Information Governance (Research)

Information Governance (IG) and IG Toolkit

What is Information Governance? | Why is IG/IGT an issue? | The College and IGT | What is the IG Toolkit? | About these web pages | Key Documents and References | Key Responsibilities | Contact

The IG Toolkit has NOT been scrapped.
Please note that contrary to reports in November 2016, the NHS Digital IG Toolkit is not being 'scrapped' but is being redeveloped and potentially renamed. 

We received confirmation from NHS Digital that our College IGT submission for 2016-17 had been approved as Satisfactory against all 14 requirements. Thanks to all those who contributed to this significant task.

If you are or have entered into an HSCIC/NHS Digital Data Sharing Agreement you need to read the HSCIC DSA Information Security Policy, and consult with your Departmental Manager.  Advice also available from IGT@le.ac.uk

 What is Information Governance?

IG Image (jpg)

 back to top
Information Governance is to do with the way organisations ‘process’ or handle information. It covers personal information, i.e. that relating to patients/service users and employees, and corporate information, e.g. financial and accounting records.

Information Governance provides a way for employees to deal consistently with the many different rules about how information is handled, including those set out in:

(see About the IG Toolkit )

A host of relevant information and advice regarding handling/management of data is available at our Research Data Management website.

Why is IG/IGT an issue?

back to top

In September 2011 the NHS England Chief Executive and Information Commissioner confirmed that all organisations that have access to NHS patient data must provide assurances that they are practising good information governance and use the Information Governance Toolkit to evidence this. Where services are commissioned for NHS patients, the commissioner is required to obtain this assurance from the provider organisation and this requirement should be set out in the commissioner-provider contract.

Letter from NHS England Chief Executive and Information Commissioner

It remains Department of Health policy that all bodies that process NHS patient information for whatever purpose should provide assurance via the IGT.

The 2014 Partridge Review - "Steps to guarantee greater openness and reassurance to the public, stricter controls over data use and better clarity for data users" - has placed greater emphasis on appropriate data management and resulted in tighter processes and greater institutional and researcher assurance requirements (See Partridge Review and Summary).

What is the IG Toolkit?

back to top

The Information Governance Toolkit is a Department of Health (DH) Policy delivery vehicle that NHS Digital (NHSD) is commissioned to develop and maintain. It draws together the legal rules and central guidance set out by DH policy and presents them in in a single standard as a set of information governance requirements. The organisations in scope of this are required to carry out self-assessments of their compliance against the IG requirements.

An assessment of compliance with requirements, within the NHS Digital Information Governance Toolkit (IGT), is undertaken each year.

The College and IGT

back to top

We received confirmation from NHS Digital (formerly 'HSCIC') that our College IGT submissions for 2015-16 and 2016-17 had been approved as Satisfactory against all requirements.

During the period to 31st March 2017 (final submission date for the IGT) a College IGT Working Group developed an IGT submission for the College as a whole.

This provides a range of University and College level evidence and support for departmental, research group, or trial/project level IGT submissions.The College is registered as what is termed as a “Hosted Secondary Use Team/Project” and has to provide evidence against the following requirements:

 

Requirement

Description

Information Governance Management

120

Responsibility for Information Governance has been assigned to an appropriate member, or members, of staff

121

There is an information governance policy that addresses the overall requirements of information governance

122

All contracts (staff, contractor and third party) contain clauses that clearly identify information governance responsibilities.

123

All staff members are provided with appropriate training on information governance requirements.

Confidentiality and Data Protection Assurance

220

Personal information is only used in ways that do not directly contribute to the delivery of care services where there is a lawful basis to do so and objections to the disclosure of confidential personal information are appropriately respected

221

There are appropriate confidentiality audit procedures to monitor access to confidential personal information

222

All person identifiable data processed outside of the UK complies with the Data Protection Act 1998 and Department of Health guidelines

223

All transfers of personal and sensitive information are conducted in a secure and confidential manner

Information Security Assurance

330

Policy and procedures ensure that mobile computing and teleworking are secure

331

There is an information asset register that includes all key information, software, hardware and services

332

Unauthorised access to the premises, equipment, records and other assets is prevented

333

There are documented incident management and reporting procedures

334

The confidentiality of service user information is protected through use of Pseudonymisation and anonymisation techniques where appropriate

335

There are adequate safeguards in place to ensure that all patient/client information is collected and used within a secure data processing environment (safe haven) distinct from other areas of organisational activity

back to top

About this Website

This website will be used as the focal point for communication regarding IG and the IGT for the College.  Content will change significantly and often so please check the site regularly.

Key Documents and References

Key Responsibilities

  • The University Registrar, Dave Hall is the Senior Information Risk Owner (SIRO)
  • CLS IG Strategy Group - Chaired by Elizabeth Draper (CLS IG Academic Lead)
  • CLS IT Advisory Committee - Chaired by Julian Ketley
  • CLS IG Academic Lead - Elizabeth Draper
  • University IG Lead (Research) - Andrew Burnham
  • IG Representatives (who act as the College IGT Working Group, alongside Information Assurance and IT Services colleagues) – Andrew Burnham (IG Lead), Jitin Liladhar (College IT Manager), Julie Faulkes and Martin Perkins (Departmental Representatives), Research Governance Manager

Contact

Email: IGT@le.ac.uk

Share this page:

Contact

IGT@le.ac.uk