Information Governance - Introduction
Information Governance is the way in which the NHS handles all of its information, in particular personal and sensitive information. Information Governance provides a framework which ensures that individual’s information rights are respected and their personal information is recorded and used appropriately, legally, securely and accurately. There are many, often complex laws and governing codes of confidentiality and the way personal information may be used which the NHS must adhere to including:
Data Protection Act 1998
- The Common Law of Confidentiality
Confidentiality: NHS Code of Practice
Information Security Management: NHS Code of Practice
Records Management: NHS Code of Practice
Freedom of Information Act 2000
The protection of personal information is a key priority for the Somerset CCG and we take every care that it is not passed to persons not entitled to see it. The penalties for breaching data protection and associated laws can be significant:
Organisations can be fined up to £500,000 for each breach or subject to other sanctions
Individuals responsible for breaches may be subject to disciplinary action that can result in dismissal
There is more detailed information available about how the CCG manages Freedom of Information and Data Protection and all the policies and procedures that relate to Information Governance.
Somerset CCG has an Information Sharing Protocol which it has put in place with other local organisations to ensure that information is shared in a safe and consistent way.
The Somerset CCG has a duty to ensure the protection of data held on staff. This will not be routinely released without consent although some data is shared with Government Departments to monitor possible fraud. It is the responsibility of managers to ensure data held on staff is accurate and up to date and only held for the purpose intended. Staff should ensure they have made themselves aware of the Information Governance policies and procedures and can more information in the staff leaflet - “What you should know about Data Protection Act 1998”.
Privacy Notice – A Privacy Notice/Fair Processing Notice is a written statement that individuals are given when information is collected about them. As a minimum, a privacy notice should tell people who we are, what we are going to do with their information and who it will be shared with.
Your Information: What You Need to Know – This leaflet explain why information is collated about you and the ways in which this information may be used by the Somerset CCG.
If you would like to know more about how your personal information is used, stored and shared, please contact the Information Governance Team. Under the Data Protection Act 1998 you have the right to view the personal information held about you and an application form is available from the Information Governance Team by email via firstname.lastname@example.org or in writing to the address below:
Information Governance Team
Somerset BA22 8HR
All requests may be subject to an administration fee and no information will be released without consent of the data subject, or that of an authorised representative unless we are legally obliged to do so. In special circumstances the law allows us not show you your information, such as if we consider it harmful to you or another person’s physical and/or mental wellbeing.
If you wish to view or have copies of your hospital records, you will need to contact the Medical Records Department at the appropriate hospital.
If you wish to view or have copies of your GP medical records, please contact the Practice Manager at your GP practice.
Key roles within the Somerset CCG:
Data Protection Officer: TBC
Caldicott Guardian: Sandra Corry, Director of Quality and Safety
Senior Information Risk Officer: Paul Goodwin, Deputy Managing Director and Director of Commissioning and Governance
Information Governance Manager: Peter Osborne, Corporate Governance Manager
Information Governance Lead: Kevin Caldwell, Information Governance Officer