Information Quality Policy...Information Quality Policy 4 1.0 Introduction This document refers to information to encompass the terms information, data and records. The Cabinet Office

IG10a – Information Quality Policy

Corby and Nene Clinical Commissioning Groups

Version 5

Version 5 (when approved)

Information Quality Policy

2

Document revision history

Date Version Revision Comment Author/Editor

17/04/2018 4.1 GDPR Update Updated to include GDPR Requirements and references where applicable

IG SME Manager (Internal)

17/05/2018 4.1a Prior to CCG review and adoption

Edited for use by Corby CCG To replace IG18v2.0 Need to check roles (section 6)

John Geaney, IG Compliance Manager

18/05/2018 4.1b CCG review Edited to cover both Nene and Corby CCGs and minor revisions

Information Manager

Document approval

Date Version Revision Role of approver Approver

5.0 GDPR Requirements Director of

Governance

July 2018 5.0 Final Corby and Nene

Audit and Risk

Committees


3

Contents 1.0 Introduction ................................................................................................................................ 4

2.0 Scope ........................................................................................................................................... 5

3.0 Purpose ....................................................................................................................................... 5

Objectives ................................................................................................................................................. 6 3.1

4.0 Equality Analysis ........................................................................................................................ 6

5.0 Definitions .................................................................................................................................. 7

6.0 Responsibilities .......................................................................................................................... 7

7.0 Principles of Information Quality .............................................................................................. 8

7.1 Accessibility ............................................................................................................................................... 8 7.2 Accuracy .................................................................................................................................................... 8 7.3 Completeness ........................................................................................................................................... 8 7.4 Relevance .................................................................................................................................................. 8 7.5 Reliability .................................................................................................................................................. 8 7.6 Timeliness ................................................................................................................................................. 9 7.7 Validity ...................................................................................................................................................... 9

8 Quality of Information and Quality of Data ................................................................................. 9

8.1 Responsibility for Equipment .................................................................................................................... 9

9 National Data Definitions, Values and Validation ....................................................................... 9

9.1 Accounting for National Systems .............................................................................................................. 9 9.2 NHS Number ............................................................................................................................................. 9

10 Errors in Information and Data ................................................................................................. 10

10.1 Key Principles ........................................................................................................................................ 10 10.2 Mitigations ............................................................................................................................................ 10

11 Specific Requirements ............................................................................................................... 10

11.1 System Level Policies and Controls ....................................................................................................... 10 11.2 Information Collections ........................................................................................................................ 10 11.3 Transcription ......................................................................................................................................... 10 11.4 Commissioning ...................................................................................................................................... 11 11.5 New Systems and Change Control ........................................................................................................ 11

12 Measures ................................................................................................................................... 11

12.1 SMART Measurements ......................................................................................................................... 11

13 Training ...................................................................................................................................... 12

14 Monitoring and compliance ...................................................................................................... 12

15 Review ....................................................................................................................................... 13

16 Statement of evidence / references ......................................................................................... 13

16.1 Key Legislative and Regulatory Environment ....................................................................................... 13 16.2 Other References .................................................................................................................................. 13

17 Implementation and dissemination of document ................................................................... 14

Appendix A: Definitions .................................................................................................................... 15

Appendix B: Purposes fulfilled by Healthcare Information ............................................................. 16

Appendix C: The levels and ranges of data ...................................................................................... 17

Appendix D: Flow charts showing the Management of data .......................................................... 18


