Information governance

Question 1

What is the definition of information governance?

Answer 1

It is the way in which the NHS handles all of its information, in particular personal and sensitive information relating to patients and employees

It provides a framework to ensure that personal information is dealt with in legally, securely, efficiently and effectively in order to deliver the best possible care

Question 2

What are the 4 key pieces of legislation govern the handling and protection of data in the NHS?

Answer 2

1. Health and social care act
2. GDPR (DPA 2018)
3. Common law- Duty of confidentiality
4. Freedom of Information act

Question 3

What 4 key changes did the health and social care act implement?

Answer 3

1. Creation of the CQC
2. Legal requirement of duty of candour
3. Creation of CCGs
4. Legal requirement to reduce health inequalities for the people of England

Question 4

What is purpose of GDPR?

Answer 4

Defines standardised data protection laws for all members of countries across the European Union and provides rules for handling information about people and protects people’s right to privacy.

It is a REGULATION not a DIRECTIVE. Meaning it is binding and applicable!

Question 5

What are the 7 principles of GDPR?

Answer 5

LPDASIA

1. Lawful, fair and transparent
2. Purpose limitation
3. Data minimisation
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality
7. Accountability

Question 6

What are the differences between the DPA 1998 and GDPR?

Answer 6

1. No principle for ‘individual rights’. Now covered in chapter 3
2. No principles for international transfer. Now covered in chapter 5
3. New accountability principle

Question 7

What is pseudoanonymisaiton?

Answer 7

A security measure involving the removal of personally identifiable information in a digital record and replacing this with a unique code

Question 8

What is anonymisation?

Answer 8

A security measure involving the removal of all directly and indirectly identifiable data.

Directly identifiable data- e.g. Name, address, postcode, photo etc…

Indirectly identifiable data- e.g. Information that can be linked with other sources of information to identify an individual e.g. where you work, job title, salary etc…

Question 9

What is GDPR’s stance on pseudoanonymised data?

Answer 9

Pseudoanonymisation is only a security measure and personal data remains personal data within the scope of GDPR

Question 10

What is the common law duty of confidentiality?

Answer 10

Outlines a legal duty to keep information from patients/service users confidential. Confidential information can only be disclosed with patient’s consent.

Question 11

What types of media are covered by the duty of confidentiality?

Answer 11

1. Paper
2. Computer records
3. Audio/video recordings

Question 12

What are the circumstances where the disclosure of confidential information is lawful?

Answer 12

1. Where individuals have consented?
2. Where disclosure is necessary for safeguarding or in the public interest
3. Where there is a legal duty to do so e.g. a court order

Question 13

What is the purpose of the Freedom of Information act?

Answer 13

To provide the public access to information held by public authorities (remove unnecessary secrecy)

Question 14

How does the FOI remove unnecessary secrecy?

Answer 14

1. Provides an obligation of public authorities to publish certain information about their activities e.g. policies, procedures, minutes of meetings e.t.c.
2. Members of the public organisations are obliged to respond to information requests from the public
   e. g. how long do patients wait in A&E before being seen by a clinician at your hospital?

Question 15

What does the FOI not give individuals the right to?

Answer 15

Does not give individuals the right to access their own personal data e.g. health records

This should be handled via a subject access request under GDPR

Question 16

What are they Caldicott principles?

Answer 16

The Caldicott principles are essential for upholding patient confidentiality. There are 7 principles that everyone who works in health and social care should honour and act in accordance with them

Question 17

What are the 7 Caldicott principles?

Answer 17

JAMAECD

1. Justify the purpose
2. Only use when absolutely necessary
3. Only use the minimum required
4. Access should be on a need to know basis
5. Everyone aware of their responsibilities
6. Comply with the law
7. The duty to share is as important as the duty to protect