We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. Cookie policy.
Cookie settings.
Functional Cookies
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
1 Introduction
1.1 Policy statement
Lambeth Walk Group Practice recognises that data quality is of the utmost importance, underpinning the quality of service delivered to patients along with the operational effectiveness of Lambeth Walk Group Practice.
The purpose of this document is to set out a clear policy framework for maintaining and increasing high levels of data quality within Lambeth Walk Group Practice. The way in which data is collected and analysed can influence the results and it is, therefore, important to have a clear and open framework in place that supports this process and accurately reflects the practice at Lambeth Walk Group Practice.
This policy sets out how Lambeth Walk Group Practice will collect, analyse and report data and should be read in conjunction with the following:
- Confidentiality and Data Protection Handbook
- UK GDPR Policy
- Caldicott and Confidentiality Policy
- Access to Medical Records Policy
- Freedom of Information Policy
- Confidentiality Code of Practice
The following legislation supports this document:
The key legislation and guidance supporting this Data Quality Policy are:
- NHS E Records Management Code of Practice
- Data Protection Act 2018 (incorporating the UK GDPR at Part 2 Chapter 2)
- Access to Health Records Act 1990
- Freedom of Information Act 2000
- Public Records Acts 1967
The following eLearning is available in the HUB:
- Caldicott and Confidentiality
- GDPR – The Perfect Practice
- Information Governance and Data Security
- UK General Data Protection Regulation (UK GDPR)
1.2 Status
In accordance with the Equality Act 2010, we have considered how provisions within this policy might impact on different groups and individuals. This document and any procedures contained within it are non-contractual, which means they may be modified or withdrawn at any time. They apply to all employees and contractors working for Lambeth Walk Group Practice.
2 Requirements
2.1 Data quality
Data quality is the ability to supply accurate, timely and complete data which can be translated into information whenever and wherever it is required. Data quality is vital to effective decision making at all levels of Lambeth Walk Group Practice.
Supplying accurate data is a complicated task for a number of reasons:
• There are many ways for the data to be inaccurate – data entry errors, incomplete data, etc.
• Data can be corrupted during translation depending on who is translating it, how and with what tools or processes
• Data must relate to the correct time period and be available when required
• Data must be in a form that is collectable, and which can subsequently be analysed
To ensure an organisation achieves data quality, it must set out how:
• Data is collected and co-ordinated
• Data is transferred between systems
• Data is organised
• Data is analysed
• Data is interpreted
• Conclusions and results drawn from the data are validated
It should be noted that all collection, storage, processing and reporting of personal identifiable information is governed by detailed legal requirements under the Data Protection Act 2018 and associated NHS guidance.
Lambeth Walk Group Practice will ensure there are processes in place covering all aspects of data collection, manipulation and reporting. All staff must understand the need for data quality and the value of having high-quality data as well as how they may contribute to achieving it.
2.2 Responsibilities
The following roles have data quality responsibilities and define policy and strategy when also considering the legal requirements.
• Information Governance (IG) Lead
The IG Lead is ordinarily the same person as the Caldicott Guardian. This role is to provide professional supervision, support and advice to staff ensuring Lambeth Walk Group Practice’s ongoing compliance with legislation and best practice, in particular to those working as departmental heads and Information Asset Owners (IAOs) operating across the breadth of Lambeth Walk Group Practice.
The IG Lead will also take ownership of the data asset and data mapping registers, document strategies, policies, procedures and, where appropriate, guidance for staff to follow, provide clear and effective management and accountability structures while ensuring the IG strategy satisfies current legislative requirements evidenced though the annual DSPT self-assessment process.
• Senior Information Risk Owner (SIRO)
The SIRO reports to the management on information risks following assurance from
IAOs and/or IG subject matter experts. Information risk management is an essential component of Lambeth Walk Group Practice's IG strategy.
The SIRO works closely with the IG Lead to support confidentiality and is supported in their role by Lambeth Walk Group Practice’s line managers who have overall responsibility for the management of and support for all aspects of corporate and clinical governance, coupled with any related risk management. The SIRO oversees the implementation of the annual IG work programme to deliver the requirements of the Data Security Protection Toolkit (DSPT).
The SIRO also ensures the provision of technical advice and support as required, either in-house or through external resources. The SIRO is the Practice Manager.