4

1.0 Introduction This document refers to information to encompass the terms information, data and records. The Cabinet Office defines data as ‘qualitative or quantitative statements or numbers that are assumed to be factual, and not the product of analysis or interpretation’ and Information as ‘output of some process that summarises interprets or otherwise represents data to convey meaning’. This definition will be used throughout this document. Information Quality is a requirement for appropriate decision making, governance and the ongoing commissioning of high quality healthcare. The concept applies to the records, information and data that our organisation creates, maintains and utilises. Information Quality is a legal requirement for the organisation under the Data Protection legislation (Data Protection Act 2018 and General Data Protection Regulation (EU) 2016/679 as referenced in this Act – identified in this documentation as the Data Protection legislation) and Public Records Act 1958. It is a regulatory as well as an organisational requirement under government policy and standards. This policy sets out the standards expected in our processes, systems and working practice to ensure good quality information is at the heart of all of our organisation’s functions. It aims to ensure that we create and perpetuate a culture of Information Quality throughout Corby and Nene CCGs and with those that work in partnership with us and who are commissioned to provide services. This includes standards of Quality across Information and Data, as outlined by the Cabinet Office and referenced below. In addition, the policy sets out the principles of how we evaluate and mitigate errors in data. The policy sets out: our statement of intent for Information Quality, the principles that inform the relevant standard, who is accountable for the requirements within this policy, where responsibility sits and the method for their measurement, reporting and delivery. The CCGs recognise that effective information management is fundamental to good administration and operational effectiveness, and is an enabler to the achievement of our strategic values:

Effective, Compassionate, Supportive & Safe

This policy is part of the suite related to Information Governance which set out the expected standards and controls around its use. They are: Information Governance, Information Quality, Information Management and Information Security. The concepts and standards are interrelated. It is important to consider all of our obligations and intentions across the suite of policies.


5

2.0 Scope This policy is applicable to:

All records, information and data held and processed by the CCGs. All information must be managed and held within a controlled environment and to a high standard of accuracy and completeness. This includes personal data of patients and staff, patient level data (non-identifiable – with exceptions) as well as corporate information. It applies to records, information and data regardless of format, in addition to legacy data held by the organisation, in accordance with the approved retention standards;

The standards expected from services commissioned by our customers for healthcare and non-healthcare purposes;

Patient level data must be in non-identifiable format [pseudonymised] except where held for direct care purposes or permitted via an NHS Act 2006 s.251 approved use, e.g. pseudonymised format with the NHS Number visible, as approved by NHS Digital including security and access control requirements which meet Data Protection legislation standards.

Patient level data held in identifiable format must only be held and processed with the appropriate consent or other legal gateway with security and access control requirements which meet Data Protection standards.

All permanent, contract or temporary staff of the CCGs and all third parties who have access to Corby CCG and Nene CCG premises, systems or information. Any reference to staff within this document also refers to those working on behalf of the organisation on a temporary, contractual or voluntary basis;

Information systems, data sets, computer systems, networks, software and information created, held or processed on these systems, together with printed output from these systems, and;

All means of communicating information, both within and outside the organisation and both paper and electronic, including data and voice transmissions, emails, post, fax, voice and video conferencing.

Although this policy relates to patient/service user data and information, the principles included are applicable to any other data/information staff may encounter e.g. recording of minutes, etc.

There are different levels and ranges of data that support the commissioning and contracting of services, from Personal Confidential Data (or “PCD” see definitions for further clarification) to Board Level performance Data. See Appendix C for Levels and Ranges of data.

3.0 Purpose As a data processor on behalf of our customers we require good quality information to be created, managed and utilised by those our customer’s commission. We assist our customer’s in their responsibility to drive improvements in Information Governance from the services they commission. This ensures an efficient, effective and accountable service. This includes ensuring that contractual requirements and monitoring of performance include Information Quality on a routine basis. In those instances where we appropriately share or publish information we must ensure that this information is accurate and complete. Without high-standards of information quality, supported by systematic processes and practice, we cannot support the delivery of high quality healthcare and improve services.


6

Objectives 3.1

This organisation is committed to ensuring that all information within its responsibility or that it commissions is created, processed and held to a high standard of quality in a manner which ensures accurate and appropriate decision making. The right information, to the right people at the right time This policy sets out our intentions for the creation and maintenance of high quality information and the management of the associated risks.

