Publications

Letters from Sir David Nicholson - Chief Executive of the NHS in England

Information Governance reviews

Information sharing guidance

Events

NHS Connecting for Health programmes

Related links

Related legislation

Publications

NHS Connecting for Health / DH informatics

• 'Striking the Balance’ Guidance on information sharing - Gateway reference 17380: This guidance has been published jointly by the Department and the UK Council of Caldicott Guardians to assist those who need to share information about individuals involved in domestic violence, for example at a MARAC (Multi Agency Risk Assessment Conference) – a local, multi agency victim-focused meeting where information is shared on the highest risk cases of domestic abuse between different agencies.
• Information Governance Bulletin: published by the DH IG Policy Team, the bulletins contain updates on IG policy issues and will be of relevance to all those working in, or supporting IG roles.
• NHS Information Governance: Information Risk Management - Social Interaction – Good Practice February 2012 (PDF, 104.7kB): This Information Governance (IG) guidance provides NHS organisations and their staff with general awareness of the information risks and good practices associated with the protection of sensitive information in social media and other social interaction scenarios. The guidance replaces and extends the NHS IG Guidance previously provided for Blogging & Social Networking published in December 2009.
• NHS Information Governance: Information Risk Management - Dealing with Cookies and Legal Compliance January 2012 (PDF, 76.6kB): This Information Governance (IG) guidance provides NHS organisations with general awareness of the issues affecting the use of cookies in websites that target UK users. It builds upon the introductory news item published on 17th May 2011 - Changes to the rules on using cookies and similar technologies for storing information (PDF, 112.4kB)
• NHS Information Governance: Records Management Guidance: Digital Document Scanning November 2011 (PDF, 31.6kB): This Information Governance (IG) guidance provides NHS organisations with a general awareness of the good practices associated with digital scanning of records. The guidance is based on the British Standard BS 10008:2008 and one of its supporting Codes of Practice BIP 0008-1 concerning information stored electronically.
• NHS Information Governance: Effective Management of Records during a period of transition or organisational change September 2011 (PDF, 435.7kB): This document provides detailed guidance for organisations going through transition. Further guidance about records management in general can be found in the Records Management: NHS Code of Practice and those with responsibility for records and information/knowledge management should ensure that they are familiar with the principles covered within the Code.
• NHS Information Governance: Information Risk Management Guidance: Fax Printer Ribbon and Film January 2011 (PDF 50Kb): This Information Governance (IG) guidance provides NHS organisations with a general awareness of the associated risks for maintenance and disposal of fax printers and other devices that use consumable ribbon or film. It should be read in conjunction with the NHS IG Risk Management Guidance for Maintenance and Secure Disposal of Digital Printers, Copiers and Multi Function Devices.
• A Question of Balance: Independent Assurance of Information Governance Returns - Gateway reference: 14988 November 2010: The NHS Operating Framework 2010/2011, through the NHS Informatics Planning guidance Annex 1 (national expectations) stated that: "An IG audit utilising the centrally provided audit methodology should be included within the work plans of each organisation's auditors". To ensure a common approach to such an audit across the NHS, the Informatics Directorate of the Department of Health commissioned an internal audit assurance framework for IG Toolkit self-assessments. The framework comprises a series of audit requirements (matched to the IG Toolkit requirements); evidence review guides and the questions for a staff survey.
• What you should know about Information Governance July 2010 (PDF, 509Kb): a leaflet for health and social care staff that sets out the current advice and practice about Information Governance.
• NHS Information Governance: Information Risk Management Guidance: Maintenance and Secure Disposal of Digital Printers, Copiers and Multi Function Devices July 2010 (PDF 55Kb) This Information Governance (IG) guidance provides NHS organisations with a general awareness of the associated risks for maintenance and disposal of digital printers, copiers and multifunction devices.
• NHS Information Governance: Information Risk Management Guidance: Short Message Service (SMS) & Texting - April 2010 (PDF, 48Kb) (PDF, 48.0kB): This updated Information Governance (IG) guidance provides NHS organisations with a general awareness of the associated risks of Short Message Service (SMS) and texting that may potentially affect the effectiveness of local services.
• NHS Information Governance: Technology Bulletin - MS IE Vulnerability 979352 - January 2010 (PDF 85Kb): This Technology Bulletin contains information relating to the recently reported vulnerability which affects Windows™ Operating Systems and versions of the Internet Explorer™ web browser. NHS organisations are advised to implement a patch issued by Microsoft™ as soon as practicable to all at risk devices as described in the bulletin following comprehensive testing. It is also recommended that NHS organisations upgrade or plan to upgrade from older versions of Internet Explorer as soon as possible.
