer/2022110110/5a75cb5c7f8b9a93088ca93e/html5/thumbnails/8.jpg)
BUT HANDLING PERSONAL INFORMATION
IS NOT JUST ABOUT SHARING IT ….
HORUS Standards Model
Holding information securely and confidentiallyObtaining information fairly and efficientlyRecording information accurately and reliablyUsing information effectively and ethically
Sharing information appropriately and lawfully
![Page 9: STANDARDS FOR HANDLING PERSONAL INFORMATIONssrg.org.uk/wp-content/uploads/2012/01/2004files/slowles.pdf · WHAT I WANT TO DO • explain the standards, and the acronym HORUS • explain](https://reader038.fdocuments.us/reader038/viewer/2022110110/5a75cb5c7f8b9a93088ca93e/html5/thumbnails/9.jpg)
IG StandardsDerived from:
Caldicott Report & Caldicott for Social CareConfidentiality & Consent GuidanceData Protection, Human Rights, Freedom of Information Acts & Common LawIM&T Security Manual, BS 7799Records Management & Data Quality Initiatives
ALL OF WHICH, although starting in the NHS,apply equally to local authority personal care services
Hence the work on Toolkits …
![Page 10: STANDARDS FOR HANDLING PERSONAL INFORMATIONssrg.org.uk/wp-content/uploads/2012/01/2004files/slowles.pdf · WHAT I WANT TO DO • explain the standards, and the acronym HORUS • explain](https://reader038.fdocuments.us/reader038/viewer/2022110110/5a75cb5c7f8b9a93088ca93e/html5/thumbnails/10.jpg)
Structure of the toolkit
![Page 11: STANDARDS FOR HANDLING PERSONAL INFORMATIONssrg.org.uk/wp-content/uploads/2012/01/2004files/slowles.pdf · WHAT I WANT TO DO • explain the standards, and the acronym HORUS • explain](https://reader038.fdocuments.us/reader038/viewer/2022110110/5a75cb5c7f8b9a93088ca93e/html5/thumbnails/11.jpg)
HOLDING INFORMATION – example standards
Is there a clear retention/disposal policy?
Are all staff working with personal informationtrained to manage the information they produceand use within their role?
Is all personal data protected through theapplication of robust security measures, toensure its confidentiality, integrity andavailability?
Are records systems designed to ensure that theywill remain accessible, authentic, reliable andusable through any system changes?
Management
People
Processes
Systems
![Page 12: STANDARDS FOR HANDLING PERSONAL INFORMATIONssrg.org.uk/wp-content/uploads/2012/01/2004files/slowles.pdf · WHAT I WANT TO DO • explain the standards, and the acronym HORUS • explain](https://reader038.fdocuments.us/reader038/viewer/2022110110/5a75cb5c7f8b9a93088ca93e/html5/thumbnails/12.jpg)
OBTAINING INFORMATION – example standards
Management
People
Processes
Systems
Are there leaflets explaining ‘informed consent’?
Are staff trained in ‘informed consent’ practices?
Is there a process ensuring that users can getanswers to any detailed questions about ‘consent’that concern them?
Is the gaining of consent built into care processesand are ‘flags’ built into recording systems?
![Page 13: STANDARDS FOR HANDLING PERSONAL INFORMATIONssrg.org.uk/wp-content/uploads/2012/01/2004files/slowles.pdf · WHAT I WANT TO DO • explain the standards, and the acronym HORUS • explain](https://reader038.fdocuments.us/reader038/viewer/2022110110/5a75cb5c7f8b9a93088ca93e/html5/thumbnails/13.jpg)
RECORDING INFORMATION – example standards
Is there one person with lead responsibilityfor data quality?
Is there a training programme for all staffinvolved in collecting or managing personalinformation, including temps, students etc.?
Are data collection and recording practicesMonitored, including sample checks?
Are all entries into personal records attributable?
