Information Governance and Assurance

About our work

The Information Governance and Assurance Team provides oversight and national direction on Information Governance (IG) and assurance matters to health and social care organisations in Scotland.

Our goal is to ensure that we have mature and appropriate IG processes in place so that innovations driven by data and by digital technologies enable Health and Social Care to work and improve in a transparent, fair, consistent and secure way, with the benefits for people always at the forefront of our minds.

The Digital Health and Care Strategy’s vision is, ‘To improve the care and wellbeing of people in Scotland by making best use of digital technologies in the design and delivery of services.’

As part of that Strategy, we have stablished the National Information Governance Plan (NIGP). The NIGP takes a holistic, strategic approach to IG so that information across Health and Social Care is a secure enabler of improvement for people.

What we do

Our team works on the following:

  • Provision of advice to Scottish Ministers, policy leaders, health boards and stakeholders, in areas of data and digital governance within the health and care sector, including privacy, data protection, records management, information assurance, and the management of information and privacy risks.
  • Support to the development of digital solutions for the health sector ensuring all privacy, quality and security elements are considered and set out in Data Protection and other risk assessments and Privacy Notices. The Protect Scot app and Covid Status app are good examples of this type of work.
  • Support in writing guidance for health professionals to conduct work in a safe and supported manner, for example Speech and Language therapists’ guidance for working in Covid environments.
  • Leading on national IG policies and the development of the IG strategic direction for health and care in Scotland through the 2021 Digital Health and Care Strategy and the Data Strategy for Health and Social Care.
  • Supporting research and innovation and wider public sector initiatives through steering groups and Boards.
  • Lead on the National IG Plan for health and social care.

The core areas of work

We established the NIGP as a response to the ambitions of the Digital Health and Care Strategy, the Data Strategy for Health and Social Care, and the recommendations to improve Information Governance set out in the National IG Review.

The NIGP aims to provide:

  • a more balanced, federated IG model that will support a more efficient way of making decisions and managing data and digital across all health and social care in Scotland
  • a strong commitment to continually maturing IG across the health and social care ecosystem
  • empowered people, prepared for their roles (both citizens and those who work with data and digital technologies)
  • the right tools for IG tasks
  • enhanced transparency of how data and digital is used across health and social care and of how decisions concerning data are made
  • transformative, participatory public engagement

What is Information Governance all about?

Health and social care services use data and digital technologies to provide better services and, ultimately, improved outcomes for people.

Information Governance (IG) is about the way decisions are made over the data and digital technologies used across health and social care, and about how these technologies are managed. Information (data) and digital systems are used everywhere across health and care services, from the computers used by your GP to websites used for booking appointments, and many other applications. And, of course, it is created through the use of written paper records.

For example, if you catch flu and see your doctor, your doctor will record that information. When dealing with your information, professionals have to decide how that data is handled, if it is accurate, if it can be shared, and so on. Sometimes data, used safely and effectively, can be for the benefit of the individual, and sometimes it can be for the benefit of Scotland’s population as a whole. IG enables both of those things to happen within set boundaries, so that your data can be managed in the best and safest way possible.

How your information is stored, how different health and social care workers share information, how they can collaborate, how the quality of the health and social care service you receive is monitored and improved, how research can be carried out, how innovation can be brought to Scotland’s people – all of these things are examples of ways in which IG enables secure and valuable work.

As with everything Health and Social Care does, IG is fundamentally about guiding ways to improve outcomes for people when they use a public service.

Examples of work done

We developed the Covid Status app (also known as the Covid vaccination certification or Covid passport) at pace to support the ability of people in Scotland to travel internationally. It also allowed access to domestic venues, as Covid policy changed in response to each Covid variant. This effectively become the first national way for the public to access their vaccination health record information digitally.

Data protection and transparency were key to success as the Scottish Government introduced, for the first time, a national app that allowed people to access health information (their ‘vaccination passport’). It used biometric identity verification to ensure the correct health vaccination record was being accessed. The challenge for our team was to ensure that all IG requirements were considered as the design of the app progressed rapidly. We needed to ensure that the correct data protection was in place, and that the app explained to people how their data was collected and used, and for what purpose. This included producing a Data Protection Impact Assessment that covered the vaccination journey from end to end, and developing an appropriate privacy notice and privacy policy that informed people how their data would be used and protected while also being open and transparent about how the app worked.

We recognised that not all people would use the app, and a non-digital route was also developed with the same IG considerations. This work continued as we supported the vaccination booster programme, the vaccinations of 12–15 year-old people, and the vaccination of the youngest group (5-11 year-olds). We have worked to ensure that they, too, can access their health vaccination records while also ensuring that the most appropriate level of security is designed and incorporated into the programme.

Prior to Covid, our team developed the Scottish Information Sharing Toolkit, which includes standard templates and guidance to assist with these IG tasks in a consistent manner across a complex mixture of organisations and relevant post holders.

Our work

The Digital Health and Care Directorate is involved in a wide range of work across health.

Our Strategy

Scotland’s refreshed Digital health and care strategy was launched on 27th October 2021. A joint initiative between the Scottish Government and COSLA, it outlines approaches to improve the care and wellbeing of people in Scotland.