NHS Derby City

Information Management and Technology
Strategy

2009 – 2012

Version 2.0

August 2009

Policy reference:
041/ 09 / TB / Aug 09
Version:
Version 2.0
Ratified by:
Information Governance Group
Date Ratified:
August 18th 2009
Name of Originator/Author:
Grant Oliver
Name of responsible
IM&T Strategy Group
committee/individual:
Policy Sponsor:
Rakesh Marwaha, Director of Performance and Knowledge
Management
Date Issued:
August 2009
Review Date:
July  2010
Target Audience:
All Staff
Information Management & Technology Strategy
Page 1 of 8
Version 2 revised August 2009

NHS Derby City
Information Management & Technology Strategy

1.  Introduction and Purpose

The aim of the Information Management and Technology (IM&T) strategy is to
support NHS Derby City in the delivery of products and process to meet
National and Local agenda for IM&T in order to achieve the delivery of world
class commissioning of services. This is a three year programme that is
subject to annual review.

2.  Organisational Accountability

It is the role of the NHS Derby City Board to define the organisational policy in
respect of IM&T. The Board is also responsible for ensuring that sufficient
resources are provided to support the requirements of the policy.

The Chief Executive (as Accountable Officer for the organisation) has overall
accountability and responsibility for IM&T and is required to provide
assurance through the Statement of Internal Control that all risks to the PCT,
including those relating to IM&T, are effectively managed and mitigated.

Operational responsibility for IM&T will be discharged by the nominated
Executive Director (the Director of Performance and Knowledge
Management). The organisation will develop effective and appropriate
mechanisms to deliver and monitor compliance against NHS and statutory
requirements.

3.  Intended Users and Scope of the Policy

This policy covers all IM&T assets within the organisation, including (but not
limited to):
•
Clinical Systems
•
PCs and Laptop
•
Other Hardware
•
Software

Information Management & Technology Strategy

Page 3 of 8
Version 2 revised August 2009

•
Infrastructure
This policy applies to all members of staff including temporary staff.

4
Full Details of Policy

4.1
Executive Summary

The aims of the Information Strategy are to align our Information,
Knowledge Management, Infrastructure and products to meet the National
and Local agenda in the commissioning of world class services.

We aim to meet these new challenges by aligning the strategy with the
service needs of the organisation; therefore being service led not IT led.

The three main strategic aims of the organisation are:

•  To improve the health and achieve equality of outcome for the
population of Derby.

•  To continuously improve the services commissioned by the Primary
Care Trust on behalf of the people of Derby.

•  To actively engage the people of Derby to secure their trust and give
them confidence in their public sector organisations.

4.2
Strategic Vision

A set of national informatics expectations for 2009/2010 is referred to in the
NHS Operating Framework. These National Expectations are shown in the
diagram below. NHS Derby City has produced a local informatics plan that
meets national expectations and exploits the solutions available under NPfIT
contracts.

We will work with the national teams and NHS East Midlands in the delivery of
the national agenda. We aim to map the local agenda where possible to
existing initiatives to gain additional benefits.  Where this is not possible, we
aim to evaluate and procure additional products and services.

Information Management & Technology Strategy

Page 4 of 8
Version 2 revised August 2009

The diagram below shows in more detail both the National Drivers and the
Local Drivers.

AIM

To support National Expectations and Local delivery

Interoperability between all systems and processes

National Drivers
Local Drivers
Electronic Prescription Service
Healthy Derby 5 year strategy
GPSoC (GP Systems of Choice)
Effective Commissioning
Choose & Book
Information and Knowledge Management
NHS Choices
IM&T DES
GP2GP (Transfer of records between
Performance monitoring
GPs)
Outcomes and benchmarking
Summary Care Record
Data quality and accreditation
IG Toolkit (Information Governance)
GP IT Infrastructure programme
Operating Framework
Skilled workforce in the use of tools and
Devolve National Expectation
technology
Programme for IT

Information Management & Technology Strategy

Page 5 of 8
Version 2 revised August 2009

4.3      Strategic Aims of the IM&T Strategy

The three aims of the IM&T Strategy are to:

•
Support the delivery of services to patients to enable information to
be shared in a timely, effective, safe and secure manner meeting
statutory requirements and public expectations.

•
Improve clinical quality and service delivery by consistently
achieving a consistent high level of data quality across information
systems

•
Support staff through learning and knowledge management so that
they are able to use tools and technology effectively as an integral
part of effective service delivery.