• Checklist for Reporting, Managing and Investigating Information Governance Serious Untoward Incidents - January 2010 (PDF 224Kb): This guidance has been approved by all SHA IG leads and the DH Information Governance Policy Team and should be used in conjunction with the previously provided national guidance on the management of Serious Untoward Incidents and any local guidance on SUIs provided by the local SHA.
• NHS Information Governance: Guidance on Blogging and Social Networking - December 2009 (PDF 53Kb): Guidance for NHS organisations on blogging and social networking. This document provides NHS organisations with a general awareness of the associated risks of blogging and social networking that may potentially affect the effectiveness of local services. This guidance has been replaced by NHS Information Governance: Information Risk Management - Social Interaction – Good Practice February 2012 (PDF, 104.7kB).
• Best practice guidance for information security within NHSmail - June 2009 (PDF, 1.17Mb): Joint guidance on the use of the NHSmail email service issued by the British Medical Association and NHS Connecting for Health. The document covers the improvements to the service following the recent upgrade and provides guidance on security and information governance for users who are required to transmit sensitive and patient identifiable information.
• Best practice guidance for information security within Choose and Book - May 2009 (PDF 236Kb): guidance aimed at organisations that are providing services to NHS patients using the Choose and Book application. The document discusses the controls in place to ensure patient information is protected alongside practical guidance to staff on maintaining best practice information security standards when using the Choose and Book application.
• Guidelines on use of encryption to protect person identifiable and sensitive information - December 2008 (Word 99Kb): includes an explanation of the tools provided within applications provided by NHS CFH for encrypting removable media and provides guidance on potential encryption tools organisations should consider for systems under local NHS organisation control.
• Security of NHS patient data shared for research purposes - July 2008 (PDF 23Kb): The importance of effective information security has been highlighted in recent months through well publicised data handling failures in a range of different UK organisational settings. The Cabinet Office has completed a review of public sector data handling and has established a comprehensive range of minimum security standards. Consequently, NHS guidance for the protection of patient information has been extended and strengthened in order to respond robustly to these requirements.
• Good Practice Guidelines: Transfer of batched person-identifiable data - December 2007 (Word 813Kb): covers the transfer of batched person identifiable data by means of portable electronic media, including tapes; floppy discs; removable hard discs; laptop & handheld computers; optical discs - DVD & CD-ROM; solid state memory cards; memory sticks and pen drives
• Caldicott Guardian newsletters: published by the UK Council of Caldicott Guardians primarily for the Caldicott community. However, many of the articles will be of interest to those involved in other aspects of Information Governance.
• Joint guidance on protecting electronic patient information (PDF 82Kb): guidance for all health care staff, produced by the British Medical Association and NHS Connecting for Health.
• Information Governance toolkit version 5: Derivations and support for standards (PDF 412Kb): detailed information about each standard within the Information Governance Toolkit version 5. It explains the relationship between a standard and the legislation or national guidance from which it was derived. It additionally demonstrates links to more recent documents such as the NHS Care Record Guarantee, which reinforce the requirements of a standard.
• NHS Information Risk Management pages: The Information Governance Policy team has published guidance aimed at those responsible for managing information risk within NHS organisations, including Senior Information Risk Owners (SIROs) and Information Asset Owners (IAOs). It reflects Government guidelines and is consistent with the Cabinet Office data handling report.
• Information Governance Assurance Framework pages: The Information Governance Policy Team has published a series of briefing notes providing important information about information governance requirements. The information relates to the IG Assurance Framework including the new reporting cycle from version 7 of the IG Toolkit; the change control notice for version 7 of the IGT; the roles of the Senior Information Risk Owner and the Caldicott Guardian; and the NHS Operating Framework 2009/10 key standards.
• Frequently asked questions: The Information Governance Policy team has developed responses to queries received through the Information Governance (IG) helpdesk (exeter.helpdesk@nhs.net) and via the IG workshops held in each Strategic Health Authority.

Department of Health

• The Good Practice Guidelines for GP electronic patient records v4 March 2011 (PDF 1.69Mb): The new Good Practice Guidelines for GP electronic patient records v4 will act as a reference source of information for all those involved in developing, deploying and using general practice IT systems. The scope is extended in this fourth version to include new services (including the Summary Care Record, Electronic Prescription Service and GP2GP). There is also a greater focus on information sharing and the central themes of the guidelines are interoperability and data quality.

