What is Information Governance?

Information Governance (IG) is the framework for handling information in a secure and confidential manner that allows organisations and individuals to manage patient, personal and sensitive information legally, securely, efficiently and effectively in order to deliver the best possible healthcare and services.

IG applies to, and impacts on, everyone working for, or on behalf of, the NHS. Additionally, everyone working in the NHS has a legal duty to keep information about others secure and confidential.

IG is concerned with the standards that should apply when information is processed. Information processing has five broad aspects that encompass how information is obtained, recorded, held, used and shared. Therefore it is of paramount importance that the Trust ensures that all information is:

  • Held safely and confidentially
  • Obtained fairly and effectively
  • Recorded accurately and reliably
  • Used effectively and ethically
  • Shared appropriately and lawfully

It brings together all of the legal requirements, standards and best practice (including policies and procedures, management and reporting arrangements, processes and controls, and training) that apply to the handling of patient, personal and sensitive information, including but not limited to:

  • Access to Health Records Act
  • Caldicott Principles
  • Code of Practice on confidential information
  • Common Law Duty of Confidentiality
  • Computer Misuse Act
  • Confidentiality: NHS Code of Practice
  • Data Protection legislation - UK Data Protection Act 2018 and the UK General Data Protection Regulation 2016 (GDPR)
  • Data Security and Protection Toolkit (DSPT)
  • Freedom of Information Act
  • Information Security Management: NHS Code of Practice
  • Network and Information Systems (NIS) Regulations 2018
  • Records Management Code of Practice 2021.

The Trust collects, stores and uses large amounts of personal confidential data every day, such as care records, personnel records and computerised information. This data is used by many people in the course of their work. IG allows the Trust to demonstrate to the public that it takes its responsibilities to safeguard information seriously. It also aims to protect patient information and confidentiality, and to protect the Trust and its staff.