5 min read

What is Information Governance?

By Gabriella Mangham on 09-Jul-2021 16:05:06

What is Information Governance:

Information Governance is the system an organisation develops to handle information. This includes personal information on any level (e.g. clients, patients, employees, etc) and all corporate information (e.g. records, audits, financial, etc). The strategy will have to be compliant with any laws, regulations, and charters set out either by the government, industry, or your organisation. 

What is Information Governance for the NHS:
The NHS is regulated with different laws than other industries and has developed their own Information Governance Strategy. This has to be compliant with many legal frameworks:

  • The NHS Act 2006.
  • The Health and Social Care Act, 2012.
  • The Data Protection Act 2018.
  • The Human Rights Act.
  • EU General Data Protection Regulations (GDPR).
  • The NHS Digital Data Protection and Security Toolkit.
  • Elements of the international standard for information security management systems, namely ISO27001.

This may sound complicated, but it boils down to who can have what information on patients and employees, what they can do with it and how it should be stored. 

Firstly, who can have the personal information of patients? Strictly, only those the patient gives consent to. No individual patient should be identifiable to a secondary party, unless they consent to have their personal information shared. If you work within the NHS, before transmitting any information you should question yourself if it is necessary to share it at all. If you need to share a patient's information via an email or a written document of any kind, it is important to use their NHS number and not any of their personal information. No more than the absolute bare minimum should ever be sent in an email. 

So, what can you do with the information you do have? Some secondary uses include: research, audits, commissioning, contract monitoring, capacity planning, performance management reviews, service redesign and benchmarking. 

How should information be stored? The NHS has its own NHSnet or NHSmail to transmit sensitive data. Any software that the NHS buys has to be certified ISO27001 and have the best security systems.

If you are still unsure, you should consult your Region's or NHS England's Information Governance handbooks.

What is Information Governance for other organisations:
Every industry and organisation is regulated by information governance laws. In the UK, those laws are The Data Protection Act 1998, The common law duty of confidentiality, the international information security standard: ISO/IEC 27002: 2005 and the Freedom of Information Act 2000, the EU General Data Protection Regulations (GDPR) (which was adopted into UK law after the Brexit period), and finally the Human Rights Act. 

The purpose of Information Governance for non-Healthcare organisations is to determine the value of the business information. This is so your organisation can:

  • Comply with regulatory, legal, audit, and discovery requests.
  • Easily access any information whenever needed.
  • Share the information smartly, simply and securely.
  • Keep customer and employee personal information, as well as any enterprise confidential information, safe.
  • Ensure any information is disposed of once it no longer is useful in a legal or business sense.
  • Confirm that all information is authentic and complete.

Strong Information Governance can make your organisation more effective, as it saves time and money. Any questions will be answerable, so, lawyers will spend less time in discovery, and it will become easier to see trends. It is estimated that companies could lose up to $900million due to poor Information Governance! We have some tips on how to develop your strategy to avoid this.

What to take into account when drafting an Information Governance Strategy:
There are 6 key things to take into account when developing an Information Governance Strategy:

  1. Confidentiality — It is important that all sensitive information is dealt with appropriately. What are your organisation’s confidentiality procedures? What information will need consent to be shared? 
  2. Transportation — Confidential information should be sent securely and only on a need-to-know basis. Ask yourself: can I justify why this information should be sent to this person? And can I justify the means in which I send this information? Essentially, is this email necessary?
  3. Storage — All personal and confidential information stored electronically should be backed up regularly and securely. The safety of this information should be a top priority in your organisation.
  4. Record Management — There needs to be a strategy for how all information, both paper and electronic, is stored and archived. 
  5. Training — It is key that your employees are taught and aware of how the Information Governance strategy will come into play. How your employees will be trained has to come into consideration, so the system has to be intuitive. 
  6. Lifecycle — How long should information be stored? This should take into account how long, legally, personal information can be stored. An archive can be expensive, but a useful addition to any Information Governance strategy. 

How to have a good Information Governance:
To have a good Information Governance in the modern day, technology must play a role. Security and accessibility are must-haves. Any information must be easily retrievable and protected with the best programming. ECM expert Chris Walker has identified 10 principles that form the basis of good Information Governance:

  1. Information is an asset.
  2. Information has purpose.
  3. Information has sources and targets.
  4. Information has deadlines.
  5. Information has consumers.
  6. Information carries obligations.
  7. Information carries risks.
  8. Information has many forms.
  9. Information isn’t immortal.
  10. Information demands accountability.

This means that information needs to constantly be regulated and reviewed. Having an Information Governance Officer can help with this. Another way is to ensure that all systems work for an easy check. Investing in a software solution, like Convene, with a comprehensive record library can help you ensure all information is organised and secure. 

How can Convene help you with Information Governance:
Convene’s board portal solution ensures that all information and data is easily accessible. With an intuitive design, Convene helps even the most technophobic feel comfortable when using our software. Just see our customer success stories! Our features make auditing, meeting minutes, and meetings easier. Check out all of our Board portal features. As mentioned, our Records' Library is a fundamental part of this, all meeting documents and more are easily accessible and ensuring only the right people can see it is a simple click of a button! If you have any queries or would like to book a demo, don’t hesitate to contact us!

Gabriella Mangham

Written by Gabriella Mangham

Subscribe to the Convene Blog