• Confidentiality: NHS Code of Practice Supplementary Guidance: Public Interest Disclosures November 2010 (PDF 112Kb): This document expands upon the principles set out with the Department of Health's key guidance Confidentiality: NHS Code of Practice. The document is aimed at aiding staff in making difficult decisions about when disclosures of confidential information may be justified in the public interest.

• Guidance for access to health records requests - February 2010: This guidance aims to assists NHS organisations in England, through the process of dealing with an access request in accordance with the relevant legislation and any subsequent considerations. The guidance covers legislation pertinent to accessing health records, such as:
  • Data Protection Act 1998
  • Access to Health Records Act 1990
  • Freedom of Information Act 2000
  • Access to Medical Reports Act 1988
• NHS operating framework 2010/2011 (PDF 914Kb): The operating framework for the NHS for 2010/11 sets out the priorities for the NHS for the year ahead to enable them to begin their planning. For the third year in a row, the national priorities in the operating framework remain the same, providing important stability. The five priorities continue to be: improving cleanliness and reducing healthcare associated infections; improving access through achievement of the 18-week referral to treatment pledge and improving access (including at evenings and weekends) to GP services; keeping adults and children well, improving their health and reducing health inequalities; improving patient experience, staff satisfaction, and engagement; and preparing to respond in a state of emergency such as an outbreak of pandemic flu, learning from our experience of swine flu. During 2010/11, the NHS must also continue its work to reduce local variation and eliminate poor performance
• Informatics planning 2010/2011 (PDF 913Kb): The operating framework 2010/11 confirms that informatics will be included in operational plans and this document provides guidance on the informatics components of these plans. Requirements for Information Governance Assurance are set out on pages 12-13.
• Confidentiality: NHS Code of Practice (PDF 220Kb): a guide to required practice for those who work within or under contract to NHS organisations concerning confidentiality and patients' consent to the use of their health records.
• Records Management: NHS Code of Practice Part 1 and 2: a guide to the required standards of practice in the management of records for those who work within or under contract to NHS organisations in England.
• Information Security: NHS Code of Practice (PDF 340Kb): a guide to the methods and required standards of practice in the management of information security for those who work within or under contract to, or in business partnership with, NHS organisations in England.
• NHS information governance: Guidance on legal and professional obligations (PDF 267Kb): best practice guidance, which outlines the likely impact on health and social care information, of the range of complex legal and professional obligations that limit, prohibit or set conditions in respect of the management, use and disclosure of information, and similarly those that permit or require information to be used or disclosed.

Caldicott Guardians

• The Caldicott Guardian Manual 2010 (PDF, 383.7kB): Guidance that takes account of developments in information management in the NHS and in Councils with Social Care responsibilities since the publication of the Caldicott report. It sets out the role of the Caldicott Guardian within an organisational Caldicott/confidentiality function as a part of broader Information Governance.
• Caldicott Guardian Manual (Scottish version) 2007: A guide for Caldicott Guardians that builds on the English Manual and takes into account the differences in legislation and central guidance.
• Caldicott - Principles into Practice (Welsh Version) 2008: A foundation manual and linked website providing Caldicott Guardians with knowledge about the legal background to their role and its relationship with Information Governance.

UK Council of Caldicott Guardians

• Council report 2005 - 2008 (PDF 359Kb): report setting out the work of the UK Council of Caldicott Guardians during the 3 years since its formation in October 2005. Further information about the Council is available on its webpages at: http://www.connectingforhealth.nhs.uk/systemsandservices/infogov/caldicott
• Consultation responses: The Council's formal responses to consultations impacting on patient and service user confidentiality and information sharing.
• Caldicott Guardian newsletters: published by the UK Council of Caldicott Guardians primarily for the Caldicott community. However, many of the articles will be of interest to those involved in other aspects of Information Governance.
• 'Striking the Balance’ Guidance on information sharing - Gateway reference 17380: This guidance has been published jointly by the Department and the UK Council of Caldicott Guardians to assist those who need to share information about individuals involved in domestic violence, for example at a MARAC (Multi Agency Risk Assessment Conference) – a local, multi agency victim-focused meeting where information is shared on the highest risk cases of domestic abuse between different agencies.
• UK Council of Caldicott Guardians 5 Year Strategy 2011-2016 (PDF, 178.0kB): The strategy recognises the significant changes in the delivery of health and social care since the 'Report of the Review of Patient-Identifiable Information' (the Caldicott Report), chaired by Dame Fiona Caldicott in 1997. Part one of the strategy sets out three primary objectives for reforming the Council - leadership, skills and innovation. Part two sets out nine strategic aims for reforming the Council over the next 5 years and how each aim will be achieved.

