54
128
Information: To share or not to share? The Information Governance Review
Demographic data:
Information relating to the general characteristics of an individual or
population e.g. ethnicity, gender, geographical location, socio-economic status.
Direct care:
A clinical, social or public health activity concerned with the prevention,
investigation and treatment of illness and the alleviation of suffering of individuals. It
includes supporting individuals’ ability to function and improve their participation in life
and society. It includes the assurance of safe and high quality care and treatment through
local audit, the management of untoward or adverse incidents, person satisfaction
including measurement of outcomes undertaken by one or more registered and regulated
health or social care professionals and their team with whom the individual has a
legitimate relationship for their care.
Epidemiology:
The study of the frequency, distribution and cause of disease in order to
find ways of prevention and control. It includes social and environmental factors that
influence a disease
120
.
Fraser Guidelines for Competency:
A set of guidelines used by clinicians to determine
whether a young person is mature and capable of understanding the issues and
consequences of a decision and being able to evaluate relevant information and make a
reasoned decision for themselves. Also sometimes referred to as Gillick competency.
Genetic information:
Genetic information is information about the genotype, or
heritable characteristics of individuals obtained by direct analysis of DNA, or by other
biochemical testing. Genetic information in itself is not always identifiable; personal
genetic information refers to information about the genetic make-up of an
identifiable person
121
.
Genome:
The total genetic complement of an individual.
Health service body:
Organisations (or individuals) with specific functions, obligations
and powers defined in law. In England, the health service bodies from 1 April 2013 are: the
Secretary of State for Health (includes the Department of Health, and its Executive
agencies such as Public Health England and the MHRA), the NHS Commissioning Board,
clinical commissioning groups, NHS Trusts (including Foundation Trusts), special health
authorities such as the NHS Business Services Authority, CQC, NICE, and the Health and
Social Care Information Centre. Local authorities are not health service bodies.
Honorary/seconded staff:
Staff working in the one organisation e.g. a hospital, but
employed by other organisations e.g. a university. Another example would be where social
workers employed by the local authority are based in a hospital to work alongside health
professionals. The agreement between the two organisations ensures that in the event that
the individual breaches host organisation rules and procedures their employer will take
appropriate disciplinary action on behalf of the host organisation.
120 http://genome.wellcome.ac.uk/resources/glossary
121 The Human Genetics Commission identified four categories of personal genetic information: observable or private information and sensitive
or non-sensitive genetic information. The Commission concluded that not all personal genetic information should be treated in the same way
in every set of circumstances.
54
129
Glossary
Identifiable information:
See ‘Personal confidential data’.
Identifier:
An item of data, which by itself or in combination with other identifiers
enables an individual to be identified. Examples are included in Appendix 5.
Independent audit:
An audit conducted by an external and therefore independent
auditor to provide greater public assurance. See ‘Audit’ and ‘Clinical audit’.
Indirect care:
Activities that contribute to the overall provision of services to a
population as a whole or a group of patients with a particular condition, but which fall
outside the scope of direct care. It covers health services management, preventative
medicine, and medical research. Examples of activities would be risk prediction and
stratification, service evaluation, needs assessment, financial audit.
Individual funding request:
A request to a clinical commissioning group to fund
healthcare for an individual which falls outside the range of services and treatments that
the clinical commissioning group has agreed to commission.
Information:
Information is the “output of some process that summarises, interprets or
otherwise represents data to convey meaning.” Data becomes information when it is
combined in ways that have the potential to reveal patterns in the phenomenon
122
.
Information governance:
How organisations manage the way information and data are
handled within the health and social care system in England. It covers the collection, use,
access and decommissioning as well as requirements and standards organisations and their
suppliers need to achieve to fulfil the obligations that information is handled legally,
securely, efficiently, effectively and in a manner which maintains public trust.
Information governance specialist:
A staff member specifically appointed to provide
advice, guidance and governance in relation to legal requirements such as the duty of
confidence and data protection, the legal basis for information sharing, key requirements
in relation to information security, record management, and freedom of information.
Legitimate relationship:
The legal relationship that exists between an individual and the
health and social care professionals and staff providing or supporting their care.
Linkage:
The merging of information or data from two or more sources with the object of
consolidating facts concerning an individual or an event that are not available in any
separate record.
Never events:
‘Never events’ are very serious, largely preventable patient safety
incidents that should not occur if the relevant preventative measures have been put in
place
123
. The list is updated annually and includes for example wrong site surgery and
wrong route administration of chemotherapy.
122 Taken from Royal Society (2012) ‘Science as an open enterprise’.
123 Taken from Department of Health, http://www.dh.gov.uk/en/Publicationsandstatistics/Publications/PublicationsPolicyAndGuidance/
DH_124552
47
130
Information: To share or not to share? The Information Governance Review
Personal confidential data:
This term describes personal information about identified or
identifiable individuals, which should be kept private or secret. For the purposes of this
review ‘Personal’ includes the DPA definition of personal data, but it is adapted to include
dead as well as living people and ‘confidential’ includes both information ‘given in
confidence’ and ‘that which is owed a duty of confidence’ and is adapted to include
‘sensitive’ as defined in the Data Protection Act.
Personal data:
Data which relate to a living individual who can be identified from those
data, or from those data and other information which is in the possession of, or is likely to
come into the possession of, the data controller, and includes any expression of opinion
about the individual and any indication of the intentions of the data controller or any other
person in respect of the individual.