To be of value information quality must be accurate and complete. The provenance of the information (where it came from) and its timeliness (when it was collected or altered) should be captured where necessary and where possible;

Information Systems must incorporate methods (or controls) to support the capture of accurate and complete information, this includes validation checks and reporting to identify errors, outliers and issues that require investigation;

Procedures must incorporate appropriate steps for the validation of information to ensure that it is accurate and complete throughout its lifecycle (from creation through use through to disposal);

Working Practice supported by training must deliver methods to check and confirm that accurate information is collected, maintained and shared;

Contracts with commissioned services (healthcare and non-healthcare) must incorporate provisions for information quality. These must be supported by methods for monitoring, escalating and resolving issues around information quality for our customers;

Information must fulfil all of the purposes required of it and must be used in a lawful and appropriate manner, a diagram showing the purposes is in Appendix B;

When reporting, sharing or publishing information processes must include appropriate checks to ensure that accurate information is provided including validation where possible;

Those working with information need their training needs and requirements for improving skills and knowledge around information quality assessed and supported;

Concerns around the quality of information will be assessed to capture any associated risks and issues arising, to ensure appropriate mitigation, management and risk reduction over time.

4.0 Equality Analysis This document demonstrates the organisation’s commitment to create a positive culture of respect for all

individuals, including staff, patients, their families and carers as well as community partners. The intention

is, as required by the Equality Act 2010, to identify, remove or minimise discriminatory practice in the nine

named protected characteristics of age, disability, sex, gender reassignment, pregnancy and maternity,

race, sexual orientation, religion or belief, and marriage and civil partnership. It is also intended to use the

Human Rights Act 1998 and to promote positive practice and value the diversity of all individuals and

communities.


7

5.0 Definitions See Appendix A for definitions.

6.0 Responsibilities

Accountable Officer The Accountable Officer has overall accountability for information governance. As the accountable officer he/she is responsible for the management of the organisation and for ensuring appropriate mechanisms are in place to support service delivery and continuity.

Data Protection Officer The Data Protection Officer (DPO) the DPO reports to the SIRO. This ensures the DPO can act independently, without a conflict of interest and report direct to the highest management level. In addition, depending upon the agreement with NEL, the DPO may deputise for the SIRO and Caldicott Guardian. The Data Protection Officer is responsible for ensuring that the CCGs and their constituent business areas remain compliant at all times with data protection, privacy & electronic communications regulations, freedom of information act and the environmental information regulations (information rights legislation). The Data Protection Officer shall: lead on the provision of expert advice to the organisation on all matters concerning the information rights law, compliance, best practice and setting and maintaining standards. Provide a central point of contact for the information rights legislation both internally and with external stakeholders (including the office of the information commissioner). Communicate and promote awareness of information rights legislation across the CCGs.

Information Manager & Information Co-ordinator The Information Manager has overall responsibility for Information Governance. He/she is responsible for the management of the organisation and for ensuring the implementation of appropriate mechanisms to support service delivery and continuity. Information Governance is key to this as it ensures appropriate, accurate information is available as required.

The Senior Internal and Assurance Information Governance Manager is responsible for the overall development and maintenance of information governance practice throughout the CCGs, in particular for drawing up guidance for good management practice and promoting compliance with IG Policies in such a way as to ensure the easy, appropriate and timely retrieval of information.

Senior Information Risk Owner (SIRO) The Senior Information Risk Owner (SIRO) is appointed by the Management Team and is accountable to the Accountable Officer for the appropriate management of risk associated with the organisation’s use and holding of information.

Caldicott Guardian The Caldicott Guardian has a particular responsibility for reflecting patients’ interests regarding the use of patient identifiable information. They are responsible for ensuring patient identifiable information is shared in an appropriate and secure manner.

Information Governance Working Group The Information Governance Working Group reports to the Audit and Risk Committee and is responsible for ensuring that this policy is implemented and that records management systems and processes are developed, co-ordinated and monitored.


8

Information Asset Owners All system managers (Information Asset Owners) must ensure that procedures are upheld for each personal confidential data system.