Cabinet Office

• Protecting Information in Government January 2010 (PDF, 850Kb): The Data Handling Review was published in June 2008, putting in place a set of mandatory measures for government on protecting personal data. The report committed government to report annually on the progress made in meeting the requirements of the review, and work on information risk that will be necessary in the future. This is the first such report.
• Data handling review report (PDF 277Kb): a Government commissioned report led by Sir Gus O'Donnell working with Departments and security experts to examine and improve data handling in Government in the wake of the HMRC data loss.
• Coleman report (PDF 185Kb): an independent review of information assurance commissioned by the Cabinet Office, prior to the HMRC data loss, as part of the work to ensure government keeps pace with technological changes, to assess how well government is protected now and in the future.

Care Quality Commission

• Essential Standards of Quality and Safety: The essential standards of quality and safety consist of 28 regulations (and associated outcomes). For each regulation, there is an associated outcome - the experiences the Care Quality Commission (CQC) expects people to have as a result of the care they receive. Providers must have evidence that they meet the outcomes. Regulation 20 - Records, sets out the requirement for people's personal records to be accurate, fit for purpose, and to be held securely and confidentially.

Information Commissioner's Office

• The TH!NK PRIVACY campaign was created to aid the communication challenge faced by organisations of all sizes – reminding staff to 'press the mental pause button' before taking action. TH!NK PRIVACY offers a range of free downloadable materials including posters, bin stickers and postcards. The materials can be downloaded from the Information Commissioner's website at http://www.ico.gov.uk/news/current_topics/think_privacy.aspx
• Changes to the rules on using cookies and similar technologies for storing information (PDF, 112.4kB): the law which applies to how cookies and similar technologies for storing information on a user's equipment such as their computer or mobile device changed on 26 May 2011. This document sets out these changes and explains what steps need to be taken to ensure compliance.

Ministry of Justice

• Richard Thomas and Mark Walport - Data sharing review report (PDF 470Kb): a review of the framework for the use of personal information in the public and private sectors.
• Richard Thomas and Mark Walport - Data sharing review report annexes (PDF 578Kb): supplementary information including terms of reference, contributors, summaries of consultation responses and workshop notes.
• Response to the data sharing review report (PDF 169Kb): the Government's response to the Thomas Walport Data Sharing Review Report. It covers the background to the report, a detailed response to the recommendations of the report, and the next steps.
• The Information Commissioner's inspection powers and funding arrangements under the Data Protection Act 1998 (PDF 146Kb): the post-consultation report, containing the background to the report, a summary of the responses, a response to the specific questions raised in the report and conclusions, including the next steps to be taken by Government.

National Information Governance Board for Health and Social Care

• NHS Care Record Guarantee for England: the commitment that the NHS will use healthcare records in ways that respect personal rights and promote health and wellbeing.
• Social Care Record Guarantee for England: The Guarantee explains to service users how the information they provide to social care staff is used and what control they can have over this. It complements the NHS Care Record Guarantee for England.
• NIGB Guidance on Amendments of Medical Records January 2010 (PDF, 390Kb): The document contains guidance about what should happen when people ask to change information in their record. Section 1 is for
  people asking to change their records and section 2 is for professionals.
• NIGB newsletter - issue 1 (PDF 356Kb): The newsletter sets out the current position on the Government's proposals with regard to the future of the NIGB and the Ethics and Confidentiality Committee.
• Annual report for 2010 (PDF 1.4Mb)
• Annual report for 2009 (PDF 1.37Mb)
• Annual report for 2008 (PDF 1.47Mb): the role and remit of the board, first year achievements and information about board members.

