Information Governance

Information Governance, to the HRA, is a framework for handling not only personal and sensitive information but all information in a robust and transparent manner, applying confidentiality and security where appropriate and operating to high ethical and quality standards. It is therefore about:

  • Holding information securely and confidentially;
  • Obtaining information fairly and efficiently;
  • Recording information accurately and reliably;
  • Using information effectively and ethically;
  • Sharing information appropriately and lawfully.

To do this requires:

  • striking an appropriate balance between openness and confidentiality in the management and use of information;
  • fully acknowledging its public accountability, but equally placing an importance on the confidentiality of personal information and commercially sensitive information;
  • recognising the need to share information with other organisations in a controlled manner consistent with the interests of research and, in some circumstances, the public interest.

Our Information Governance Privacy Charter and HRA IG Confidentiality Code of Conduct set out the standards that you can expect from the HRA:

Accountability

To help maintain the highest standards we have the following management structure:

  • Ian Cook, Director of Corporate Services, is the Caldicott Guardian;
  • The Corporate Secretary is Senior Information Risk Owner (SIRO);
  • Directors, REC centre managers and Heads of Department are Information Asset Owners (IAOs);
  • An Information Governance Steering Group meets regularly to discuss current issues and monitor actions;
  • It has a suite of policies in place to ensure information is processed properly by all staff;
  • An established Incident Reporting Procedure is in place that ensures all security information incidents are reported; and
  • It produces an annual Information Governance Report reviewed by the Department of Health

 

Relevant laws

The main codes, standards and laws which apply are:

 

Information Asset Register

All information assets and associated systems are identified and included in an Information Asset Register and are subject to annual information asset assessments. The principal information assets managed by the HRA are:

  • IRAS: a web-based utility for researchers to make applications;
  • HARP: an application that supports the administration of Research Ethics Committees;
  • Business Services Authority (BSA) Human Resources (HR) division use the NHS Electronic Staff Records (ESR) system to store staff records;
  • Shared Business Services (SBS) finance and payroll also make use of ESR;
  • Electronic business information is stored on shared drives provided under the Department of Health’s Open Services contract with ATOS;
  • The website;
  • The training booking and management system;
  • Paper-based applications and associated documentation submitted for ethical review; and
  • Paper-based staff records.