The responsibility for local information management is devolved to the relevant Directors, Service Leads and all managers. They have overall responsibility for the management of information and records generated by their activities, i.e. for ensuring that official records controlled within their unit are managed in a way which meets the aims of the Information Management Policy.

Senior managers are responsible for identifying and managing information risks in their remit. Staff nominated as Information Risk Owners (Information Asset Owners) and those responsible for operating Information Assets as Information Risk Administrators (Information Asset Administrators) are accountable to the SIRO for the appropriate identification and management of risks. Information Security risks form a vital part of the role and assurance required from these post holders.

All Staff All staff, whether clinical or administrative, who create, receive and use records have records management responsibilities. In particular all staff must ensure that they keep appropriate records of their work in the organisation and manage those records in keeping with this policy and with any guidance subsequently produced.

7.0 Principles of Information Quality

7.1 Accessibility

Information can be accessed quickly and efficiently through the use of systematic and consistent management in electronic and physical format. Access must be appropriate so that only those with a lawful basis and legitimate relationship to information can view, create or modify information.

7.2 Accuracy

Information is accurate, with systems, processes and practice that support this work supported by guidance. This is a legal requirement of the Data Protection Legislation ‘personal data shall be accurate, and where necessary, kept up-to-date’. Ideally, systems will capture data once and ensure that accuracy is maintained and checked through process. Any limitations on accuracy of data must be made clear to its users and effective margins of error built into calculations.

7.3 Completeness

The relevant information required is identified. Systems, process and working practice ensures it is routinely captured. The specification what data is required for the defined need will be incorporated into processes, collection and validation. The evaluation of information quality must monitor for missing, incomplete or invalid information as well as consider the causes and associated risks.

7.4 Relevance

Information is kept relevant to the issues rather than for convenience with appropriate management and structure.

7.5 Reliability

Information must reflect a stable, systematic and consistent approach to collection, management and use, a flow chart to demonstrate the management of data is in Appendix D. Methods of collection, use and analysis must ensure consistency in the data and variations in these methods must be considered for their potential impact on the quality or content of the information.


9

7.6 Timeliness

Information is recorded as close to possible to being gathered and can be accessed quickly and efficiently. This is a requirement of the Data Protection Legislation ‘personal data shall be accurate, and where necessary, kept up-to-date’.

7.7 Validity

Information must be collected, recorded and used to the standard set by relevant requirements or controls. Validity is supported by consistency over time, systems and measures. Any information collection, use or analysis process must incorporate a validation method or tool to ensure that the standards and principles outlined above are met. Validation tools will support routine data entry and analysis, as well as support the identification and control of duplicate records and errors. See Annexe D for Flow charts showing the Management of data

8 Quality of Information and Quality of Data As noted above this policy uses the terms data and information as defined by the Cabinet Office. Issues of Quality impact upon Information and Data differently due to the separate contexts. The principles outlined in this policy apply to both but the following sections outlines issues around the individual context.

8.1 Responsibility for Equipment

Information is defined as ‘output of some process that summarises interprets or otherwise represents data to convey meaning’. In terms of this policy, the principles of Information Quality apply to information but are exercised through the process of interpretation or representation. These processes must ensure the information is complete, accurate and support validation. Any errors are identified through the process and the appropriate mitigation undertaken.

8.2 Quality of Data Cabinet Office defines data as ‘qualitative or quantitative statements or numbers that are assumed to be factual, and not the product of analysis or interpretation’. The principles of Information Quality apply to data and are evaluated before, during and after analysis and interpretation. Processes to ensure the principles in this policy are used but data will be subject to broader analysis for duplication, error and results that sit outside expected ranges

9 National Data Definitions, Values and Validation

9.1 Accounting for National Systems

The use of national data standards will be incorporated were it supports the appropriate sharing, exchange and monitoring of information. Systems and processes are evaluated to consider what national data standards are relevant and how they will be incorporated. Any risks from not using these standards will be considered, recorded and appropriately managed.