Professional and representative bodies

• General Medical Council - Confidentiality - October 2009: Guidance document available from the GMC website, which sets out the principles of confidentiality and respect for patients' privacy that doctors are expected to understand and follow. Supplementary guidance explaining how these principles apply in situations doctors often encounter or find hard to deal with is also available.
• PSNC/RPSGB - NHS Information Governance Pharmacy Contractor Workbook - January 2010 (PDF 554Kb): This workbook has been developed by the Pharmaceutical Services Negotiating Committee and Royal Pharmaceutical Society of Great Britain, with the Department of Health, NHS Connecting for Health and NHS Employers to support community pharmacies in complying with Information Governance requirements.

Back to the top

Letters from Sir David Nicholson

• NHS IG Assurance – Joint Letter from NHS CE and the Information Commissioner - September 2011: (PDF, 123.3kB)With changes planned to commissioning structures and with increasingly diverse care providers, Sir David Nicholson, Chief Executive of the NHS in England and Christopher Graham, Information Commissioner published a joint letter to ensure that the NHS and its partners continue to give information governance the priority and attention it needs. The letter also signals the intention of the NHS and the Information Commissioner’s Office to work together in supporting the NHS to deliver good information governance. The letter was distributed to all Chief Executives of strategic health authorities (SHAs), NHS Trusts and primary care trusts (PCTs).
• NHS IG Assurance - Previous letters to the NHS from Sir David Nicholson: In order to clarify new and existing requirements, a series of papers was issued to NHS organisations setting out the organisations' responsibilities for information governance and for providing additional assurances on information governance to each SHA, or to Monitor, the Independent Regulator of NHS Foundation Trusts.

Back to the top

Information Governance reviews

• NIGB - Information governance in the Department of Health and the NHS (PDF 468Kb): A review of information governance carried out by Harry Cayton as Chair of the Care Records Development Board. The review was requested in the light of the creation of the NHS Care Records Service (NHS CRS). The document contains a summary of findings, a full description of recommendations and information on how these are being taken forward.
• Care Quality Commission - The right information, in the right place, at the right time - A study of how healthcare organisations manage personal data - September 2009 (PDF 977Kb): The study looked at information governance performance in healthcare organisations (NHS and selected independent sector healthcare providers) in England. Independent sector healthcare organisations included private and voluntary organisations where over 50% of the patients were funded by the NHS. These included Independent Sector Treatment Centres, mental health providers and hospices.

Back to the top

Information sharing guidance

Children and third party information

• HM Government Information Sharing Guidance (DCSF led) - October 2008: As part of Every Child Matters (ECM), in December 2004, the Government made a commitment to produce clear guidance for all children's service practitioners on information sharing. The first cross-Government guidance was published in April 2006. In October 2008 a new version of this guidance was published to reflect current policy, and was extended to cover practitioners working with adults and families as well as those working with children and young people. The guidance and associated materials aim to support good practice in information sharing by offering clarity on when and how information can be shared legally and professionally.
• When to Share Information: Best Practice Guidance for Everyone Working in the Youth Justice System: DH, DCSF, Youth Justice and Prison Service - May 2008: The guidance is set out in a pathway approach, with best practice case studies used to identify when, what, where and how information needs to be shared to ensure improved outcomes for children and young people, as outlined in Every Child Matters: Change for Children.

Mental Health

• Information Sharing & Mental Health (Guidance to Support Information Sharing by Mental Health Services) Department of Health - August 2009: This guidance sets out some of the issues relating to the exchange of information between mental health trusts and outside organisations and individuals. It sets out when, why and how information can safely be exchanged for the benefit of the individual and the public.
• Independent Mental Health Advocates: supplementary guidance on access to patient records under section 130B of the Mental Health Act 1983, Department of Health - April 2009: Guidance around information sharing with a patient's independent mental health advocate (IMHAs).

Emergency Planning

• HM Government: Data Protection and Sharing - Guidance for Emergency Planners and Responders - February 2007 (PDF 583Kb) (PDF, 583.9kB): Guidance to complement Emergency Preparedness and Emergency Response & Recovery. This publication does not introduce any new policy or legal requirements. It rather seeks to provide clear and understandable guidance on the legislative framework surrounding personal data so that emergency responders know what they can and cannot do when handling personal data.

Back to the top

Events

Information Governance workshops

In July 2010, the Department of Health commisioned a series of information governance workshops. These were primarily aimed at the role of the Senior Information Risk Owner and Information Asset Owners. Presentation slides for these workshops can be downloaded below.

