Information Governance Policies For Dar AlSalam Hospital

Question

Task:
Assignment Details
You are required to create an information governance policy for an organisation and write an accompanying report in which you justify the approach and content of the policy and propose an implementation strategy. Choose an organisation you know sufficiently well to be able to complete the assignment and address the assessment criteria. It may or may not be an organisation you currently or have previously worked for and you may wish to anonymise it.

Policy
The policy should be overarching i.e. a statement of intent that provides the organisation with an holistic approach to information governance. It should therefore reference other relevant policies that are either already in place or in need of development, for example, an information security policy, email policy, data privacy policy. The policy should be fit-for purpose were it to be implemented in practice. As a minimum it should contain:

• Aim or purpose
• Scope (e.g. all of or selected functions or operating jurisdictions)
• Objectives
• Roles and responsibilities
• Related policies and/or procedures
• Monitoring, measurement, and review mechanisms
• Approval

You may include other sections as appropriate for the organisational context. You are also free to determine the length of the policy, as its word length is not part of the word limit for the assignment.

Answer

Information Governance and Compliance Report
Introduction
The threats from cybersecurity and hackers can result in compromising data of clients and patients. Healthcare sector stores very crucial information that can be misused by potential hackers and cyber criminals. The Healthcare sector has been under pressure for protecting the data while improvising information security. The Information Governance Policy is one of the key strategies in improving the data security while also providing several other benefits to the organizations. The report aims to analysing and evaluating information governance policies for Dar AlSalam Hospital that is located in Amman (Jordon).

Background of the organization
The Hospital is located in the southwest regions of Amman. The heritage of Arab and Islamic Culture is the basis for considering human care. The company works in the health care industry of Amman and provides several medical facilities to the locals and the refugees. Dar AlSalam Hospital is majorly characterized in developing medical and therapeutic services thus keeping pace with the rapid development in treatments of its patients. The hospital is equipped with the modern equipment that is procured from international companies that helps the firm in providing the best medical services.

Nature of Business
Dar AlSalam Hospital is a renowned health care unit that is located in Amman (the capital city of Jordon). It is equipped with advanced healthcare solutions with qualified doctors and staff members. The services of Dar AlSalam Hospital are extendable to local citizens as well as refugees. This health care organization guarantees its patients with high-quality care, respect, and efficient staff. Thus, the mission and vision statements of Dar AlSalam Hospital ensure acquiring state of art technology, providing educational programs while also aligning with evidence-based practices. Dar AlSalam Hospital is equipped with services that include Pharmacy, Laboratories, biomedical, marketing, Physiotherapy, radiology, safety, human resources, insurance, nursing, infection, and quality control. It aims in utilizing the Performance Improvement Standards for fulfilling the organizational vision and mission statements. The core values of this health care unit are teamwork, respect, maintaining standards, social responsibilities, and honesty. As mentioned, the services of Dar AlSalam Hospital is also given to refugees that includes

Primary health care service
The company provides primary health care services to the registered Syrians at funded prices. The facilities are provided in the Public Health Centres and Government hospitals. However, the patient should have a UNHCR card or MOI Card for receiving the monthly cash assistance.

Emergency Care
The patients can seek emergency services at all government hospitals for Syrians in holding in UNHCR registrations. If a Syrian wants a medical emergency might not have UNHCR registrations.

Tertiary Care
The treatment for tertiary costs is required pre-approval from UNHCR that is held every month. Mental Health Services can also be provided for registered Syrians.

Jurisdictions
Jordan is known for its high-quality health care services and thus forms one of the spots for medical tourism in the regions of the Middle East and North African Region. The maximum population and efficient medical facilities are located in Amman which also forms the capital city. The medical sector of the region is divided into major parts of the public and private sectors. The public comprises 67% of the total available beds. The United Nations High Commissioner for Refugees has been providing medical care services to the refugees of Syria. The regions lack national digital health records thus, the usage of electronic prescribing procedures is not universal in all hospitals (Nazer&Tuffaha, 2017). The government has obligated all medical practitioners to register under “Jordan Food &Drug Administration”. Thus, the prices of the medications are determined from the "Jordan Food &Drug Administration".

