INFORMATION GOVERNANCE STRATEGY
Document Type Corporate
Unique Identifier IG-005
Document Purpose
This strategy identifies how the information governance policy will be
delivered
Document Author Rob Neill, Head of Information Governance
Target Audience All Worcestershire Health and Care NHS Trust
Responsible Group Quality and Safety Committee
Date Approved 6 Dec 2013
Expiry Date Dec 2016
This validity of this strategy is only assured when viewed via the Worcestershire Health and Care
NHS Trust website (hacw.nhs.uk.). If this document is printed into hard copy or saved to another
location, its validity must be checked against the unique identifier number on the internet version.
The internet version is the definitive version.
If you would like this document in other languages or formats (i.e. large print), please contact the
Communications Team on 01905 760020 or email [email protected]
Information Governance Strategy v2.0
Page 1 of 8
Version History
Version
Circulation Job Title of Person/Name of Group
Date
circulated to
Brief Summary of Change
0.1
16/03/2012
Information Governance Steering
Group
Approved
1.0
05/12/2013
Head of Information Governance
Remove reference to NHS
Worcestershire, Checked to see
if any new legislation or best
practice has been introduced.
Updated with new Translation
and Interpreting company Capita
2.0
06/12/2013
Information Governance Steering
Group
Worcestershire Health and Care NHS Trust holds a contract with Capita Translation and
Interpreting to handle all interpreting and translation needs. This service is available to all staff in
the Trust via a free-phone number (0800 084 2003). Interpreters and translators are available for
over 150 languages. From this number staff can arrange:

Face to face interpreting;

Instant telephone interpreting;

Document translation, via the Communications Manager and

British Sign Language interpreting.
Please note that where the visit or consultation is likely to be less than 40 minutes in duration
telephone interpreting should be the preferred option. Where a lengthy consultation is expected a
pre booked face-to-face interpreter would be more appropriate.
Information Governance Strategy v2.0
Page 2 of 8
Contents
1. Introduction ................................................................................................................... 4
2. Scope ............................................................................................................................ 4
3. Responsibilities and duties ............................................................................................ 5
4. Training ......................................................................................................................... 6
5. Resources ..................................................................................................................... 6
6. Monitoring Implementation and Performance ................................................................ 6
7. Practice development and service improvement ........................................................... 6
8. Associated documentation ............................................................................................ 7
9. Conclusion .................................................................................................................... 7
10.
Appendix 1: IG Steering Group Membership ............................................................. 8
Information Governance Strategy v2.0
Page 3 of 8
1.
Introduction
This strategy sets out the approach to be taken within Worcestershire Health and Care NHS Trust,
from now on known as ‘the Trust’, to provide a robust Information Governance framework for the
future management of information
Information Governance currently encompasses the following initiatives or work areas:






Information Governance Management
Confidentiality and Data Protection Assurance
Information Security Assurance
Clinical Information Assurance
Corporate Information Assurance
Secondary Use Assurance

Others may be added as Information Governance develops
Information Governance has the following fundamental aims:




To support the provision of high quality care by promoting the effective and appropriate use
of information
To encourage responsible staff to work closely together, preventing duplication of effort and
enabling more efficient use of resources
To develop support arrangements and provide staff with appropriate tools and support to
enable them to discharge their responsibilities to consistently high standards
To enable organisations to understand their own performance and manage improvement in
a systematic and effective way
The Trust has a statutory responsibility to patients and the public to ensure that the services it
provides have effective processes, policies and people in place to deliver its objectives in relation
to holding and using confidential and personal information.
This strategy outlines the approach the Trust will take to ensure that it develops effective
information governance processes throughout the organisation, which will enable the Trust to
deliver its objectives and meet its statutory requirements
This strategy cannot be seen in isolation as information plays a key part in corporate governance,
strategic risk, clinical governance, service planning, performance and business management. The
strategy therefore links into all these aspects of the organisation and should be reflected in these
respective strategies. In addition, the Board should consider Information Governance as a
significant risk within the Assurance Framework. The implementation of this strategy will
undoubtedly reduce the level of this current risk.
2.
Scope
There key component underpinning this strategy is:

