Information Governance, its Policies & Procedures
Information is an asset to every organization like any other asset — it, therefore, needs to be treated in the same way. The increased quality of information and avoidance of duplication of information always aid the organization.
Information Governance (IG) is a broader, richer, and holistic way of dealing with organizational information compared with the traditional management records. The Key aspects are not only limited to the creation of information its use and archiving and destroying but also covers the storage, security of, searching for, metadata, and legal aspects.
Information Governance covers a wide range of policies. The implementation may vary from one organization to another in line with the corporate policies. These may include a few of the below-enumerated policies:
Information security policy
Records management policy
Retention and disposal schedules
Archiving policy
Data privacy policy
ICT policy
Information sharing policy
Remote working policy
A major part of the Information Governance framework must be set and is completely dependent on the way organization and its employees treat the information and utilize it. This can be categorized into sections as enumerated below:
Legal and regulatory compliance
Creating and receiving information
Acceptable content types
Managing the volume of information
Managing personal information
Storing and archiving information
Collaboration and sharing information
Disposing of information
When asked about Information Governance, most people think of Information Governance policies and procedures. Policies are mandating to brief out the information governance service, and data protection rules for an organization relating to the real process on how information is treated.
Procedures carry policies and provide specific instructions as per the organization on how to implement the policies. It is essential to note that policies and procedures are only effective vis a vis the information governance elements are implemented such as roles, training, and monitoring.
There is a need for a drastic shift in the approach to learning information governance. Just to brief: Health and social care professionals must be educated and not relied upon simple training in effective Information governance policies and procedures.
The Information Governance procedure employs the Information Governance Policy providing existing and addiitonal information on Information Governance and outlining the processes need to ensure compliance with all regulatory and best practice requirements. The efforts are injected to ensure the ethical, secure, and confidential processing of information and use of information systems to support the provision of high-quality care.
The actual implementation of the organization’s information governance policy (processes and procedures) is where the tested actions can make the information to be properly governed. Enumerated are few examples of prescriptive procedures include:
- All information subject to regulatory retention should be moved/copied to the department share drive under the “compliance” folder within the specified time after finishing with it.
- All contract agreements, upon finalization, must be moved to the department SharePoint source within a fixed period after receipt and filed in the specific “contract” folder, tagged with the appropriate retention period.
- Any documents that contain personally identifiable information (PII), should be marked as secured in the appropriate repository at the earliest.
- Information governance procedures keep the individual informed on what should happen to the information and the way it is to be handled.