Information Governance and Assurance

About work area

The Information Governance and Assurance team provides both oversight and national direction to Health and Care organisations in Scotland on information governance (IG) and assurance matters.

Our goal is to ensure Health and Care in Scotland has mature IG processes in place to enable data-driven and digital-driven innovations across health and care in a transparent, fair, consistent and secure way.

The refreshed Digital Health & Care Strategy vision is:‘To improve the care and wellbeing of people in Scotland by making best use of digital technologies in the design and delivery of services.’

Data and Digital Technologies chart

As part of that strategy, and the new Data Strategy for Health & Social Care, we are developing the National IG Programme for Health and Care; a strategic and holistic IG approach to enable end-to-end information across health and care in a resilient and secure digital environment. This is an innovative programme of work to improve information governance and security across health and care in Scotland, including empowering people, streamlining processes, and ensuring we have the right tools in place for a diversity of information governance and security tasks you may require.

We also provide support to other teams across the Scottish Government and provide national policies, guidance, and tool kits for everyone to use, particularly wherever health and care data and digital systems are in the mix. We work closely with colleagues in the Scottish Government Digital Directorate, the Data Protection team, and the Chief Data Officer.

What the area does

Our team works on the following:

  • Provision of advice to the Scottish Ministers, policy leaders, health boards and stakeholders, in areas of data and digital governance within the health and care sector including privacy, data protection, records management, information assurance, and the management of information and privacy risks.
  • Support to the development of digital solutions for the health sector ensuring all privacy, quality and security elements are considered and set out in Data Protection and other risk assessments and Privacy Notices. The Protect Scot app and Covid Status app are good examples of this type of work.
  • Support in writing of guidance for health professionals to conduct work in a safe and supported manner, for example Speech and Language therapists’ guidance for working in Covid environments.
  • Leading on national IG policies and the development of the IG strategic direction for health and care in Scotland through the 2021 Digital Health and Care Strategy and the Data Strategy for Health and Social Care. Supporting research and innovation and wider public sector initiatives through steering groups and Boards
  • Lead on the National IG Programme for Health and care

The National IG Programme for Health and Care core areas of work are:

  • The Health and Care federated IG model
  • IG maturity models: continual improvement plans for health and care organisations.
  • Empowering people for their role in data and digital and the National IG Competency Framework
  • The right tools for the IG and Assurance tasks.
  • Enhanced transparency
  • Transformative participatory Public Engagement

Example of work done

The Covid Status app (vaccination certification/passports) was developed very rapidly to support the ability of people to travel internationally. It also allowed them access to domestic venues as the government Covid policy changed to match the risk of each Covid variant. This effectively become the first national route where the public could access their vaccination health record information digitally.

Data protection and transparency were key to the success of this app as it introduced for the first time a national app that allowed people to access health information (their vaccination passport). It used biometric identity verification to ensure the correct health vaccination record was being accessed. The challenge for our team was to ensure that all IG requirements were considered as the design of the app progressed. We needed to ensure the correct data protection information was in place, and that it explained to people how their data was being collected and used, and for what purpose. This included producing and writing the data protection impact assessment that covered the vaccination end to end journey and developing an appropriate privacy notice and privacy policy which informed people how their data is used and protected, while also being open and transparent about how the app worked.  Prior to COVID, our team developed the Scottish Information Sharing Toolkit, which include standard templates and guidance to assist with this IG tasks in a consistent manner across a complex mixture of organisations (data controllers and data processors).

We recognised that not all people will use the app and a non-digital route has also been developed with the same IG considerations.

This work continues as we support the vaccination booster programme, the vaccinations of 12 – 15-year-old people, and the vaccination of the youngest grouping of 5 -11 years old. We have worked to ensure that they can access their health vaccination record whilst also ensuring the most appropriate level of security is designed and incorporated into the programme.

Our work

The Digital Health and Care Directorate is involved in a wide range of work across health.

Our Strategy

Scotland’s refreshed Digital health and care strategy was launched on 27th October 2021. A joint initiative between the Scottish Government and COSLA, it outlines approaches to improve the care and wellbeing of people in Scotland.