• Information Asset Owner (IAO)
IAOs are identified for every electronic system and networked folder held within Lambeth Walk Group Practice. The IAOs will be responsible for understanding and addressing what information is held within their business area, what is added, what is removed and the risks to the security and quality of data held within these systems. This includes compliance with relevant legislation and adherence to national standards to provide the relevant assurances to the IG Lead and SIRO.
An IAO will be responsible for an information asset in terms of:
o Identifying the risks associated with the information asset
o Managing and operating the asset in compliance with policies and standards
o Ensuring the controls implemented manage all risks appropriately
• Information Asset Administrator (IAA)
The IAO is supported by IAAs who work on a day-to-day basis with information contained in an information asset. They have day-to-day responsibility for the asset and make sure that policies and procedures are applied and adhered to by staff and can recognise actual or potential security incidents relating to their information asset.
The IAA will generally be more familiar with the information, any systems and any risks in their area. This may include responsibilities for data quality, resolving system issues, managing user access, i.e., setting users up with log-ons to the system with appropriate access rights according to their role.
• Data Protection Officer (DPO)
This supporting role is key to ensuring that Lambeth Walk Group Practice can demonstrate it complies with the UK GDPR. The DPO is independent from Lambeth Walk Group Practice and is an expert in data protection.
Further details for this role can be found in the Information Commissioner’s Office (ICO) guidance titled Data protection officers.
• All staff
All personnel are responsible for:
o Ensuring the data they record is accurate
o Ensuring processes and policies are adhered to
o Reporting errors in a timely manner
o Raising any concerns they have about data quality appropriately
For further information on all IG roles, refer to the Confidentiality and Data Protection Handbook.
2.3 Data quality standards
NHS E provides guidance on good quality data in its document titled Data quality improvement. This guidance also lists why data quality is important to the NHS and the questions that should be asked.
2.4 Data quality strategy
When considering data quality, the following strategies are to be committed to by Lambeth Walk Group Practice:
Compliance Provide complete, accurate, appropriate, accessible and valid data by applying national and European legislation and standards.
To ensure that staff understand their role and that they are aware of the legislative requirements and provide a high quality and secure service that meet the expectations of the service user and any regulating body.
Assess Develop best practices for assessing and controlling data quality.
Audit Undertake continuous improvement of the processes, services and procedures for collecting, maintaining and recording data.
Review and update data protection measures through objective and competent system evaluation and reassessment of its effectiveness.
Ensure appropriate checking and the identification of the reasons for suspected and identified data breaches.
Discuss Communicate in a professional, open and transparent manner with all patients and partners.
Train Provide ongoing training on the issues of processing, recording and maintaining complete, accurate, accessible, appropriate and up-to-date data and keeping employees aware of the importance of their personal contribution.
Promote the motivation, professional development and communication skills of all staff members.
Manage Optimise and managing all data by monitoring and managing the processes implemented in Lambeth Walk Group Practice.
To ensure confidentiality, integrity and access to all physical and electronic data information using planning, selecting, implementing and maintaining adequate organisational and technical measures to protect it based on systematic risk analysis and applying regulatory and contractual requirements.
Set quality data protection requirements for all employees including those working on behalf of Lambeth Walk Group Practice.
2.5 Validation methods
Validation should be accomplished using some or all of the following methods:
• On submission of data returns, procedures will exist to ensure the completeness and validity of the data sets used. This can be done by comparing to historical data sets, looking at trends in the data and also by cross checking the data with other staff members
• Regular spot checks by staff members which involves an analysis of a random selection of records against source material, if available. Spot checks should be done on an ongoing basis (at least quarterly) to ensure the continuation of data quality
• Lambeth Walk Group Practice will endeavour to ensure that the timescales for the submission of information are adhered to and that the quality and accuracy of such submissions is of the highest standard. Internal deadlines for the completion of data sets to ensure national timescales are achieved will be explicit and monitored
• Lambeth Walk Group Practice routinely receives activity information from its service providers. This information is used to monitor the performance of contracts and to contribute to the service planning and development processes
• Sufficient and appropriate checks are made by the service providers to ensure that the information received is accurate and complete. When data falls outside the anticipated range, a more detailed evaluation and validation is undertaken
2.6 Incident reporting
Should any member of staff become aware of a data breach, the IG Lead, SIRO and DPO must be informed within 24 hours of the incident being identified.
Detailed guidance and a reporting form can be found in Lambeth Walk Group Practice’s Information Governance Breach Reporting Policy.