Personal information:
See ‘Personal confidential data’.
Personal record/personal health and wellbeing record:
See ‘Care records’.
Potentially identifiable:
See ‘De-identified data for limited access’.
Primary care:
Primary care refers to services provided by GP practices, dental practices,
community pharmacies and high street optometrists.
Privacy impact assessment:
A systematic and comprehensive process for determining
the privacy, confidentiality and security risks associated with the collection, use and
disclosure for personal data prior to the introduction of or a change to a policy, process
or procedure.
Processing:
Processing in relation to information or data, means obtaining, recording or
holding the information or data or carrying out any operation or set of operations on the
information or data, including:
• organisation, adaptation or alteration of the information or data;
• retrieval, consultation or use of the information or data;
• disclosure of the information or data by transmission, dissemination or otherwise making
available; or
• alignment, combination, blocking, erasure or destruction of the information or data.
Pseudonymisation:
The process of distinguishing individuals in a data set by using a
unique identifier, which does not reveal their ‘real world’ identity (see also
‘Anonymisation’ and ‘De-identified’ data).
Public interest:
Something ‘in the public interest’ is something that serves the interests
of society as a whole. The ‘public interest test’ is used to determine whether the benefit
of disclosing sensitive information outweighs the personal interest of the individual
concerned and the need to protect the public’s trust in the confidentiality of services.
46
131
Glossary
Re-identification:
The process of analysing data or combining it with other data with the
result that individuals become identifiable. Also known as ‘de-anonymisation’.
Safeguarding:
The process of protecting children and vulnerable adults from abuse or
neglect, preventing impairment of their health and development, and ensuring they live in
circumstances consistent with the provision of safe and effective care. It enables children
to have optimum life chances and enter adulthood successfully and adults to retain
independence, wellbeing and choice and to access their human right to live a life that is
free from abuse and neglect.
Safe haven:
An accredited organisation with a secure electronic environment in which
personal confidential data and/or de-identified data can be obtained and made available
to users, generally in de-identified form. An accredited safe haven will need a secure legal
basis to hold and process personal confidential data. De-identified data can be held under
contract with obligations to safeguard the data (see section 6.5).
Screening
Screening is a process of identifying apparently healthy people who may be at increased
risk of a disease or condition. They can then be offered information, further tests and
appropriate treatment to reduce their risk and/or any complications arising from the
disease or condition.
Sensitive personal data:
Data that identifies a living individual consisting of information
as to his or her: racial or ethnic origin, political opinions, religious beliefs or other beliefs
of a similar nature, membership of a trade union, physical or mental health or condition,
sexual life, convictions, legal proceedings against the individual or allegations of offences
committed by the individual. See also ‘Personal confidential data’.
Serious incident:
A serious event that has led, or may have led to harm to patients,
service users or staff — this can apply to both clinical safety incidents and data incidents.
Also called ‘serious untoward incidents’.
Service user:
An individual receiving social care services.
Specialist commissioning:
This relates to the purchasing and planning of specialised
services for diseases and disorders. Specialised services are defined in law as those services
with a planning population of more than one million people. The NHS Commissioning Board
is responsible for commissioning specialised services.
Third party:
In relation to personal data, any person other than the subject of the data,
the data controller, or a data processor.
Unborn:
Foetuses between 24 weeks gestation and birth. Different approaches are taken
between health and social care in relation to record keeping relating to ‘the unborn’.
38
133
Appendix 1:
Membership of the Information
Governance Review
Review Panel Members
Dame Fiona Caldicott (Chair)
Chairman, Oxford University Hospitals NHS Trust
John Carvel
Former Social Affairs Editor, The Guardian
Member, Healthwatch England Committee
Professor Mike Catchpole
Head of Epidemiology and Surveillance, Health Protection Agency
Terry Dafter
Director of Adult Social Care, Stockport
Janet Davies
Director of Nursing and Service Delivery, Royal College of Nursing
Professor David Haslam
National Professional Adviser, Care Quality Commission
Co-Chair of NHS Future Forum Information work stream
Dr Alan Hassey
GP with informatics expertise and Academy of Medical Royal Colleges
Dawn Monaghan
Group Manager, Information Commissioner’s Office
Terry Parkin
Executive Director, Education and Care Services London Borough of Bromley
Sir Nick Partridge
CEO, Terrence Higgins Trust and Involve
Professor Martin Severs
School of Health Sciences and Social Work, University of Portsmouth
Caroline Tapster
Former CEO, Hertfordshire County Council
Jeremy Taylor
Chief Executive, National Voices
Co-chair of NHS Future Forum Information work stream
Sir Mark Walport
Director, Wellcome Trust
Dr David Wrigley
Commissioning GP
31
134
Information: To share or not to share? The Information Governance Review
Review Support Team
Launa Broadley
Secretariat
Steve Collins
Department of Health lead
Jenny Craggs
Theme support
Wally Gowing
Theme lead
Suzanne Lea
Head of programme
David Lockwood
Head of drafting
Christina Munns
Theme lead
Karen O’Brien
Secretariat
Eileen Phillips
Media and communications lead
David Riley
Theme lead
Carole Sheard
Theme lead
Clive Thomas
Theme lead
Karen Thomson
Information governance lead
Richard Wild
Review director
Documents you may be interested
Documents you may be interested