The Trust Information Governance Policy, which outlines the objectives for information
governance
Information Governance Strategy v2.0
Page 4 of 8
The ultimate responsibility for Information Governance in the Trust lies with the Board. The
Information Governance Steering Group has delegated authority from the Board to discharge its
functions in this respect. The Information Governance Steering Group is accountable through the
Quality and Safety Committee to the Board
The Information Governance Steering Group has overall responsibility for overseeing the
development and implementation of this strategy, the Information Governance policy and the
information governance action plans. These will be subject to a periodic review and progress
reports to the Board.
A key function of the Information Governance Steering Group will be to monitor and review
untoward occurrences and incidents relating to Information Governance and ensure that effective
remedial and preventative action is taken
The membership of the Information Governance steering Group is included in Appendix 1.
3.
Responsibilities and duties
The Trust Board is responsible for defining the Trust’s policy in respect of information governance,
taking into account legal and NHS requirements. The Board will be informed and assured that the
Trust is meeting all national and local information governance objectives via reports to the Quality
and Safety Committee. The Trust Board will also be informed and assured directly by the Company
Secretary. The Board is responsible for ensuring that sufficient resources are provided to support
the requirements of the strategy. The Board shall be informed by the Company Secretary of any
local or national information governance issues that may affect this strategy.
The Chief Executive as Accountable Officer has overall accountability and responsibility for
information governance in the Trust and is required to provide assurance, through the Statement of
Internal Control that all risks to the Trust, including those relating to information governance, are
effectively managed and mitigated. The Chief Executive has delegated responsibility for
information governance to the Company Secretary.
The Director of Finance is the Senior Information Risk Officer (SIRO) and understands how the
strategic business goals of the Trust may be impacted by information risks. The SIRO acts as an
advocate for information risk on the Board and in internal discussions provides written advice to the
Accounting Officer on the content of their annual Statement of Internal Control (SIC) in regard to
information risk.
The SIRO is supported by the Caldicott Guardian, the Company Secretary, the Head of Information
Governance and the Head of Information Technology.
The Medical Director is the Caldicott Guardian and is responsible for protecting the confidentiality
of patient and service-user information and enabling appropriate information-sharing. The Head of
Information Governance is the Delegated Authority for the Caldicott Guardian. Caldicott issues are
discussed at the Trust’s Records Management Group as a standing agenda item and as part of the
overall Caldicott function.
The Head of Information Governance shall ensure that a framework is in place so that the
information governance agenda is appropriately resourced and that staff are adequately skilled and
Information Governance Strategy v2.0
Page 5 of 8
experienced. The Head of Information Governance shall ensure that the necessary information
governance reporting and monitoring procedures are in place.
The Head of Information Governance is responsible for overseeing day to day information
governance issues; developing and maintaining policies, standards, procedures and guidance. The
Head of Information Governance is supported by two Information Governance Officers.
The Information Governance Steering Group is responsible for raising awareness and coordinating
information governance across the Trust.
All Managers within the Trust are responsible for ensuring that the policy and supporting standards
and guidelines are built into local processes to ensure on-going compliance.
All staff, whether permanent, temporary or contracted, and contractors are responsible for ensuring
that they are aware of the requirements incumbent upon them and for ensuring that they comply
with these on a day to day basis.
4.
Training
Fundamental to the success of delivering the Information Governance Strategy is developing an
information governance culture within the Trust. Mandatory training is provided to all Trust staff,
and it is particularly important that those staff that use patient information in their day to day work
promote this culture.
5.
Resources
Any associated resource implications incurred by the implementation of the Information
Governance policy will be identified by the Information Governance Steering Group. Business
cases will then be developed and submitted to the Board for approval.
6.
Monitoring Implementation and Performance
Performance will be monitored by the Information Governance Steering Group and submitted to
the Department of Health via the online Information Governance Toolkit on an annual basis.
7.
Practice development and service improvement
The Trust is committed to ensuring its workforce is confident, competent and capable. To support
this it develops a yearly training prospectus which describes the courses on offer, at whom they
are aimed, how often they need to be updated and how to make a booking. The training
prospectus can be accessed via the Intranet and internet.
If a person is registered to attend a course and does not attend their line manager will be notified of
the non-attendance. It is the responsibility of the line manager to ensure staff attend appropriate
statutory, mandatory and essential training.
Information Governance Strategy v2.0
Page 6 of 8
8.
Associated documentation
Trust related Policies and Procedures:



















Information Governance Policy
Data Protection Policy
Freedom of Information Policy
Freedom of Information Publication Scheme
Records Management Policy
Records Management Strategy
Clinical Record Keeping Guidelines
Code of Conduct for Employees in Respect of Confidentiality
Safe Haven Procedure
Guidance for Staff on Access to Health Records
Off-site Archiving Procedure
Confidentiality Agreement for Contractors and Third Parties
Guidance on Reporting IG Related Incidents
General Protocol for Inter-Agency Information Sharing within Worcestershire – Health and
Social Care Services
Communications Policy and Strategy
WHICTS Information Security Policy
WHICTS E-mail and Internet Policy
WHICTS Mobile Computing Guidelines
WHICTS User Responsibility Statement
Legal Acts










9.
Data Protection Act 1998
Human Rights Act 1998
Freedom of Information 2000
Access to Health Records Act 1990
Computer Misuse Act 1990
Copyright, designs and patents Act 1988 (as amended by the Copyright Computer
programs regulations 1992)
Crime and Disorder Act 1998
Electronic Communications Act 2000
Regulation of Investigatory Powers Act 2000
Mental Capacity Act 2005
Conclusion
The implementation of the Information Governance strategy and policy will ensure that information
is more effectively managed in the Trust. The Strategy and Policy will be reviewed every 3 years
and an action plan developed, against the Information Governance Toolkit, to identify key areas for
continuous improvement.
Information Governance Strategy v2.0
Page 7 of 8
10.
Appendix 1: IG Steering Group Membership
The core membership of the Information Governance Steering Group will be:














*Company Secretary (Chair)
*Medical Director (Caldicott Guardian)
*Director of Finance (Senior Information Risk Owner, SIRO)
Head of Information Governance (Data Protection and FOI Lead)
Information Governance Officer (Secretary)
Registration Authority Coordinator (Secretary)
Medical Records Manager (Mental Health Services)
Medical Records Manager (Community Hospitals)
Head of Information Technology or their representative
Head of Contracting and Information or their representative
WHICTS Information Security Officer
Quality Governance Manager or their representative
Representatives from Service Delivery Units
Representative from Worcs County Council Adult Services and Health
Other officers will be invited as appropriate and representation will be discussed and established
as the organisational structures evolve.
*Denotes membership of Trust Board
Information Governance Strategy v2.0
Page 8 of 8