60 seconds with Morag Rose and Marian Taylor
Morag Rose and Marian Taylor have recently joined the Department’s Operations Team as Information Governance Co-Ordinator and Data and Information Governance Lead respectively. They will be looking at what position the Department is currently in with regards Information Governance, with an aim to develop an information framework that is manageable and visible. In this ‘60 seconds with…’, they talk about the importance of Information Governance and what we can do to make sure we are all doing our part in successful information management.
What is Information Governance?
Information Governance is the approach that an organisation takes to manage, process and handle information. It provides a framework to ensure information is handled legally, securely, efficiently and effectively. This framework will aid the Department’s legal compliance and transparency, and will help reduce associated risks. Information Governance is the responsibility of every individual within the organisation.
What are your roles in this team?
Our role is to facilitate adherence to the Information Governance requirements stipulated by the Department, the Medical Sciences Division, the University, as well as those outlined in legislation and funding body/sponsor terms and conditions.
What is the difference between Data Governance and Information Governance?
The two are very similar! Information Governance centres on how data is used, retained and destroyed, and is typically a business or compliance function. It is a way to manage information that is held within an organisation by implementing processes and clarifying roles.
Data Governance is a collection of management practices & processes that manage the storage of information and its movement. Data Governance is generally an IT owned function and activities include management of networks, infrastructure, encryption and integrity.
What is at the top of your ‘to do’ list?
The main aim is to establish a Departmental information asset register, in collaboration with the University’s Governance team. The register will list all information records that the Department holds and will also become an invaluable tool to ensure compliance with the regulatory requirements of managing the information. It will also help us facilitate the appropriate information governance in relation to our valuable research assets; this includes timely reporting, updating, archiving and deletion of research data sets, as well as advising on whether sharing of data is permitted (and if so, how).
Our plan to complete this task is initially to meet with key individuals in the Department and have a discussion with regards the information that is held in their team. Hopefully we can identify most of the information that is required to populate the register from this meeting but this will be an iterative process as we understand more the nature of how groups work with data. Once created, the register will eventually be uploaded into a tool currently being developed by the University Security team to identify key risk areas. We will also be monitoring training for new staff and refreshers for existing staff.
What are the benefits of implementing good information governance?
Information is a key resource for any business and therefore having essential policies, purposes and processes in place will ensure that information becomes an asset, much like a piece of equipment. It will ensure the information is compliant with regulatory requirements, appropriate, up-to-date and accessible. In order to support all members of the Department, we need to know what data is out there!
In line with this, we are required to be made aware of data breaches, and having good information governance will ensure we are reporting – and applying – corrective and preventive actions to reduce future numbers of breaches.
Another benefit with implementing good Information Governance is that costs of information storage can be reduced. If the information has reached the end of its retention period, it can be safely disposed of, thereby freeing up storage space both electronically and physically. Older systems which are often not so secure may also no longer be required to access the information.
What experience do you bring to this role?
Between us, we have extensive experience in several areas of the Oncology Department, including EPCTU, OCTO and PROx. These teams cover a wide variety of data types, each with Information Governance processes that meet the needs of the data in question. We have been involved in inspections by the regulatory bodies, so are aware of how important it is to meet such Information Governance requirements.
If you have any questions for the team, you can reach them by emailing information.governance@oncology.ox.ac.uk