Information governance—a view from the NHS

https://doi.org/10.1016/j.ijmedinf.2003.11.009Get rights and content

Abstract

In this paper, a range of issues influencing and affecting NHS1 information governance policy and practice will be considered. The expansion of electronic information services within the NHS and with its other information partners has reinforced the need for effective security and confidentiality arrangements to apply at multiple levels and in a variety of different business contexts. Added to these, the need to consistently address issues of data protection, records management and data quality, has resulted in a NHS information governance initiative. This initiative is intended to provide approved tools, methods and guidance that may be applied consistently throughout the NHS and that will be underpinned through appropriate support and helpdesk services. This paper emphasises the need to consider a range of applicable topics when determining a responsible and extensible approach to the governance of information collected, used and shared by healthcare organisations.

Introduction

The governance requirements for information processing by NHS organisations are complex and these extend to everything that is done with, or to, NHS information. There is therefore a need to provide a broad based and standards driven approach to information governance and the objectives for NHS organisations that is both comprehensive and will provide the necessary consistencies for overall NHS compliance.

Traditionally, governance initiatives have focused on discrete portions of this complex field and have neglected the whole. This has resulted in a degree of shortfall, confusion and duplication, and no real understanding of the bigger picture.

The NHS is now to adopt a new approach to the governance of its information resources. This approach includes aspects of:

  • Holding information securely and confidentially;

  • Obtaining information fairly and efficiently;

  • Recording information accurately and reliably;

  • Using information effectively and ethically; and

  • Sharing information lawfully and appropriately.

This approach is also known as the ‘HORUS’ model.

In determining the detail of this model, it is recognised that patients will have a legitimate expectation that information collected and processed about them will be held securely and confidentially, be accurate and complete and be readily accessible to those involved in their care. At the same time, patient-centred services require that patients be informed about and consent to the services they receive.

With these points in mind, the NHS is now developing and refining national standards relating to:

  • The provision of information to patients;

  • Patient consent;

  • Information security and confidentiality;

  • Information quality; and

  • Records management

These are to be the core strands addressed within the new NHS HORUS delivery model.

Section snippets

Setting the policy

In determining NHS information governance policy lines, it has been necessary to consider the values to clinical care through good quality records, reliable information and improved standards generally. These processes of clinical care are entirely dependent upon the product of credible information. Without this, healthcare effectiveness reviews and audit techniques are ineffective. Similarly, public health, epidemiology, statistics, management analysis and research are all undermined when the

The whole system perspective and national IG framework

Information governance for the NHS represents more than just a simple drawing together of familiar ideas and initiatives, such as those of confidentiality and security. It represents a new and comprehensive approach to the processing of NHS information and begins to recognise and develop the interdependencies between the relevant strands of corporate and clinical governance.

As already outlined, information processing has five broad aspects that have been combined within the information

Information governance within NHS organisations

Considerable responsibility for the delivery of information governance rests with NHS organisations, and particularly with their governing Boards. It is therefore expected that all NHS organisations will formally establish and manage information governance programmes that are appropriate to their local needs and that sit alongside their other NHS reporting requirements, including those for Controls Assurance.

All NHS organisations are also expected to develop and maintain corporate policies,

Supporting arrangements

To further assist NHS organisations with their consideration, implementation and management of information governance needs, a new NHS toolkit product is currently being developed and will be provided to all relevant organisations free of charge. This new toolkit product will bring together all NHS information governance requirements, key standards, target attainment levels, reusable templates and other illustrative materials in ways that are user-friendly, up to date and easily accessible. In

Conclusions

The NHS information governance initiative is both necessary and ambitious. It’s primary purpose is to manage appropriately and improve where possible the standards that apply to the processing of NHS information. The initiative will draw together several strands of NHS governance in a new way that is sensible and coherent and will allow NHS organisations to maximise the resources that are available to them.

This paper illustrates the approach that the NHS is developing to address its

References (1)

  • BS7799, A code of practice for information security management, British Standards Institute,...

Cited by (36)

  • Data Matters: A Strategic Action Framework for Data Governance

    2022, Information and Management
    Citation Excerpt :

    The mechanisms involved in data governance indicate that this is a collective action involving many participants. Companies need to consider the data lifecycle as they move forward with various governance initiatives [28, 89]. Strategic actions—concrete actions that form data collaboration across departments and organizations in the common pursuit of data governance efficiency [96]—can illustrate the viability of data and its potential for future growth and application.

  • Data governance: A conceptual framework, structured review, and research agenda

    2019, International Journal of Information Management
    Citation Excerpt :

    Organizations use data policies to communicate key objectives, data accountabilities, roles, responsibilities, and data retention periods (e.g., DAMA International, 2009, pp. 47; Donaldson & Walker, 2004, p. 283; Morabito, 2015, p. 89). Enterprises enforce, monitor, evaluate, and revise data policies (e.g., Brous, Janssen et al., 2016, p. 10; Cheong & Chang, 2007, p. 1002; Donaldson & Walker, 2004, p. 283). Data standards ensure that the data representation and the execution of data-related activities are consistent and normalized throughout the organization (e.g., DAMA International, 2009, pp. 48; Kim & Cho, 2017, p. 387; Palczewska et al., 2013, p. 576).

View all citing articles on Scopus
1

NHS: National Health Service; in this paper the NHS in UK is meant.

View full text