9.2 NHS Number

The NHS Number is the unique identifier within the National Health Service. Where appropriate and legal to be used, it must be incorporated into all correspondence with patients and relevant information systems to ensure that the correct individual is identified.


10

Services that are commissioned are contracted to the use of NHS Number, where appropriate, and to ensure it is incorporated into routine data collection, data management and working practice. Appropriate mitigation is required from commissioned services in clinical and commissioning systems for the absence of an NHS number for an individual.

10 Errors in Information and Data

10.1 Key Principles

It is understood that errors and inaccuracies will occur in Information. Systems, process and analysis during the lifecycle of the information need to identify the causes of any errors, the relevant margin of error introduced into any subsequent use of the Information and the appropriate action taken. This includes understanding the context of any Information or Data Set, to ensure that “outliers”, results that fall outside expected ranges, are investigated to determine if there are any resulting Information Quality concerns. It is important to determine and maintain a view of expected ranges of information to support the principles of Information Quality.

10.2 Mitigations

Where errors are identified, appropriate mitigation is required. This includes correction, where relevant, analysis of process and appropriate action, and ongoing monitoring. Understanding the cause of error and its likely consequence are a key component of improving Information Quality or managing issues that cannot be addressed through appropriate controls.

11 Specific Requirements

11.1 System Level Policies and Controls

Key Information Assets that utilise information, usually referred to as Information Systems are required to have a System Level Policy that sets out their principles of operation and controls. Within these policies the approach to Information Quality against the principles outlined in this policy are detailed. These systems must consider the requirements of relevant legislation, legal gateways and National data standards; the policy outlines how they are incorporated and the relevant controls. Routine audits of controls on data and validation programmes are incorporated into system level policies and working practice. Regular reviews of current controls and working practice are required to ensure that any developments of national standards and guidance. The standard and frequency for reviews will be outlined in the relevant System Level policy.

11.2 Information Collections

Any process that involves information collection must incorporate Information Quality requirements into the relevant protocol and procedures to ensure the quality of information/data collected is sufficient for the intended purpose(s)

11.3 Transcription

Transcribing data from one form to another, either manually or by computer, may increase costs or reduce the quality and usefulness of that data. Organisations collecting confidential information should design collection systems which avoid requirements for transcribing data.


11

11.4 Commissioning

Any commissioning of service (healthcare and non-healthcare) must include appropriate contractual and monitoring for Information Quality. It is important to set out the requirements for any information to be gathered in the course of the contract and ensure it is appropriate, lawful and meets the required standards for the duration of the contract and at its cessation. Reports provided by commissioned services will be monitored for Information Quality requirements against the expected standards with the actions taken by the commissioned service monitored as part of ongoing contract management.

11.5 New Systems and Change Control

Any new system or change control, must incorporate an assessment of the impact on Information Quality and relevant controls to support. Accountability for this assessment will be clearly defined and incorporated.

12 Measures

12.1 SMART Measurements

Information Systems Processes

Accessibility To be outlined in the relevant System Level Policy but must ensure that access to relevant information is timely and meets business needs

Information is stored in a systematic and consistent manner, that is accessible to an authorised staff member supported guidance within 30 minutes

Accuracy As above Information is collected, used and analysed in ways that ensure accuracy. Including validation and checking where necessary

Completeness As above The information required for completing a process must be understand and a provided in the relevant procedure.

Relevance As above The minimum information required for the proposed purpose and use must be outlined in the relevant process

Reliability As above Process of collection, use and analysis must demonstrate a consistent approach to the collection of data. This must be supported by training and guidance as necessary. For instance, the required date format. Any change to a process must be managed through change control to ensure reliability of information is maintained.

Timeliness As above Any process must ensure that information is captured, recorded and made available in a prompt manner

Validity As above Any process must ensure that information is tested and analysed to ensure the intended purpose is reliably met to enable decisions to be taken, e.g. payment of invoices or for service reviews.

