Discussions about governance rarely capture the headlines – or appear in the best sellers list when visiting station booksellers. There you can find copious volumes concerned with management and leadership – but not often the subject of what constitutes good governance. However, in many senses, it is the go to skill of the moment. Particularly when we focus in on the issue of Information Governance.
We live in a data rich age, and for many, our so called ‘digital footprint’ stretches far and wide as we carry out business, order and purchase goods, correspond and even find our future partner on-line. In each and every one of these transactions we are sharing critical information about ourselves, which if it got into the wrong hands, might cause us serious consequence. The way in which these personal details about our lives our managed is through Information Governance, and the world of social care is beginning to grasp both the importance, and the magnitude of fulfilling this key responsibility safely and effectively.
In May 2018, the General Data Protection Regulations (GDPR) came into force. The preparation for these Europe wide regulations shone a light on the data practices, and there was a subsequent tightening of procedures in a wide number of organisations. However, the challenge for many was how to structure their response to GDPR, particularly in relation to engaging and sharing data both within their own organisation, and across partners.
In parallel with the timeframe for the introduction of GDPR, there was a new manifestation of the Information Governance toolkit, a health based framework for the management of data primarily within health organisations. This framework has been refreshed, and reshaped in order to better meet the needs of social care organisations. Critically, it recognises that many care organisations are small enterprises, without the architecture of large scale IT departments or a suite of governance specialists in house. The refreshed framework is entitled the Data Security and Protection Toolkit (DSPT) and is one that social care providers will need to get more familiar with over the coming months and years.
Why the focus on governance now? Well – as mentioned, we have new data protection legislation. However, on top of that, there are a series of initiatives driving this that will feel much closer to home for the social care sector. The first of these is the increasing interest in information governance from the health and social care regulator, the Care Quality Commission (CQC). Last November they updated their Key Lines of Enquiry, and included a specific focus under the Well Led category around how data and information is managed within services. In light of the 2017 ‘WannaCry’ ransomware cyberattack, which had serious global implications, and distinctive impacts on NHS systems, there is a growing recognition of both the potential for public services to be at risk either through direct attack, or through their growing interconnections. As we move further on from the words of integration, to underpinning the architecture to make it happen, the necessity for safe and secure data exchange grows.
Alongside increased regulatory and legislative interest, there are also growing opportunities that the social care sector can realise by engaging in effective Information Governance. Compliance with the Data Security Protection Toolkit (DSPT) is opening doors for providers to become much better integrated at a systems level with their health partners. Completing the DSPT will enable organisations to have access to secure NHS mail, allowing the safe and rapid sharing of vital information about people as they transfer between health and social care. This could mean that the days of faxed, or even posted information about people as they leave hospital, or as their medical requirements are updated, will be a thing of the past. In addition, a tick against your DSPT entry can mean that social care providers can get on board with the Health and Social Care Network, a secure connection which will provide widespread cybersecurity protection.
There is much work to be done within social care to get everyone on board with these changes, and at present too few organisations have got that Information Governance bug. Yet for those ready to make the shift and embrace the DSPT there are a wide range of resources available on the Care Provider Alliance and National Care Forum websites which will help think through the step change needed.
Vic Rayner, Executive Director, National Care Forum