Management
People
Processes
Systems
![Page 14: STANDARDS FOR HANDLING PERSONAL INFORMATIONssrg.org.uk/wp-content/uploads/2012/01/2004files/slowles.pdf · WHAT I WANT TO DO • explain the standards, and the acronym HORUS • explain](https://reader038.fdocuments.us/reader038/viewer/2022110110/5a75cb5c7f8b9a93088ca93e/html5/thumbnails/14.jpg)
USING INFORMATION – example standards
Is there an appropriately trained person leadingon Freedom of Information policy?
Are all staff aware of/trained in their personal professional responsibilities for record keeping?
Do contracts with service providers specificallydraw attention to policies on the use of personalinformation?
Is there a tracing/tracking system to control themovement & location of records, and to providean auditable record of transactions?
Management
People
Processes
Systems
![Page 15: STANDARDS FOR HANDLING PERSONAL INFORMATIONssrg.org.uk/wp-content/uploads/2012/01/2004files/slowles.pdf · WHAT I WANT TO DO • explain the standards, and the acronym HORUS • explain](https://reader038.fdocuments.us/reader038/viewer/2022110110/5a75cb5c7f8b9a93088ca93e/html5/thumbnails/15.jpg)
SHARING INFORMATION – example standards
Is there an appropriate Caldicott Guardian in post?
Does the Confidentiality Code provide sufficientguidance to staff on the disclosure of personal information?
Are there ‘safe haven’ procedures for sending/receiving documents that contain person-identifiable information?
Are there encryption facilities within systems?
Management
People
Processes
Systems
![Page 16: STANDARDS FOR HANDLING PERSONAL INFORMATIONssrg.org.uk/wp-content/uploads/2012/01/2004files/slowles.pdf · WHAT I WANT TO DO • explain the standards, and the acronym HORUS • explain](https://reader038.fdocuments.us/reader038/viewer/2022110110/5a75cb5c7f8b9a93088ca93e/html5/thumbnails/16.jpg)
SUPPORTING EACH STANDARD …
• guidance and explanation
• the legislative or regulatory framework
• examples
• it will be web-based and hot-linked
AND
• for social care, they are standards, not (yet?) requirements
• we want to provide discussion boards or forums
![Page 17: STANDARDS FOR HANDLING PERSONAL INFORMATIONssrg.org.uk/wp-content/uploads/2012/01/2004files/slowles.pdf · WHAT I WANT TO DO • explain the standards, and the acronym HORUS • explain](https://reader038.fdocuments.us/reader038/viewer/2022110110/5a75cb5c7f8b9a93088ca93e/html5/thumbnails/17.jpg)
I.G. TOOLKIT(NHSIA &
Secondments)
toolkit
Implementation
?Code of Practice
Reference Group• SC CG Reg. Groups
• facilitated by IPU-SC& ADSS IMG
Building links to• other SC CGs
• NHS CGs, & UK CG Forum• practitioner & manager
groups (ADSS)• LG community
• supported byNHSIA
ProjectBoard
• DH IPU• NHSIA• SOCITM• ADSS• DfES• e-SB
DEVELOPING THE S.C.I.G. TOOLKIT
![Page 18: STANDARDS FOR HANDLING PERSONAL INFORMATIONssrg.org.uk/wp-content/uploads/2012/01/2004files/slowles.pdf · WHAT I WANT TO DO • explain the standards, and the acronym HORUS • explain](https://reader038.fdocuments.us/reader038/viewer/2022110110/5a75cb5c7f8b9a93088ca93e/html5/thumbnails/18.jpg)
NHSIA Developing the Toolkit
Phase 1 by November 2003Develop standards Version 1 Acute TrustsPCT’s General PracticeLaunch event/communication plan
Phase 2 through April 2004Develop draft standards in Version 2 Social ServicesOther NHS organisations
![Page 19: STANDARDS FOR HANDLING PERSONAL INFORMATIONssrg.org.uk/wp-content/uploads/2012/01/2004files/slowles.pdf · WHAT I WANT TO DO • explain the standards, and the acronym HORUS • explain](https://reader038.fdocuments.us/reader038/viewer/2022110110/5a75cb5c7f8b9a93088ca93e/html5/thumbnails/19.jpg)
SO WHERE ARE WE NOW?NHSIA with Reference Group (and Project Board)
Examining c. 140 ‘requirements’Adapting guidanceChecking statute, regulations, etc.