Standards of Information Quality will be measured against the Principles outlined above


12

13 Training All staff will be made aware of their responsibilities for information quality through generic and specific training programmes and guidance. Training requirements will be publicised via the Communications Department.

14 Monitoring and compliance This policy and the associated controls will be monitored through the Information Risk Management system for the organisation. The Information Risk Register will be reviewed on a monthly basis and additionally in response to any information incident or enforcement action by the Information Commissioner’s Office. Information Risk Management is a key component of wider assurance and central in setting the priorities for the information governance work plan for Information Quality. Further assurance will be provided through the Data Protection and Security Toolkit (DPST) and the associated audit. Reviews of the current controls and their operation will be undertaken in line with a quarterly timescales, as a minimum, in line with the expectations of the Data Protection and Security Toolkit (DPST). It is noted that the Toolkit may supplementary work to ensure broader assurance. Information Risk Owners, assisted by Information Risk Administrators, will be required to routinely review the Risks and Information Flows associated with the Information Assets utilised to fulfil the business functions and activities within their remit. Further monitoring will be undertaken through the change control process. Table 1 provides more details Table 1 Control Audit

Control Audit and Monitoring Table

Monitoring requirements ‘What in this document do we have to monitor’

The management of information risks (Information Risk Management) Compliance with the law Compliance with the Data Protection and Security Toolkit (DPST) Incidents related to the breach of this policy

Monitoring Method Information Risks will be monitored through the Information Risk Register and management system. Compliance with law will be monitored through audit, work directed by the DSP Toolkit and as directed by Information Risk Management The DSP Toolkit will be monitored by assessment of evidence against the objective of the relevant requirement. In addition, the DPST will be audited by the organisation’s internal audit function before the annual submission. Incident reporting and management requirements

Monitoring prepared by Information Governance Function supporting the IG Lead for Corby and Nene CCGs and Information Governance Working Group Incident reports will be produced by the nominated investigation officer

Monitoring presented to Information Governance Working Group Senior Information Risk Owner Caldicott Guardian Board and Accountable Officer

Frequency of Review Quarterly updates will be provided to the IG Working Group, the SIRO and the Caldicott Guardian Relevant Information Risks will be added to the Corporate Risk Register and reported in line with Risk Management system Annual (as a minimum) updates to the Board will be provided. The internal audit report on DPST performance will be provided to the Board or delegated


13

sub-committee. Incident Reports will be reviewed at least on an annual basis and as directed by the seriousness of the incident

14.1 Non-Compliance Failure to comply with the standards and appropriate governance of information as detailed in this policy, supporting protocols and procedures can result in disciplinary action. All staff are reminded that this policy covers several aspects of legal compliance that as individuals they are responsible for. Failure to maintain these standards can result in criminal proceedings against the individual. These include but are not limited to:

Common law duty of confidentiality Computer Misuse Act 1990 Data Protection Act 2018 General Data Protection Regulation

2018 (GDPR) Freedom of Information Act 2000

Human Rights Act 1998 Public Records Act 1958 Health and Social Care Act 2012 Care Act 2014

15 Review Review will take place every three years or earlier until rescinded or superseded, due to legal or National Policy changes. The audience of this document should be aware that a physical copy may not be the latest version. The latest version, which supersedes all previous versions, is available in the policy register for the organisation. Those to whom this policy applies are responsible for familiarising themselves periodically with the latest version and for complying with policy requirements at all times.

16 Statement of evidence / references

16.1 Key Legislative and Regulatory Environment

The following is a list of the Key legislative and regulatory framework Data Protection Act 2018 General Data Protection Regulation 2018 (GDPR) Freedom of Information Act 2000 Computer Misuse Act 1990 Common law duty of confidentiality Human Rights Act 1998 Health and Social Care Act 2012 Care Act 2014 NHS Constitution Information Commissioner Offices guidance, passim. Care Quality Commission Requirements (for commissioned healthcare services) Records Management Code of Practice for Health and Social Care 2016 Code of Practice on Confidential Information 2014

16.2 Other References

Other relevant policies are: Information Governance Information Security

A list of related protocols and procedures will be maintained in the Information Governance Framework


14

17 Implementation and dissemination of document The Policy, once approved will be shared with all staff through the all staff email, updated on the intranet where this is available, included in staff briefings and place in the policy register. A team and management briefing will be provided to support this dissemination. In addition to the monitoring detailed above, awareness of the policy will be checked through a staff survey and spot checks on at least an annual basis.