4.4
Programme Governance

Document and Records Management

The PCT is committed to continuing to improve its processes for document
and records management (for both corporate and provider services) in order
to improve efficiency and maintain compliance with NHS and statutory
requirements.

It is recognised that the use of suitable software applications, adherence to
quality standards, combined with suitable training for all staff, are key
components in achieving this goal. This will be achieved through specific
work streams contained in the annual Information Governance Improvement
Plan.

Information Governance

Information Governance is recognised by the organisation as a key
component of integrated governance, risk management, performance
monitoring and clinical quality. The PCT recognises that the quality and
security of data has a significant role in providing assurance to the population
of the PCT that information (especially person identifiable data) is managed
competently and held securely by commissioning organisations and service
providers. The PCT will undertake Information Governance assessments
(including Privacy assessments) as part of the planning process for delivery of
IM&T programmes and projects.

The organisation has recently reviewed its Information Governance structures
and mechanisms (including risk identification and assessment) as part of the
reforms to the Performance and Knowledge Management Directorate.  These
reforms reflect the organisational commitment to meeting best practice

Information Management & Technology Strategy

Page 6 of 8
Version 2 revised August 2009

requirements including achieving compliance with ISO 27001 for information
security. The PCT will actively promote and monitor the achievement of
Information Governance compliance requirements of its commissioned
service providers.

The PCT seeks to continuously improve its compliance with NHS
requirements through the achievement of the annual Information Governance
Improvement Plan, achieving and maintaining an overall green rating in the
Information Governance Toolkit assessments.

Data Quality

The PCT recognises the importance of data quality in the commissioning and
delivery of services within the organisation and its service providers.  We will
pursue and achieve high standards of data quality in the PCT by the active
implementation and compliance monitoring of the organisation’s Data Quality
policy.  The PCT will also invest in systems to evaluate and maintain high
standards of quality in the data and information provided by internal and
external organisations and service providers.

4.5
Investment Profile

The PCT will invest in technology, products and processes to meet the needs
of the organisation. Investment will also be made to support the organisation
knowledge management and training needs in the use and interpretation of
Information.

4.6
Risk

The process for the identification, assessment, reporting and mitigating of
risks relating to IM&T programmes, assets, and data security will be led by the
Senior Information Risk Owner (SIRO) as part of the PCT’s Risk Management
Strategy and Policy. Identified risks will be evaluated, logged on the
Directorate and Corporate Risk Registers, and regular reports provided to the
Integrated Risk Committee and Trust Board.  Organisational risk management
mechanisms are subjected to regular independent scrutiny by Internal and
External Audit.

5.
Summary of Policy Development Process

The IM&T Strategy was devised by reviewing earlier versions of the policy,
and updated utilising the latest available NHS guidance. Also, the policy has
been discussed with key stakeholders such as DHIS and the Health
Community. The draft policy was then circulated and the policy was taken to
the Information Governance group meeting where the Information
Governance Lead was involved in the discussion.

Information Management & Technology Strategy

Page 7 of 8
Version 2 revised August 2009

6.
Review and Revision Arrangements

This policy and strategy will be subject to annual review by the IM&T Strategy
Group and ratified by the Information Governance Group.  The policy format
will conform to organisational standards and requirements.

7.
Related Policies

The organisation will continue to develop and refine the policies supporting
the delivery of the IM&T Strategy agenda. These policies will be reviewed on
a regular basis and amended if required by the IM&T Strategy Group.
Derby City PCT will follow the Department of Health Informatics Planning
2009/2010 document produced by NHS Connecting for Health.
All policies will be approved and ratified by the Information Governance Group
using delegated authority from NHS Derby City Board.
8.
Dissemination and implementation

The approved version of the policy will be published on the organisation
intranet and public facing website. Printed copies will be made available on
request.  The organisation will endeavour to provide copies of the policy in
different languages or formats on request.
NHS Derby City will promote staff understanding of, and compliance with its
policies by appropriate training and awareness raising.
9. Equality and Diversity
This policy has successfully completed the EIRA process in August 2009.

Information Management & Technology Strategy

Page 8 of 8
Version 2 revised August 2009

Document Outline

Introduction and Purpose
Organisational Accountability
Intended Users and Scope of the Policy
4 Full Details of Policy
5. Summary of Policy Development Process
6. Review and Revision Arrangements
7. Related Policies
8. Dissemination and implementation
9. Equality and Diversity