- StandardsNational Standards
- HealthcareMonitor, Inform, HTA
- » Focus on quality and safety
- » Find a centre
- » Health Technology Assessement
- » Informing decision making
- » Useful links
- » Frequently asked questions
- Social care
- » Using care services
- » Find a centre
- » Children and Young People
- » Older people
- » People with disabilities
- » Useful links
- » Frequently asked questions
- Getting involvedConsultations
Health Information Governance
What are Health Information Governance Standards?
Information governance is concerned with a framework, including policies and procedures, for handling information in a confidential and secure manner to appropriate ethical and quality standards.
Why introduce standards for health information governance?
Standards for health information governance will assist healthcare organisations and individuals to ensure that they handle personal health information legally, securely, ethically, efficiently and effectively, in order to deliver the best possible care. They will also promote the appropriate use of health information in order to ensure that critical information is available when and where it is needed in order to deliver safe and quality care.
What is being done?
The Authority will develop National Standards for Health Information Governance based on the proposed Health Information Bill and international best practice. As a first step, the Authority reviewed current Information Governance in Health and Social Care Settings in Ireland. Following this, an International Review of Information Governance Structures was undertaken in order to inform the development of an appropriate framework for Ireland.
The standards will cover the following areas:
- privacy and confidentiality
- information governance management
- data quality
- secondary use assurance
- security.
The first area to be covered is privacy and confidentiality starting with Privacy Impact Assessment (PIA). A Privacy Impact Assessment (PIA) is a tool that facilitates the protection and enhancement of individuals’ privacy in relation to the collection, processing and disclosure of personal health information. The PIA process involves the evaluation of broad privacy implications of health information projects and relevant legislative compliance. Where potential privacy risks are identified, ways to avoid or mitigate these risks should be identified. The primary purpose in undertaking a PIA relating to health information is to protect the rights of patients and service users. PIAs form a fundamental part of information governance in assuring that patients’ rights to privacy and confidentiality are appropriately protected.
The Authority has published an International Review of PIA practice followed by Guidance on Privacy Impact Assessment in Health and Social Care and a sample report documenting how the PIA process works. This guidance will form part of a suite of information governance standards and guidance to be published over the coming year.
Information Governance Guide and Toolkit
We have developed a new guide that gives practical information for health and social care providers around the management of information. The Guide is accompanied by a self-assessment tool which is designed to highlight areas where urgent action is required or where improvements may be made. They are an important step in assisting organisations meet the baseline requirements in information governance.
What you should know about Information Governance: a Guide for health and social care staff.
Information Governance Self-Assessment Tool
This tool is an interactive list of questions to which service providers are asked to simply answer “yes” or “no to determine their compliance with information governance requirements and practices. It is a resource to be used by the management team of organisations for learning and development. It is designed to highlight areas where urgent action is required and where improvements may be made.
Useful Resources
The following is a list of useful resources to help service providers in developing information governance policies, procedures and practices and in working towards meeting the requirements in this self-assessment tool:
HIQA
Irish College of General Practitioners and General Practice IT Group, www.icgp.ie
- A Guide to Data Protection Legislation for Irish General Practice, 2011
- No Data, No Business: Information Communications Technology (ICT) Security Guidelines, 2008
Health Service Executive (HSE) www.hse.ie
Data Protection Commissioner, www.dataprotection.ie
- Data Protection Guidelines on Research in the Health Sector, 2007
- Data Security Guidance, 2010
- Protecting the Confidentiality of Personal Information, 2008, Department of Finance
Medical Protection Society, www.medicalprotection.org
- HealthcareMonitor, Inform, HTA