Throughout the 1970’s information was largely limited to paper-based files, other media and records. With the proliferation of information technology starting in the 1970’s, Information Governance took on a new light, and also began to include the field of data maintenance. No longer was Information Governance simple job that could be performed by almost anyone. An understanding of the technology involved, and the theory behind it became necessary.
By the late 1990’s electronic information became vitally important and needed to be protected by ensuring the design and usage of electronic information was planned and structured. This led to the requirements of an appointed person to manage the practices information resources.
What does information Governance Cover?
Information Governance measures have been developed to ensure practices follow best practice standards in respect of information management and security. Information Governance measures include policy, procedures and protocols for the collection, storage, management and distribution of information to one or more audiences.
It is important that dental practices can demonstrate a consistent approach to information handling, which meets legal requirements, practice policy, contractual terms and conditions and best practice guidance. It requires one or more members of staff are assigned clear responsibility for first-line management of the practices Information Governance Policy and for the implementation of continuous improvement. Information Governance covers:
- Planning;
- Security;
- Structure;
- Storage;
- Controlling;
- Processing;
- Evaluating.
Information governance activities in meet objectives and enable practice function. The standards and legal rules that apply to information handling include:
- Information Governance Procedures;
- Record Keeping Guidelines;
- Data Protection;
- Internet and email usage;
- Communication, computer and Internet emergency planning and business continuity privacy confidentiality record management;
- Emergency business continuity response arrangements.
Appointing an IG Lead
The senior management should specify the responsibilities of the IG Lead and decide whether these can be met by one member of staff or whether the responsibilities should be shared between groups of staff. For practices with multiple premises there may be a need to appoint an overall lead with other staff supporting at the premises level. Those appointed should have sufficient seniority and authority to ensure that any necessary changes in information handling within the practice can be implemented and enforced.
Ensuring confidentiality is already a key part of the clinical governance requirements in most contractual frameworks. IG responsibilities can be combined with other similar responsibilities, e.g. where there is a contractual framework requirement for a practice to have an identifiable clinical governance lead, this individual might also act as the IG Lead.
- There should be written assignment of IG Lead responsibility. This could be through adding this to staff job descriptions or simply a written note explaining the position.
- The IG Lead should also have access to sufficient support to do their job and if s/he is not a dentist, or a senior manager, they will need access to such a person for support with queries.
- The IG lead is not required to carry out all the work necessary to meet the NHS IG requirements, but should be able to supervise and direct the work of others where necessary.
Key responsibilities of an Information Governance Lead
- Ensure there is an up to date IG policy in place;
- Ensure that the practice’s approach to information handling is communicated to all staff and made available to the public;
- Coordinate the activities of staff given data protection, confidentiality and Freedom of Information responsibilities;
- Monitor the practice’s information handling activities to ensure compliance with law and guidance;
- Ensure staff are sufficiently trained to support their role;
- Ensure that the practice submits their annual IG Toolkit Assessment;
- Support monitoring visits from authoritative bodies
These duties are to be performed within the context of the following practice polices and staff guidance:
- Access Control;
- Confidentiality code of conduct;
- Information handling;
- Postal services;
- Portable devises;
- Email;
- Transporting;
- Secure use of personal data;
- Use of computer systems;
- Incident management;
- Lost or misled paper records;
- Reportable incidents;
- Significant events analysis.