Information Governance policies

Our information governance policies set out how we handle information, in particular personal and sensitive data.

Confidentiality and Data Protection Policy

This policy relates to the processing of personal information and to the management of personal information about staff, patients/service users. The CCG is required by law to comply with the Data Protection Act 1998, which is concerned with the lawful processing of information relating to living individuals. To comply with the law staff or others who process personal information must ensure they follow the Data Protection Principles and the Caldicott Principles. The obligation to keep information confidential arises out of the common law duty of confidentiality, professional obligations and staff/third party contracts. The NHS code of Practice: Confidentiality provides guidance to the NHS and related organisations. These duties and obligations mean that all staff with access to confidential personal information must keep that information safe and secure.

Data Quality policy

This policy is designed to ensure that the importance of data quality within the CCGs is disseminated to all staff. It will describe the meaning of data quality, who is responsible for its maintenance and how it can continue to improve in the future. Although this policy relates to patient/service user data and information, the principles included are applicable to any other data/information staff may encounter i.e. recording of minutes, etc.

Information Access policy

This policy relates to all information and records held by or on behalf of the CCGs whether computerised, paper or any other permanent storage media, including photographic, video and voice recordings and is supported by appropriate procedures to assist staff in complying with the CCGs statutory obligations. This policy will be available on the internet in line with the Guide to Information.

Information Governance and Information Risk policy

This policy relates to information governance and information risk management as a vital asset, both in terms of the management of health and social care for individual patients/service users and the efficient management of services and resources. It plays a key part in governance, service planning and performance management. Information risk management is an essential component of information governance and is an integral part of good management practice. The intent is to embed information risk management in a practical way into business processes and functions.

Information Security policy

This policy document sets out the detailed procedures, rules and standards governing information security that all users of the CCG’s information systems must comply with. This policy document states the CCG’s commitment to information security and sets out the CCG’s overall approach to managing information security.

Records Management Policy and Strategy

This policy sets out the principles of records management for the CCG. It provides a framework for the consistent and effective management of records that is standards based and fully integrated with other information governance initiatives within the CCG. Records management is necessary to support the business of the CCG and to meet its obligations in terms of legislation and national guidelines.