Trust 'potentially in breach' of information governance laws

A report to the South East Coast Ambulance Service Foundation Trust board highlighted gaps in its information governance and poor organisational awareness.

The trust has had a turbulent time in recent years and is in quality special measures. Former chief executive Paul Sutton left the trust in May 2016. Since then there have been concerns over the organisation’s culture, including bullying and harassment, and operational issues such as medicines management.

An information governance lead was appointed in January 2017 at a time when the trust was unable to demonstrate any internal assurance, many policies were out of date, it had no process to ensure sharing data with other partners was done legally, and there had not been an audit of its information governance toolkit for five years.

The trust has carried out extensive improvements including preparing for the General Data Protection Regulation, which takes effect next month, increasing staff training and carrying out an internal audit.

The report to today’s board meeting warned it still cannot accurately determine what records it keeps and the trust does not have a framework for the audit and control of its records. “This is a significant shortfall and is potentially a breach of legislation,” the report said. The move to a new headquarters in Crawley last year highlighted there were no controls around records management, and the trust is likely to need more space to store records and improved controls around access.

The trust was also at “significant risk” because it did not have evidence of a legal basis for sharing information with other partners, and needed to draw up new agreements on this. “Current information around information sharing is very patchy and the sharing of information has only become evident on a retrospective basis,” the report said.

Another area of concern was smartcards allowing staff to access patient information on the NHS Spine. Issuing these is meant to be tightly controlled but some staff who had left or moved to different positions where they did not need access appear still to have it.

Information governance lead Caroline Smart warned there was lack of resilience in the trust and it was operating through a “single point of failure.”

She said: “Resource is key to providing a safe legal framework within the organisation… provisions must be made to ensure that there is contingency.”

The board is expected to be asked to increase spending on information governance later this year.