One of the NHS Information Governance (IG) toolkit requirements is that there are designated individuals responsible for the various elements of Information Governance management. Ideally, a health or social care organisation should have a named individual or a number of named individuals who take(s) responsibility for the following IG areas:
– Information Governance in its entirety
– Acts as a Caldicott Guardian
– Data protection
A structure chart should be in place at each health or social care organisation, which depicts who is responsible for each of these areas. It is also helpful to have a communication flow chart too, which depicts how information about information governance issues flows between the named ‘leads’ and the rest of the staff group.
It is all very well and good to allocate an individual to a particular IG risk area, but what exactly does it mean to be a ‘named individual responsible for Risk’, or to be ‘the nominated individual who looks after confidentiality issues’?
Well, in the broadest possible sense, an individual responsible for an area of information governance takes the lead in ensuring the following:
– That all employees have received the appropriate level of training on their designated area of IG compliance; i.e. risk, security, data protection, etc.
– That there are procedures and policies in place that outline clearly to staff what they need to do to ensure that they comply with all IG standards.
– That staff compliance with these procedures and policies is audited and monitored routinely throughout the year.
– That all staff have a training plan in place that reflects their needs for IG training.
– That documentation and operational procedures are updated routinely, in line with national and best practice guidance.
– That patients and carers or other service users are made aware of the IG procedures in place throughout the organisation, thereby ensuring that they are confident in the way that their own personal information is handled.
– That any breaches in confidentiality, information sharing protocols, risk avoidance or data protection are investigated thoroughly, and that lessons are learnt from these breaches.
– That information governance is highlighted as an area of importance throughout the organisation, and that staff are made aware of updates in the world of IG in general.
In addition, the overarching individual responsible for Information Governance should ensure that an IG group is formed and that this group meets routinely, with formal agendas set and minutes from each group taken.