What is Information Governance?

Information Governance ensures that one of the Trust's most important assets, information, in both clinical and management terms, is respected and held in secure and manageable conditions. Therefore it is of paramount importance that the Trust ensures that information is:

  • Held safely and confidentially
  • Obtained fairly and effectively
  • Recorded accurately and reliably
  • Used effectively and ethically
  • Shared appropriately and lawfully.

The Trust has put into place a range of appropriate policies, procedures and management arrangements to provide a robust framework for Information Governance to manage these aspects.

Our joint senior Information Risk Owner/ Information Governance Committee monitors the development of Policies and procedures to meet the current legislative framework.  There is a Data Security and Protection Toolkit which consists of a number of assertions relating to the management of Information which is monitored by the Trust making evidence available and making an annual submission to NHS Digital. The Trust submitted the annual return and evidence in March 2019 and was awarded “substantial assurance” by Mersey Internal Audit Agency when audited.

Membership of the Joint SIRO/ Information Governance Committee comprises of: the Medical Director as Caldicott Guardian, Senior Information Risk Owner, Chief Clinical Information Officer, Head of Information Governance, Senior Nurse Management Representative, Information Security Manager, Adverse Incident Manager and nominated representatives from Corporate and Clinical specialties. Membership is also seconded as and when specific issues arise.  The Committee meets bi-monthly and reports to the Executive Committee.

Data Security and Protection Toolkit

Data security presentation

Budget and Expenditure

For 2019/20 the annual budget has been set at £292,404, with expenditure being used for registration fees with the Information Commissioners Office declaring the categories of information held and the reason for processing. Funding is also used to fund 5 members of staff relating to Information Governance, provide bespoke training and development in respect of Information Governance, Data Protection Act, Confidentiality for staff, Freedom of Information Act, General Data Protection Regulation. 

The team also comprises of 2.8 wte Clinical Coders who are responsible for the translation of clinical diagnosis into the International Classification of Diseases statistical index.  This information is used to assist the Trust in planning new facilities and for monitoring key clinical conditions nationally and by the World Health Organisation.

Policies and Procedures

Please visit the Trust Policy and Procedure page and look at the Information Management Technology and Governance section.  

Current Policies are:


We provide the following:

  • Provision of professional advice, guidance relating to the Data Protection Act, Caldicott principles, Confidentiality and Data Sharing, Use and disclosure of personal data, Subject Access Requests, Police requests, Court directives, Safeguarding issues, general enquiries, mental health capacity, information governance general.
  • Development, implementation of Information Sharing Agreements
  • Development, implementation of Trust Information Governance policies
  • Corporate records management – professional advice & guidance on NHS Code of Practice for Records Management, Records Management standards.
  • NHS Code of Practice – Confidentiality, NHS Code of Practice Information Governance, NHS Digital – Confidentiality
  • Health Record Management – Professional advice and guidance in respect of health records management, standards, retention/destruction and transfer of records for deposit at public records office.

Our major ongoing projects during  2019/20 are: continued training relating to Information Governance, addressing the Corporate Lifecycle agenda by undertaking Corporate Records Management Audits, monitoring and review of data loss/data breach incidents, mitigation of risks associated with data loss/data breach, identification of information assets and identification and mapping of data flows. The Trust continues to ensure compliance against the Data Security and Protection Toolkit assertions, and implementation of the new Data Protection Act 2018 and General Data Protection Regulation (GDPR). 

Useful Information