Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

Caldicott - Acute Trusts Knowledge base - Get Now DOC by HC1211061319


									        Information Governance Management- Primary Care Trusts

                                   Requirement 112

    Do the PCT's staff induction procedures effectively raise the awareness of
                            Information Governance?

To maintain its information handling standards throughout the organisation,
the PCT must ensure that all new staff are provided with clear guidelines on
their own obligations for confidentiality, data protection and information

Staff induction – awareness training

Every organisation must comply with all aspects of the law that concern the
processing of personal data. This includes legislation (Acts of Parliament),
regulations, common law duties and professional codes of practice.

It is vitally important that new staff are made aware of the relevant requirements and
in particular given clear guidelines about their own individual responsibilities for
maintenance of Information Governance. Particular emphasis should be placed on
how the requirements affect their day to day work practices.

At a minimum, induction training should include:
      o The duty of confidentiality
      o Sanctions for breach of the duty of confidentiality
      o Keeping personal information private, e.g. avoiding gossip and
         inappropriate venues for discussion of patient care
      o The use of security measures to ensure information is not inappropriately
         disclosed, e.g. closed doors, locked cupboards, password management, etc
      o The frameworks in place to allow appropriate disclosure
      o Dealing with subject access requests
      o Freedom of Information responsibilities
      o The importance of accurate information capture
      o Pointers to where PCT policies, procedures and further information are

Improvement plans

   Level 1
    Key messages about Information Governance should be included in induction

   Level 2
    Induction procedures should be tailored to staff work areas and linked to role and
    responsibilities. In addition, to staff in substantive roles, the awareness training
    should be made available to locum, temporary and student members of staff

                                      Page 1 of 3
   Level 3
    The induction processes and materials should be evaluated to check that they
    are adequate, effective and provide sufficient grounding in Information
    Governance. If they show any deficiencies, steps must be taken to rectify these.

Requirement checklist

IGM_PCT_112_V5_Checklist 07-04-19.doc

Key Guidance Document(s):

NHS CFH 'What you should know about Information Governance' Booklet

Information Governance Training Materials
The NHS Connecting for Health Information Governance Policy Team have produced
IG training materials. These are in a structured syllabus for a variety of IG related
roles and some general basic materials for all staff. There is a combination of audio
role play scenarios, presentations with and without a voice over tutor. The
presentation modules include assessments from which users can attain certificates of
achievement. Some of these materials can be used for inductions and annual
updates without necessarily asking staff to leave their work stations to attend training
sessions. They can work through the materials in their own allocated time and at
their own pace. Look out for these materials online through the The NHS CFH IG
Policy website .

BS ISO/IEC 17799:2005 and BS ISO/IEC 27001: 2005 BS7799-2:2005
Note that only NHS Information Governance Toolkit (IGT) administrators may
download a copy of the standards for their organisation. The administrator
must be logged on to download the standards.

DH: Confidentiality NHS Code of Practice
The Code is a guide to required practice for those who work within or under contract
to NHS organisations concerning confidentiality and patients' consent to use their
health records.

DH: Records Management NHS Code of Practice
The Code is a guide to the required standards of practice in the management of
records for those who work within or under contract to NHS organisations in England.
It is based on current legal requirements and professional best practice. The
guidance applies to all NHS records and contains details of the recommended
minimum retention period for each record type. HSC 1999/053 has now been

DH: Information Security NHS Code of Practice
The code is a guide to the methods and required standards of practice in the
management of information security for those who work within or under contract to,
or in business partnership with NHS organisations in England. It is based on current
legal requirements, relevant standards and professional best practice and replaces
HSG 1996/15 – NHS Information Management and Technology Security Manual.

                                      Page 2 of 3
Exemplar materials

The following are not model publications but examples of real documents in
use by Organisations that represent elements of good practice. They have
been made available for Organisations to adapt, use and improve on as they
see fit.

Nottingham: Confidentiality poster

Nottingham: Staff ID Cards poster

Nottingham: Office Security poster

East Surrey – What does the DPA do? Induction presentation
Information Governance PowerPoint Presentation for Management

Induction Training Scenarios and Answers

Surrey HIS Data Protection and Caldicott Quick Reference March 06 Staff
pocket guide book

Surrey HIS Staff Guidance Cards (phone;transporting;mail;fax)March 06 A5
Posters for staff

Three Part Staff Handbook Summarising the Department of Health’s ‘Records
Management NHS Code of Practice’. Produced by Surrey and Sussex HIS:
Surrey HIS & Sussex HIS Records Management Explained Introduction (Part 1)

Surrey HIS & Sussex HIS Records Management Explained Legal Obligations
(Part2) 2007

Surrey HIS & Sussex HIS Records Management Explained Retention Schedules
(Part3) 2007

Further reading:

Effective Security Awareness Reports, case-studies and advice from security
awareness workshops held in 2001

                                    Page 3 of 3

To top