Information Governance and Assurance

About our work

The Information Governance and Assurance Team provides oversight and national direction on Information Governance (IG) and assurance matters to health and social care organisations in Scotland.

Our goal is to ensure that we have mature and appropriate IG processes in place so that innovations driven by data and by digital technologies enable Health and Social Care to work and improve in a transparent, fair, consistent and secure way, with the benefits for people always at the forefront of our minds.

The Digital Health and Care Strategy’s vision is, ‘To improve the care and wellbeing of people in Scotland by making best use of digital technologies in the design and delivery of services.’

As part of that Strategy, we have stablished the National Information Governance Plan (NIGP). The NIGP takes a holistic, strategic approach to IG so that information across Health and Social Care is a secure enabler of improvement for people.

What we do

Our team works on the following:

  • We provide advice to Scottish Ministers, policy leaders, health boards, social care providers and other stakeholders, in the areas of data and digital governance, management and assurance within the health and social care sector. Our advice covers privacy, data protection, records management, information assurance, and the management of information and privacy risks.
  • We provide support to the development of digital solutions for the health and social care sector, ensuring all privacy, quality and security elements are considered and set out in Data Protection assessments, other risk assessments, and Privacy Notices. The Protect Scot app and COVID Status app are good examples of this type of work.
  • We create guidance for health and social care professionals to carry out their work through data and digital systems in a safe and supported way. An example of this is the Confidentiality Code of Practice for Health and Social Care.
  • We lead on national IG policies and the development of the strategic direction for IG in the health and social care sector in Scotland. We work through the 2021 Digital Health and Care Strategy and the Data Strategy for Health and Social Care.
  • We support research and innovation and wider public sector initiatives through collaboration with steering groups and Boards.
  • We lead on developing and enacting the National IG Plan for health and social care.

The core areas of work

We established the NIGP as a response to the ambitions of the Digital Health and Care Strategy, the Data Strategy for Health and Social Care, and the recommendations to improve Information Governance set out in the National IG Review.

The NIGP aims to provide:

  • a more balanced, federated IG model that will support a more efficient way of making decisions and managing data and digital across all health and social care in Scotland
  • a strong commitment to continually maturing IG across the health and social care ecosystem
  • empowered people, prepared for their roles (both citizens and those who work with data and digital technologies)
  • the right tools for IG tasks
  • enhanced transparency of how data and digital is used across health and social care and of how decisions concerning data are made
  • transformative, participatory public engagement

What is Information Governance all about?

Health and social care services use data and digital technologies to provide better services and, ultimately, improved outcomes for people.

Information (data) and digital systems are used everywhere across health and social care services, from the computers used by your GP to websites used for booking appointments, and many other applications. And, of course, it is created through the use of written paper records.

Information Governance (IG) is about:

  • the way decisions are made over the data and digital technologies used across health and social care,
  • how data and digital technologies are managed,
  • managing the foreseen data and digital risks, and
  • ensuring there is visibility of the benefits that data and digital provide in practice.

For example, if you catch flu and see your doctor, your doctor will record that information. When dealing with your information, professionals have to decide how that data is handled, if it is accurate, if it can be shared, and so on. Sometimes data, used safely and effectively, can be for the benefit of the individual, and sometimes it can be for the benefit of Scotland’s population as a whole. IG enables both of those things to happen within set boundaries, so that your data can be managed in the best and safest way possible.

How your information is stored, how different health and social care workers share information, how they can collaborate, how the quality of the health and social care service you receive is monitored and improved, how research can be carried out, how digital innovation and telehealth/telecare can be brought to Scotland’s people – all of these things are examples of ways in which IG enables secure and valuable work.

IG is fundamentally about ways to ensure data and digital driven innovation improves outcomes for people when they use health and social care services.

Examples of work done

Medicine Registries help clinicians better understand the use of medical implants and devices across NHS Scotland. They let medics work to investigate problems more easily, ensuring prompt action when required. They show clearly how things are working across different locations, surgeons, device brands, and so on. And they ensure patients can be kept up to date on their own specific progress, while being part of the wider group covered by each registry.

Information Governance supports registries in a number of ways. Transparency is vital, and in following data protection principles we can ensure people are kept aware of the areas they want to know about, building their trust in us holding such data. These principles include us publishing online material, such as privacy notices, that make clear to patients how they can access their data and how and why it is used. We also provide specific leaflets for patients, clearly explaining the registry, the benefits of it, and again how they can access their data when they want to. We ensure we follow carefully any laws and legislation, and that these are explained to patients in an easily understood way. Information Governance ensures registries stick to the correct Records Management policies, as explained by the Health and Social Care Records Management Code of Practice. Not least, we also ensure all accessibility requirements are met, accounting for Scotland’s diverse population and needs, and delivering a service that all can understand and feel comfortable with.

Information Governance support to Medicine Registries, through its processes and frameworks, ensures it is easier to find and investigate issues with any particular devices or procedures. If a product is recalled, patients can be contacted faster and more efficiently. IG makes it easier to investigate the long-term effects of surgical implants. And the patient and doctor together will be able to make more informed decisions about future care.

To work properly, all of this needs the right Information Governance.

Our work

The Digital Health and Care Division is involved in a wide range of work across health.

Our Strategy

Scotland’s refreshed Digital Health and Care Strategy was launched on 27 October 2021. A joint initiative between the Scottish Government and COSLA, it outlines approaches to improve the care and wellbeing of people in Scotland.