The government has established JRDL (“JordonRational Drug List”) for containing the costs of pharmaceuticals, the committee is also responsible for covering specialty medicines. Several vaccinations are given for free to the locals and refugees. It can be said that jurisdictions and health strategies by the Jordan Government have helped in strengthening the public and private health care systems. Also, the country has stepped into the technological era by establishing an electronic medical library for students and medical practitioners. However, the country lacks proper information systems for maintaining national health records which also leads to high costs of maintaining health care infrastructure (WHO, 2019).

Importance of Information Governance
It is often said that information governance in health care is far behind the implementation and use of technology in other industries globally. There is a great requirement of controlling health-related information to protect data breaches while also helping in the development of evidence-based practices thus proving care value (Smallwood, 2019). The major benefits of Information Governance to Dar AlSalam Hospital are

• Enhanced Information Security
• Improved Accuracy while dealing with the external partners
• Healthy Bottom lines for payers
• Enhanced outcomes for member and patient

Healthcare patients’ records are exposed to risks due to the high value in the black market. However, it is always debated about the value of patient health information when compared to financial data. Also, the hospital shares and exchanges information with several external stakeholders and other healthcare units (McClelland, 2018). It becomes essential in preserving the integrity and accuracy that is being shared outside the organizational servers.Thus, the information governance policies help inefficient management and exchange of crucial and confidential information.

Habits of good information governance help in reducing the severity of breaching that further reduces the financial impacts of compromised security. The financial costs involve fine, credit supervision payments, litigation costs, and others. Information management helps in coordinating care amongst medical specialties (WHO, 2019). For instance, the patients are required to fill several forms for meeting specialists and outpatient therapies.

Information Governance policy provides several benefits to the company. It majorly helps in regulatory compliance and litigation activities for the firm. In this view, Dar AlSalam Hospital is situated in Amman (the capital city of Jordon) while it reaps several advantages after the initiation of the Information Governance Policies. In recent times, the majority of the hospitals use technology and advanced systems for storing the information and medical procedure through digital platforms (OpenText Corp, 2020). This helps in accessing the data as when required thus saving resources and time and money. However, digital technologies have severe drawbacks which include misuse of information and data theft. Hence, the application of information governance policy not only the hospital in complying with regulations while protects the data from cybercriminals (Phelan et al, 2020). Dar AlSalam Hospital saves costs from improved IT and efficient use of information storage as unnecessary data is eliminated from the main corporate systems. An efficient information governance program helps the Dar AlSalam Hospital in business agility while also reaping profitability advantages. In this view, the organisation understands the importance of information stored thus placing the processes and procedures to help Dar AlSalam Hospital in unlocking business analytics and collaboration. Depicts that electronic patient records have become business-critical information for health care providers globally. It can be said that healthcare delivery and patient outcomes of Dar AlSalam Hospital is dependent on the effective ways of collecting and organizing value information of clients.

It can also be said that a lack of insights and inefficient control of health data might impede business procedure thus, resulting in high storage costs while also increasing compliance failures. Information Governance Policy has emerged as a procedure of discipline in the healthcare sector (Brown&Marsden, 2013).

Principles and Best Practices of policy
The information governance framework helps in the co-ordination of the organization thus adopting an interdisciplinary approach for the satisfaction of the information compliance requirements while also handling the risks during the optimization of information value. Being proactive in managing the crucial health of clients will help Dar AlSalam Hospital in maintaining privacy and confidentiality.

Dar AlSalam Hospital should adopt good information governance policies for protecting the health-related data of the patients. The company should possess good management of information systems (Banfield et al, 2013). Thereby, when duplicative data or little-used data are not stored in the main business systems, the chances of potential cyber-attacks are reduced.

