Information Governance
Standards module
v4.1
Information is a vital asset, both in terms of the management of individuals and in the efficient organisation of services and resources. Information governance (IG) provides a framework that ensures personal and sensitive information relating to service users, carers and employees is dealt with legally, securely, efficiently and effectively, in order to deliver the best possible care.
For more information, get in touch with the TQ team
Key outcomes
- Organisations will recognise and be able to articulate the need for a clearly formulated balance between openness and confidentiality in the management and use of information
- Everyone involved in service delivery will be aware of their responsibilities to ensure and promote quality of information and will seek to actively use it in decisionmaking processes
- Information sharing between professionals and across organisational boundaries will be improved, in a controlled manner consistent with the interests of the service user
Audit process
The Audit Process will seek robust evidence that the key outcomes have been met.
As a minimum, TEC Quality certified organisations must:
- Demonstrate an understanding and application of processes supporting the three most crucial components of information security: Confidentiality, Integrity and Availability (CIA).
- Demonstrate awareness of and compliance with relevant legislation, regulatory guidance and best practice in relation to information governance.
- Have a UK GDPR policy, which also includes data retention.
- Have standardised systems for the inputting, checking and maintenance of accurate and up-to-date customer/user information, which shall be checked at least annually.
- Have mechanisms in place that ensure customers, service users and carers know how their information will be used.
- Have written procedures which enable customers, service users and carers to access their personal information.
- Have data sharing agreements with key partners in place to ensure that people can receive proportional support without duplication.
- Provide evidence that data protection breaches are reported via defined processes and that opportunities for learning are identified and shared to minimise the risk of them reoccurring.
- Provide evidence that Data Privacy Impact Assessments* (DPIA's) are considered and when undertaken are in line with the ICO’s ‘privacy by design’ approach.
- Have written procedures to manage the use of social media.
- Provide evidence that all staff understand their roles and responsibilities in relation to information governance.
- Have written procedures in place to ensure system access and data security are maintained e.g. password access protections, anti-virus and anti-malware software, secure sending of emails, secure encryption of electronic removable media and portable computing devices and transport/storage of paper records.
- Provide evidence that the physical security of IT assets and information is maintained to recognised industry standards and follows vendors recommended processes.
- Provide evidence that secure storage of and access to paper records is in place.
- Be able to demonstrate compliance with Cyber Essentials (self-certificated) as a minimum.
*DPIA is a process which helps assess privacy risks to individuals in the collection, use and disclosure of personal information.
Evidence might include
- Data Protection and Confidentiality Policy
- Freedom of Information Policy
- Incident Reporting Policy
- Consent Policy
- Whistleblowing Policy
- Staff training records
- Information quality and records management audits
- Information Sharing Policy
- Information Asset Owners in place
For organisations providing clinical services:
- Information Governance Statement of Compliance (IGSoC) minimum level 2
- Named Caldicott Guardian
“Technology Enabled Care Services (TECS) have a key role to play in maintaining independence and protecting people from harm. They should complement traditional support and not replace human contact. It is essential that services should be tailored to the individual and that when considering appropriate telecare/telehealth, the risks of the person coming to harm should be balanced against their right to autonomy.”
Madeleine Starr, MBE, Carers UK
Interested in QSF? We’re here to help!
10482
Suite 8, Wilmslow House, Grove Way, Wilmslow, Cheshire, SK9 5AG
Tel: 01625 520320
admin@tecquality.org.uk
TEC Quality and TSA
TEC Quality audit and certify organisations against the Quality Standards Framework (QSF). QSF is the intellectual property of the TEC Services Association CIC (TSA). TEC Quality is a wholly owned subsidiary of the TSA.
