Facilitator Handbook 2005 - PRIMIS
Facilitator Handbook 2005 - PRIMIS
Facilitator Handbook 2005 - PRIMIS
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Information Governance<br />
<strong>PRIMIS</strong> <strong>Facilitator</strong> <strong>Handbook</strong><br />
Information Governance<br />
Background<br />
Information Governance is a broad-based approach to looking at all aspects of how<br />
information is processed by NHS organisations – how it is Held, Obtained, Recorded, Used<br />
and Shared (HORUS). And just like other governance initiatives, e.g. research, corporate and<br />
clinical governance, information governance is about setting standards – standards for<br />
handling information in a confidential and secure manner. These standards are derived from<br />
law, policy and agreed best practice, such as:<br />
• the Common Law Duty of Confidence<br />
• the Data Protection Act 1998<br />
• the Freedom of Information Act 2000<br />
• the NHS Code of Conduct for Confidentiality<br />
• the Caldicott Report 1997<br />
• Information Security Management – BS7799<br />
• records management – HSC 1999/053<br />
• a strategy for information quality assurance<br />
Broadly speaking, information governance can be divided into five main components:<br />
confidentiality and consent<br />
data protection<br />
IM&T security<br />
records management<br />
information quality assurance<br />
Confidentiality and Consent<br />
Under the common law duty of confidence, patient information is generally held under legal<br />
and ethical obligations of confidentiality. Information provided in confidence should not be used<br />
or disclosed in a form that might identify a patient without his or her consent. There are a<br />
number of important exceptions, but these obligations apply in most circumstances.<br />
Data Protection<br />
The Data Protection Act 1998 is built around a set of enforceable principles. These are<br />
intended to protect personal privacy, to encourage good practice in the handling of personal<br />
information, and to give individuals a right of access to information about themselves, for<br />
example to their own health or financial records. The Data Protection Act applies to all bodies<br />
that process personal information, not only to public authorities.<br />
<strong>PRIMIS</strong> 55