Dar AlSalam Hospital can adapt the Information Governance Model for managing the healthcare complexities. The model involved the key maturity makers that further helps in the identification of critical requirements for developing a robust information governance policy.

The efficient information governance systems will help in reducing the health care costs of Dar AlSalam Hospital in the long- run. Thus, patients care (counselling for nutrition and other treatments) can be effectively managed while also reducing long- term costs.

It can be said that good governance in Dar AlSalam Hospital will help the doctors, nurses, therapists in providing better care services to the patients as accurate and detailed information help in a holistic view of the treatment procedure. Also, Dar AlSalam Hospital should have standardized procedures and integrated systems for sharing and exchanging patient information with other health care units and insurance companies (Tallon, 2013).

As the regulatory environment has become more intricate, Dar AlSalam Hospital needs to navigate its ways that include

• Understanding the generation of information
• Educating employees on Information Governance Regulations
• Simplifications for processes for an employee to follow
• Appointment of Chief Privacy Officer for focusing on governance and regulations
• Increasing Engagement with industrial groups while also consulting with external expertise.

Implementation Strategy (High-level Resource investment)
The implementation of the Information Governance Policy requires Dar AlSalam Hospital to realize principles and framework for the management and control of valuable data in the enterprise. Thus, the governance framework should be labelled as a high priority by all the leaders in the hierarchy. The recognition and management of information start from the collection and ends with the destruction of the valuable data. Thereby, establishing an information governance panel will help advise the efforts, publishing of white papers, and discussion with stakeholders (N. H. S England, 2013). Forming collaboration with different stakeholders will also help in creating self-assessment tools that will further help the hospital in determining their maturity in information governance and the development of organizational resources.

The implementation strategy of Dar AlSalam Hospital will include installing proper information systems that will be managed and handled by the Chief Executive of the company.

Conclusion
In the rapid development of technology, it has become important for implementing Information Governance Policies for protecting the data from a breach. It is said that the health sector is far behind in Information Governance Policies than other industries. In this view, Dar AlSalam Hospital is suggested to implement Information Governance policies for safeguarding the health crucial health data while improving business efficiencies. Dar AlSalam Hospital will reap the benefits within one year after adopting Information Governance policies.

Information Governance Policy
Introduction
This Information Governance policy will be preserved by the Chief Executive on behalf of Dar AlSalam Hospital. Information Governance Policy is a tool for managing personal information safely and securely thus maintaining ethical and quality standards in the health services. It will provide a consistent pattern for all the workers and staff for Dar AlSalam Hospital about the management of information that will involve

• Management of Information Governance
• Assuring Clinical Information
• Pledge in Confidentiality and Data Preserving
• Promising Corporate Information
• Ensuring Efficient use and storage of data

Information is considered to be vital assets in clinical patents and efficacy in the management of services and resources. The Information Governance Policy will play an important role in the governance of clinics, services planning, and management of performances.

It is of paramount importance for ensuring that the information is managed efficiently. Thus, appropriate policies, procedures, accountability, and infrastructure will help in providing robust governance in managing information.

This document will set out high-level principles for maintaining confidentiality, integrity, obtainability of data, and the role of information governance in promoting and building consistency level.

Aim or purpose
The policy will aim at recognising appropriate balance amongst “openness” and “confidentiality” in the usage and management of data. Dar AlSalam Hospital will support the practices and principles of corporate governance thus recognising public accountability. It will also place equivalent importance on the confidentiality and secured arrangements for safeguarding all personal information that relates to the patient as well as staff.

Dar AlSalam Hospital recognises the requirement of sharing patient information with several health organizations and institutions. Thus, the information will be shared with other agencies will be done in a controlled manner within the informed interest and consent of the patients and public interests.

Dar AlSalam Hospital also recognizes the importance of storing and collecting accurate, timely, and relevant information for delivering high-quality services. Also, it is the responsibility of all staff that includes clinicians and mangers for ensuring and promoting quality information while also actively using the information in the decision-making procedure.

