NHS Connecting for Health ceased to exist on 31st March 2013. This website is therefore not being updated. For up to date information about systems and services visit the Health and Social Care Information Centre website at www.hscic.gov.uk/systems

You are here: Home Services & Applications Information Governance (IG) NHS Codes of Practice and legal obligations

NHS Codes of Practice and legal obligations

Confidentiality

The 'Confidentiality: NHS Code of Practice' sets out the required standards of practice concerning confidentiality and patients' consent to use their health records.

It is a guide for those who work within or under contract to NHS organisations and is based on legal requirements and best practice.

Download the 'Confidentiality: NHS Code of Practice' (PDF, 220Kb).

Information Security Management

The 'Information Security Management: NHS Code of Practice' is a guide to the methods and required standards of practice in the management of information security, for those who work within or under contract to, or in business partnership with NHS organisations in England.

It is based on current legal requirements, relevant standards and professional best practice.

This Code of Practice replaces HSG 1996/15 – NHS Information Management and Technology Security Manual, and provides a key component of information governance arrangements for the NHS.

It is part of an evolving information security management framework because risk factors, standards and practice covered by the Code will change over time. The guidelines contained within the Code of Practice apply to NHS information assets of all types.

Download the 'Information Security Management: NHS Code of Practice' (PDF, 340Kb).

NHS Records Management

The 'Records Management: NHS Code of Practice' was published on 5 April 2006 and is available on the Department of Health website.

It sets out the required standards of practice in the management of records for those who work within or under contract to NHS organisations in England, based on current legal requirements and professional best practice.

Part 2 of the Code, which contains guidance on the minimum retention schedules, was revised (2008) in light of guidance received from the NHS and professional best practice. Hard copies are available by calling the telephone orderline on 0300 123 1002 or emailing: dh@prolog.uk.com quoting product number 291514.

To download a copy, please visit the Department of Health website: http://www.dh.gov.uk/en/Publicationsandstatistics/Publications/PublicationsPolicyAndGuidance/DH_4131747

Legal obligations

There are a range of complex legal and professional obligations that limit, prohibit or set conditions in respect of the management, use and disclosure of information and, similarly, a range of statutes that permit or require information to be used or disclosed.

NHS Information Governance - Guidance on Legal and Professional Obligations (PDF, 267Kb), is best practice guidance, which outlines the likely impact of these provisions primarily to NHS information but also includes some social care requirements.

It will be of particular use to those working within the Information Governance field. Where necessary, organisations should obtain professional legal advice.