How are we doing?
How are we doing?
Information Governance
Information Governance is about the way the NHS handles information about patients / clients and employees; in particular personal and sensitive information.
- It allows NHS organisations and individuals to ensure that personal information is dealt with legally, securely, efficiently and effectively in order to deliver the best possible care.
- It provides a framework to bring together all of the legal requirements, Department of Health standards and best practice that apply to the handling of personal information.
The standards and requirements which currently fall under Information
Governance are:
• Information Governance Management
• Confidentiality and Data Protection Assurance
• Information Security Assurance
• Clinical Information Assurance
• SUS – Secondary User Assurance
• Corporate Information Assurance
How We Are Monitored:
Governance are:
• Information Governance Management
• Confidentiality and Data Protection Assurance
• Information Security Assurance
• Clinical Information Assurance
• SUS – Secondary User Assurance
• Corporate Information Assurance
How We Are Monitored:
The Information Governance Toolkit (IGT) is a self-assessment audit tool provided by the Department of Health - Connecting for Health. All of the initiatives within the toolkit are mapped to a Department of Health information-handling model called HORUS. This identifies the PCT’s performance in relation to the following actions which may be taken with patient / personal information.
• Held securely and confidentially
• Obtained fairly and lawfully
• Recorded accurately and reliably
• Used effectively and ethically
• Shared appropriately and lawfully
To view our performance against the IGT requirements, you can access the results from previous years submissions, on the NHS Connecting for Health website.
Central and Eastern Cheshire PCT has developed a number of policies relating to Information Governance, these include; Freedom of Information, Records Management, Information Security, Data Protection, and Confidentiality Code of Practice. These can be requested via the Policies and Procedures section of our website, found under the About Us section.
For more information about Information Governance in the NHS, please view the NHS Connecting For Health Website.
Data Protection Act 1998:
Central and Eastern Cheshire PCT is a Data Controller under the Data Protection Act 1998. To view our annual notification of processing of personal data, please visit the website of the Information Commissioner’s Office.
Senior Information Risk Owner – SIRO
Each NHS organisation is required to establish the role of a Senior Information Risk Owner (SIRO). This role has to be an Executive Director, Chief Information Officer (CIO) or Senior Manager member of the PCT Board. The SIRO may also be the Chief Information Officer (CIO) if the latter is on the Board.
The SIRO is expected to understand how the strategic business goals of the PCT may be impacted by information risks.
The SIRO acts as an advocate for information risk on the Board and in internal discussions, and provides written advice to the Accountable Officer on the content of their annual Statement of Internal Control (SIC) in regard to information risk.
The SIRO for our PCT is Fiona Field – Director of Governance and Strategic Planning.
Caldicott Guardian
A Caldicott Guardian is a senior person responsible for protecting the confidentiality of patient and service-user information and enabling appropriate information-sharing. The Guardian plays a key role in ensuring that the NHS, Councils with Social Sevices responsibilities and partner organisations satisfy the highest practicable standards for handling patient identifiable information.
The Caldicott Guardian for our PCT is Heather Pope – Head of Dental Services.
For more information on the role and requirements of Caldicott Guardians in the NHS, please visit the Department of Health Website.
