HI3.2010 Manage risks relating to data and information in a health context

Overview

This standard is about managing risks relating to data and information in a health context. Risks may be in relation to the confidentiality, integrity, availability, suitability and transmission of information. Information may be categorised as person identifiable and non-person identifiable. You will need to be able to ensure that risks are effectively managed and take the necessary actions to respond to risks. This may mean that you are delegating activities in relation to risk management, but ultimately you have responsibility for the overall management of such risks. Users of this standard will need to ensure that practice reflects up to date information and policies. Version No 1

Knowledge and Understanding

You will need to know and understand:

1. the relevant legislation, policies, procedures, codes of practice and guidelines in relation to managing risks relating to data and information
2. the components of information governance, including; information quality, confidentiality, data protection, information security and records management
3. the types of risks that exist, including risks relating to confidentiality, integrity availability and transmission of information
4. the tools and techniques for managing risks relating to data and information
5. the ways in which data and information are used within a health context
6. how to plan a response to risks, including action planning, contingency planning and review cycles
7. the principles of risk management, including; risk acceptance, risk transfer, risk reduction and risk removal
8. the types of issues that may occur and how to resolve them (e.g. breaches of confidentiality, inappropriate disclosure of information)

Performance Criteria

You must be able to do the following:

1. consult with colleagues and relevant others to identify the potential risks to data and information
2. advise colleagues on managing risks relating to data and information
3. ensure that identified risks relating to data and information are recorded and evaluated
4. apply information governance processes and work within legislation to plan the response to risks
5. ensure the appropriate response to any identified risks takes place
6. work with colleagues to resolve any issues
7. recommend changes to improve the ways you identify and respond to risks
8. implement improvements in the way information governance is undertaken
9. report and record the outcomes of the management of risks

Additional Information

This National Occupational Standard was developed by Skills for Health. This standard links with the following dimension within the NHS Knowledge and Skills Framework (October 2004): Dimension: Core 3 Health, safety and security