Information Governance

What is Information Governance?

Information Governance sits alongside other corporate governance initiatives, it is to do with the way organisations process or handle information. It covers personal information, relating to patients/service users and employees, and corporate information,
e.g. financial and accounting records.

Information Governance allows organisations and individuals to ensure that personal information is handled legally, securely, efficiently and effectively, in order to deliver the best possible care. It additionally enables organisations to put in place procedures and processes for their corporate information that support the efficient location and retrieval of corporate records where and when needed, in particular to meet requests for information and assist compliance with Corporate Governance standards.

Information Governance provides a framework to bring together all the legal rules, guidance and best practice that apply to the handling of information, allowing:

  • implementation of central advice and guidance;
  • compliance with the law;
  • year on year improvements.

At its heart, Information Governance is about setting a high standard for the handling of information and giving staff the tools to achieve that standard. The ultimate aim is to demonstrate that an organisation can be trusted to maintain the confidentiality and security of personal information by helping individuals to practice good information governance and be consistent in the way they handle personal and corporate information and avoid duplication of effort, leading to improvements in:

  • information handling activities;
  • patient and service user confidence in care providers;
  • employee training and development.

What are the standards and requirements that make up Information Governance?

Information Governance provides a consistent way for employees to deal with the many different standards and legal rules that apply to information handling, including:

  • The Data Protection Act 2018.
  • The common law duty of confidence.
  • The Confidentiality NHS Code of Practice.
  • The NHS Care Record Guarantee for England.
  • The Social Care Record Guarantee for England.
  • The international information security standard: ISO/IEC 27002: 2005.
  • The Information Security NHS Code of Practice.
  • The Records Management NHS Code of Practice.
  • The Freedom of Information Act 2000.

The Department of Health has developed sets of information governance requirements, which enable NHS and partner organisations to measure their compliance with the information handling standards and legal rules. The requirements cover all aspects of information governance including:

  • data protection and confidentiality;
  • information security;
  • information quality;
  • health / care records management;
  • corporate information.

Information Governance can help improve patient/service user care

Information Governance can help to improve the care and services that patients and service users receive by:

Improving the quality of information – accurate and complete patient/service user information means

  • care professionals will be able to rely on the information to make decisions about care, treatment and services;
  • care professionals will be able to rely on the information to communicate effectively with other professionals involved in providing services for the patient/service user;
  • patients and service users will receive the most appropriate treatment or care in a timely manner;
  • the risks posed by duplicate records will be minimised;

Improving the security of patient/service user information - using robust security processes, controls and management means

  • that the confidentiality of patient/service user information will be maintained;
  • patients/service users will have increased confidence in the care organisation’s ability to manage their information securely and are therefore more likely to provide accurate, up-to-date information which ultimately improves the quality of care and services they receive.

Communications Strategy

The Trust recognises that effective communications and patient and public involvement are vital in the Trust’s efforts to meet these objectives successfully. Additionally, the Trust recognises that to create real partnerships with patients, their families and carers there has to be real involvement of people so they can genuinely influence decisions made about their care, the services provided and the way the organisation works.

Real involvement must be built on a foundation of good communication, ensuring that everyone can get involved in their own care and the work of the Trust. Our Trust needs to listen to patients, their families and carers and needs to communicate with them about their care in a clear and accessible way.

'Our Communications and Patient & Public Involvement Strategy' outlines the overarching communications and involvement strategy for Somerset Partnership NHS Foundation Trust and articulates how corporate communications and patient and public involvement will work to support the Trust in delivering its key strategic objectives. It unites and supersedes the previous PPI and Communication Strategies that were ratified in 2013.