15

Appendix A: Definitions Term Definition Source

Data Data is used to describe ‘qualitative or quantitative statements or numbers that are assumed to be factual, and not the product of analysis or interpretation.’

Definition taken from The Information Governance Review, Mar 2013 (Gateway Ref: 2900774)1 based on the Cabinet Office definition

Information Information is the ‘output of some process that summarises interprets or otherwise represents data to convey meaning.’

Definition taken from The Information Governance Review, Mar 2013 (Gateway Ref: 2900774)

Personal Confidential Data or PCD

This term describes personal information about identified or identifiable individuals, which should be kept private or secret. For the purposes of this review ‘personal’ includes the Data Protection Act definition of personal data, but it is adapted to include dead as well as living people and ‘confidential’ includes both information ‘given in confidence’ and ‘that which is owed a duty of confidence’ and is adapted to include ‘sensitive’ as defined in the Data Protection Act.

Definition taken from The Information Governance Review, Mar 2013 (Gateway Ref: 2900774)

1 See https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/192572/2900774_InfoGovernance_accv2.pdf, p. 24

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/192572/2900774_InfoGovernance_accv2.pdf


16

Appendix B: Purposes fulfilled by Healthcare

Information Overview of purposes fulfilled by Information in Healthcare.

Strategies

Frameworks

Models

Recommendation

Papers

Options

Appraisals

Business Cases

Plans

Reviews

Audits

Assessments

(against criteria,

standards; impact/

implications)

Analysis

Progress Reporting

Monitoring reports

Highlight reports

Dashboards

Performance

reports

Assurance reports

Finding/ Status

Reports

Operational Handover/

Success evalution

Evaluation reports

Transfer to

operational

management

Lesson learnt

Case studies

Problem Identification

and Definition

Solution Identification

and Selection

Solution Implementation

Development and

Delivery


and Operational

Monitoring and

Management Solution Evaluation


Development and

Delivery

Contracts

Agreements

Documents associated with

business change

Polices

Procedures

Guidance

Training, Learning,

Development

Material

Session Plan

Session

presentation

Attendance logs

Review

Registers / Logs

Board interests

Asset

Seal usage

Action

Issue

Communication

People

Job Descriptions

Personal

Development

Reviews

Continuing

Profession

Development Logs

Contracts

Employment

Checks

Meetings

Forward plan

Agenda

Notes

Minutes

Feedback forms

Document associated with

business management

Business change stage description

Approval / Sign off Process

KEY:

Marketing

Service

Information

Service Profile

Product/Service

catalogues

Operations

Information

Operations Manual

Site Manual

Service Manual

Patient

Patient information

Service

information

Documents associated with

service delivery

External

Quality account

Annual Plan

Audited accounts

Communication

Collateral

Style guides

Brand assets

Enablers

Documentation

Templates and

Forms

Information and

communication

Technology

Applications and

tools

Information

Systems


17

Appendix C: The levels and ranges of data Overview of levels and ranges of data


18

Appendix D: Flow charts showing the Management of data Overview

Data Administration Data Processing Information Analysis

Monitoring

Management

Assurance

Management of Data to Information Flow

Recording/ Entry Storing Processing Analysing

Reporting

Updating

Data Validation

Data Quality

Transferring

Data administration

Information Management

KEY:

Collecting

Interpreting Operational

Decision/update

DATA ADMINISTRATION INFORMATION SERVICES MANAGEMENT ACTION

System (Infrastructure)

Management Action

SYSTEM

(INFRASTRUCTURE)

Flow of Data