The Information Governance Policy will help in protecting the organizational information assets from potential threats, hazards, and breach that might be internal, external, thoughtful, or accidental. Thus, Dar AlSalam Hospital will guarantee

• Information is protected from unauthorized and illegal access to internal/ external.
• Assurance of information to be confidential and private.
• High-quality data will be used for information.
• Regulations and Legislative frameworks will be met.
• Business Continuity Plans shall be formed, preserved, and tested.
• Respecting Subject's rights about the procedure with personal information.

Information Security Training shall be made accessible to all the workers and staff regarding information breach. In cases of Actual breach and suspicion, Information Governance Manager/officer will investigate the matter.

Equality Impact Assessment has been conducted that further concluded that this Information Governance Framework will have a low impact on the breach of information. This policy will aim to inform all worker about their roles and responsibilities that include

To increase the value of assets owned by the organization:

• Processing the information ethically and legally
• Recording the information accurately and in a reliable manner
• Shared and disclosure in an ethical manner
• Obtaining information for specific purposes

This policy aims to follow legal and ethical litigations passed by the National Information Governance Policy. Thus, the leader of the National Information Policy should be committed to setting out with the data security standards defined by National Data Guardian. Thus, Dar AlSalam Hospital should be accountable for demonstrating compliance with data protection legislation.

Scope
All the staff as well as other participants of the hospital, without exception, will be within the scope of this particular policy, including as well as without limitation. The employees will be required to abide by the policies as being developed in this present scenario during their employment. The teams in this regard will include:

• All commissioning support units involved in Dar AlSalam Hospital
• Central and regional Teams of the organisation
• NHS interim and management support of Dar AlSalam Hospital
• Strategic clinical networks
• Healthcare safety investigation branch
• Clinical senates; and
• NHS sustainable development unit

Objectives
The policy will ensure developing appropriate governing guidelines in relation to security and safeguard of information and to mitigate the potential of data-breach. Information governance in the industry of health care is vital and the same is to be implemented and used with the utilisation of technology. It is considerably crucial to control health-related information for protecting breach of data while at the same time helping in the case of development of evidence-based practices for proving care value. The major benefits that are to be assured in relation to Information Governance in this policy are

• Enhanced Information Security
• Healthy Bottom lines for payers
• Improved Accuracy while dealing with the external partners
• Enhanced outcomes for member and patient

Roles and responsibilities
Chief Executive: The entire accountability in relation to the procedural documents generally lies with the Chief Executive of the organization and the role of Accountable Officer is played by the same followed by the overall responsibility in relation to the establishment and maintenance of an effective document management and governance system. The Chief Executive will be required to abide by all statutory requirements while ensuring the proper management and governance of information and data.

Caldicott Guardian: Caldicott Guardians is to be appointed in all hosted bodies including commissioning support units. The National Medical Director will be appointed as the Caldicott Guardian. The responsiblity for this position will involve:

• Ensuing the NHS Improvement with regard to the satisfaction of the highest practical standards in relation to the management of patient identifiable data or information
• Facilitating as well as enabling sharing of appropriate information and thereby making decisions on behalf of NHS Improvement followed by advice on options in relation to lawful as well as ethical processing of data and information
• Representing Information Governance requirements as well as issues at Board level
• Ensuring that confidentiality issues will be accurately reflected in organisational policies, strategies and working procedures for the employees of the given organisation

Senior Information Risk Owner (SIRO): The National Director of Transformation and Corporate Development is nominated as Senior Information Risk Owner (SIRO) for the organisation. The responsibilities for this role will include:

• Taking ownership of the Information Risk Policy
• Understanding the strategic business goals
• Implementing and leading the Information Governance Risk Assessment as well as Management processes
• Advising the Board
• Receiving training to ensure the effectiveness in the role as SIRO

Data Protection Officer: The Data Protection Officer (DPO) can be identified as the Head of Corporate Information Governance who is entitles to report to the SIRO. The DPO will:

• Advise the organisation and other employees in relation to the compliance obligations regarding data protection law
• Advise on the requirement of data protection assessment
• Monitor compliance with regard to the data protection law
• Co-operate with the Information Commissioner

Information Asset Owners: Information Asset Owners (IAOs) will:

• Lead a culture of value, protection and utilisation of information for the ultimate benefit of the patients
• Understand as well as address identifiable risks to the asset and provide assurance to the SIRO
• Ensure that is a legal basis in relation to the processing and for any disclosure of any information
• Undertake training regarding specialist information asset as required

Related policies and/or procedures

Monitoring, measurement, and review mechanisms
Compliance with the developed policies as well as procedures as identified in this document are to be monitored followed by a Corporate Information Governance team, along with independent reviews including both Internal as well as External Audit on a regular basis. The Head of Corporate Information Governance will be held responsible for the procedure of monitoring, revision as well as updating this document in every 3 years.

Implementation of policy
The implementation of the identified Information Governance Policy in Dar AlSalam Hospital following the principles and framework for the management and control is to done based on certain resources. Thereby, the governance framework will be considered as a high priority by all the leaders in the hierarchy. Information governance framework for the policy will provide adequate and appropriate guidelines which staffs, employees as well as the management can follow. The recognition as well as management of information start from the collection and ends with the destruction of the valuable data. Hence, establishing an information governance panel will help advise the efforts, publishing of white papers, and discussion with stakeholders.

The implementation will be done following the resources that will include: IT Infrastructure worth $20,000, IT services and software worth $20,000, IT server and software & training worth the investment of $40,000, IT software complied with legislations $30,000, Education and training worth the investment of $40,000. These resources are crucial for the implementation of the policy proposal and will assist in executing it as well.

Approval
The Information Governance Policy will be approved by the designated officer responsible for protecting and managing the information. This policy prepared by referring to the outlines of different national frameworks in England ( & UK) that includes

• “Access to Health Records Act 1990 “
• “Administrative Law”
• “The Consumer Protection Act 1987”
• “Crime& Disorder Act 1988”
• “Data Protection Act of 1998”
• “Electronic Communications Act of 2004”
• “The Environmental Information Regulations (EIR) 2004”
• “The Freedom of Information (FOI)Act 2000”

This policy should be signed and followed by all employees and managers of Dar AlSalam Hospital. This policy defines the importance of collecting, storing, and sharing patients and employee data to other organizations and agencies safely and securely.

Reference List
Banfield, M., Gardner, K., McRae, I., Gillespie, J., Wells, R. and Yen, L., 2013. Unlocking information for coordination of care in Australia: a qualitative study of information continuity in four primary health care models. BMC Family Practice, 14(1), p.34.

Brown, I. and Marsden, C.T., 2013. Regulating Code: Good governance and better regulation in the information age. MIT Press.

England, N.H.S., 2013. Confidentiality Policy. NHS England, London.

McClelland, M. 8 Nov 2018. Benefits of Information Governance in Healthcare. [online] Available at: [ Accessed 3 Sep 2020]

Nazer, L.H., and Tuffaha, H., 2017. Health care and pharmacy practice in Jordan. The Canadian journal of hospital pharmacy, 70(2), p.150.

OpenText Corp, 2020. Top Benefits of Information Governance. [online] Available at: [ Accessed 3 Sep 2020].

Phelan, A.L., Katz, R., and Gostin, L.O., 2020. The novel coronavirus originating in Wuhan, China: challenges for global health governance. Jama, 323(8), pp.709-710.

Smallwood, R.F., 2019. Information Governance: Concepts, strategies, and best practices. John Wiley & Sons. Chap 6

Tallon, P.P., 2013. Corporate governance of big data: Perspectives on value, risk, and cost. Computer, 46(6), pp.32-38.

WHO, 2019. The Hashemite Kingdom of Jordan The Higher Health Council. [online] Available at: [ Accessed 3 Sep 2020]