TO DO
‘standards’ to validate examplesdiscussion boards and forumsenabling web access for social care workerssubmitting to e-Standards Body or Information Standards Board
![Page 20: STANDARDS FOR HANDLING PERSONAL INFORMATIONssrg.org.uk/wp-content/uploads/2012/01/2004files/slowles.pdf · WHAT I WANT TO DO • explain the standards, and the acronym HORUS • explain](https://reader038.fdocuments.us/reader038/viewer/2022110110/5a75cb5c7f8b9a93088ca93e/html5/thumbnails/20.jpg)
SO WHERE ARE WE NOW? (2)
Reference Group with community
Sharing the message
Gaining support & volunteers
Collecting ‘exemplars’
TO DOplanning for testing and implementationengaging (with Project Board) the wider CSSRcommunity including corporate IM&T managers
AND engaging practitioners – it is about
BEHAVIOUR IN RELATION TO STANDARDS.
![Page 21: STANDARDS FOR HANDLING PERSONAL INFORMATIONssrg.org.uk/wp-content/uploads/2012/01/2004files/slowles.pdf · WHAT I WANT TO DO • explain the standards, and the acronym HORUS • explain](https://reader038.fdocuments.us/reader038/viewer/2022110110/5a75cb5c7f8b9a93088ca93e/html5/thumbnails/21.jpg)
WHO WILL BE USING THE TOOLKIT?
• information governance managers and staff with• Caldicott Guardians
These will be ‘the intermediaries’ –But they will be working locally for implementation with …
• staff and their managers• senior management• IM&T staff within social care• IM&T staff corporately
And possibly regionally & nationally for standards, materials etc. with …
• regional social care Caldicott Groups (& NHS groups?)• the SCIG Project and Reference groups• the new UK Council for Caldicott Guardians
BUT AT THE END OF THE DAY ….
![Page 22: STANDARDS FOR HANDLING PERSONAL INFORMATIONssrg.org.uk/wp-content/uploads/2012/01/2004files/slowles.pdf · WHAT I WANT TO DO • explain the standards, and the acronym HORUS • explain](https://reader038.fdocuments.us/reader038/viewer/2022110110/5a75cb5c7f8b9a93088ca93e/html5/thumbnails/22.jpg)
Generic processes& records
(based on CPA,to be applied to CAMHS)
REFERRAL
SCREENING &ALLOCATION
JOINTASSESSMENTPROCESS
CARE PLANNING
CARE PROVIDED
MONITORING
REVIEW
PUBLIC INFO.
AGGREGATE
DATA
NEEDS ANALYSIS
COMMISS-IONING
SERVICE MAN’T
MONIT-ORING
USERS &CARERS
CORETEAM
NON-COREPROFs
THIS IS WHAT ‘HORUS’ HAS TO SUPPORT - PRACTICE
AGENCYINDEXES
IDENTIFIABLE
DATA
? Children? Parents
? Foster carers? Advocates
? Resid. Staff? Youth Justice
? Police? Ind. sector
? Family aides
? Definition? Social workers?
?Teachers?? Processes
? Which agencies
? What access
REFERRERS
![Page 23: STANDARDS FOR HANDLING PERSONAL INFORMATIONssrg.org.uk/wp-content/uploads/2012/01/2004files/slowles.pdf · WHAT I WANT TO DO • explain the standards, and the acronym HORUS • explain](https://reader038.fdocuments.us/reader038/viewer/2022110110/5a75cb5c7f8b9a93088ca93e/html5/thumbnails/23.jpg)
For further information
www.nhsia.nhs.uk/confidentialitywww.doh.gov.uk/ipu/socialcare/caldicott.htmwww.nhsia.nhs.uk/caldicottwww.adss-img.org.uk
Help Desk:[email protected] 333 0420