Information Governance Industry
Has the NHS gone compliance crazy? In a few years information governance has expanded from a toolkit into an industry. NHS trusts are spending more and more on ensuring compliance—a trend accelerated by the large fines being handed out.
I worry the NHS is developing a compliance culture in the way of Children’s Services or to some extent the Police. This is a particularly concerning when staff are challenged to improve the efficiency of services, because structured compliance soaks up the time needed for innovation. It is easier to tick a box than seek solutions outside the box.
Information governance is following a similar path to data quality. I still come across NHS staff whose job is to correct the data entry mistakes of frontline staff. It is also impossible to eliminate risk. One of the commonest things I find when managing programmes, or digging out those in a hole, is the gulf between risk identification and risk management. Risks are often identified and then forgotten.
Of course, you have to question NHS culture when photographs of patients are posted on Facebook, confidential data on hard drives are not erased before disposal, and the correct identification of a patient needs policing.
If I know that someone else will correct my mistakes, there is less incentive for me to get it right first time. Therein lies the problem and the solution. The emphasis should not be on creating an IG industry but on empowering, and training frontline staff. Then the solution lies not in compliance but in good mangement.