Information Governance and confidentiality
In this page
Good information governance practice helps to ensure that personal information about all individuals is dealt with legally, securely, effectively and ethically.
This covers information about:
- corporate business, and
- interactions with other relevant organisations.
Oxford University Hospitals has its own Information Governance Team which ensures this framework is followed throughout the organisation. It provides training to all staff to ensure that they comply with the law and best practice.
Go to top…
What are the standards and requirements that make up information governance?
- Confidentiality NHS Code of Practice
- Data Protection Act 1998
- Information Security Management NHS code of Practice
- International standard for Information Security: ISO/IEC 27002:2005
- Health Records Management
- Records Management NHS Code of Practice
- Information Quality
- Payment by Results Code of Conduct
- The Freedom of Information Act 2000
- Corporate Records Management
Go to top…
Everyone working for the NHS has a legal duty to keep information held about you confidential and secure.
Information concerning you or your condition can often be of a sensitive nature, which you may not wish to be known by others. Staff dealing with information are under an obligation by law to make sure it is protected at all times.
Giving patients the best care possible often means sharing personal information with others, for example, other Trust departments or GP practices directly concerned with your treatment.
Whenever information is shared, Oxford University Hospitals staff adhere to strict codes of confidentiality. Guidelines are in place to ensure all staff deal with patient information in the strictest confidence.
These are known as the Caldicott Principles:
Principle 1 - Justify the purpose(s) for using confidential information.
Every time patient-identifiable information is transferred in an organisation it should be clearly defined and scrutinised, and the transfer process should be regularly reviewed by an appropriate guardian.
Principle 2 - Don't use patient-identifiable information unless it is absolutely necessary.
Patient-identifiable information should only be used if there is no other alternative.
Principle 3 - Use the minimum necessary patient-identifiable information.
Every measure should be taken to ensure the use of patient identifiable information is justified by reducing how easily it can be identified.
Principle 4 - Access to patient-identifiable information should be on a strict need-to-know basis.
Only those individuals who need access to patient-identifiable information should have access to the information items that they need to see.
Principle 5 - Everyone should be aware of their responsibilities.
Action should be taken to ensure clinical and non-clinical staff who handle patient-identifiable information are aware of their obligations to respect patient confidentiality.
Principle 6 - Understand and comply with the law.
Every use of patient-identifiable information must be lawful. Someone in each organisation should be responsible for ensuring that the organisation complies with legal requirements.
Principle 7 - The duty to share information can be as important as the duty to protect patient confidentiality.
Go to top…
The Trust also has a Caldicott Guardian who is responsible for upholding the Caldicott Principles and advising the Trust on the protection of patient confidentiality in accordance with your legal rights.
The Oxford University Hospitals Caldicott Guardian is:
- Dr Christopher Bunch
Medical Director's Office
Level 3, Academic Centre
John Radcliffe Hospital
Oxford OX3 9DU
Go to top…