Information incidents include a loss/breach of staff/patient/service user personal data, a breach of confidentiality or other effect on the confidentiality, information security or quality of staff/patient/service user information. All incidents and near-misses should be reported, recorded and appropriately managed so that where incidents do occur, the damage from them is minimised and lessons are learnt from them. An Information Governance Serious Incident Requiring Investigation (IG SIRI) deemed reportable to national bodies e.g. the Information Commissioner, should be recorded and communicated via the IG Toolkit Incident Reporting Tool.
Responsibility for leading on the management and reporting of information incidents has been assigned to an appropriate member of staff. Where necessary and available, support is obtained from the commissioning organisation.
Incident management and reporting procedures have been implemented and staff have been informed of how to report incidents and near-misses.
There are incident management and reporting procedures.
Staff members have been informed of the incident reporting procedures and in particular of their own responsibilities for reporting incidents and near-misses.
Any information incidents that arise are reported to the senior management team and where necessary to the commissioning organisation and external parties. Reports include details of investigations or action taken and detail any possible countermeasures.
No incidents have been reported
Incident reporting and management procedures are being followed and appropriate action is taken in the event of an incident or near-miss. Incident reporting and management procedures are regularly reviewed.
Providing staff with procedures for reporting incidents does not provide sufficient assurance that the procedures have been understood and are being followed. Therefore compliance checks and routine monitoring are conducted.
Latest Information Governance Review meeting
Information incidents and near-misses are appropriately discussed with staff and where necessary, retraining is carried out or new security measures are implemented.
No incidents have been reported