• The Evolving Role of the NHS Senior Information Risk Owner and Information Asset Owner (PowerPoint, 2Mb)
• Information Governance Training Tool Administrator Functionality (PowerPoint, 5Mb)
• Information Governance Toolkit v8 Functionality (PowerPoint, 7Mb)

In 2009 the Digital Information Policy team provided a series of workshops for Primary Care Trusts and General Practices, the materials below were provided to attendees.

• Delegate pack (PDF 3.48Mb) Print copies of the pack can be ordered in small quantities from the NHS Connecting for Health Resources page: http://information.connectingforhealth.nhs.uk/. Once on the page, select Digital and Health Information Policy, then select folder.
• Corrections and clarifications insert (PDF 26Kb)

Appendix D: PCT Resource pack information – models and templates designed as a guide for PCTs.

Appendix E: GP Resource pack information – models and templates linked to the relevant IG toolkit requirement to assist Practices in identifying any gaps in their toolkit evidence.

Appendix F: Staff IG awareness handouts/posters – designed by Surrey Health Community, the following materials can be edited allowing you to tailor them to your organisation and add your logo.

• Guidance for sharing personal information by fax (Word 243 Kb) (DOC, 243.5kB)
• Guidance for sharing personal information by phone (Word 272 Kb) (DOC, 272.5kB)
• Guidance for sharing personal information by post (Word 182 Kb) (DOC, 183.5kB)
• Guidance for transporting personal information (Word 0.99Mb) (DOC, 1017.0kB)
• Quick Reference to Caldicott and the Data Protection Act 1998 Principles (Word 272 Kb) (DOC, 272.0kB) This guide is also available to order from NHS Connecting for Health resources. Please visit: http://information.connectingforhealth.nhs.uk/, select Digital & Health Information Policy > Staff leaflet > Quick reference. Please note: there is a maximum order amount of 100 guides.

National Information Governance conference

In February 2009 the UK Council of Caldicott Guardians in conjunction with the Digital Information Policy team held a national conference for Caldicott Guardians and IG leads. Delegates were provided with the pack and copies of the appendices below.

• Delegate pack (PDF 2.43Mb)

Appendix A: The UK Council of Caldicott Guardians

• Constitution document (PDF 48Kb)
• Strategic work plan (116Kb)

Appendix B: The National Information Governance agenda

• Cabinet Office - Data handling review report (PDF 277Kb)
• IG Assurance Programme - Closure Report (PDF 454Kb)

The following letters were issued by David Nicholson, Chief Executive of the NHS and Matthew Swindells, the Department of Health's interim Chief Information Officer. The letters were addressed to all NHS organisations setting out the organisations' responsibilities for the IG Toolkit and Standards for Better Health and for providing additional assurances on Information Governance to each Strategic Health Authority.

• DNicholson - Dec07Letter (PDF 49Kb)
• DNicholson - Jan08Letter (PDF 44Kb)
• MSwindells - Jan08Letter (PDF 40Kb)
• MSwindells - Feb08Letter (PDF 103Kb)
• DNicholson - May08Letter (PDF 64Kb)
• DNicholson - Sep08Letter (PDF 65Kb)

Appendix C: The NHS Information Governance Assurance Framework

• NHS operating framework 2009/2010 (PDF 1.29Mb)
• Informatics planning (PDF 732Kb)
• NHS Care Record Guarantee (PDF 92Kb)
• NIGB: Annual report for 2008 (PDF 1.47Mb)

Appendix D: Information Sharing

• Richard Thomas and Mark Walport - Data sharing review report (PDF 470Kb): a review of the framework for the use of personal information in the public and private sectors.
• Richard Thomas and Mark Walport - Data sharing review report annexes (PDF 578Kb): supplementary information including terms of reference, contributors, summaries of consultation responses and workshop notes.
• Response to the data sharing review report (PDF 169Kb): the Government's response to the Thomas Walport Data Sharing Review Report. It covers the background to the report, a detailed response to the recommendations of the report, and the next steps.

Back to the top

NHS Connecting for Health programmes

• Choose and Book: this area of the website is aimed at NHS organisations implementing and using Choose and Book. To support the NHS in using the system, a range of guides, tools and training materials are available to download.
• Infrastructure Security Team (N3 connection required): the Infrastructure Security Team aims to provide security information, advice and guidance which will enable organisations to see real benefits from security implementation, reduce the operational cost of insecure systems and advise on the risks relating to security controls to prevent implementation of costly and ineffective controls.
• Registration Authorities and smartcards: a brief overview of the need for registration authorities and smartcards to enable secure and confidential access to National Programme for IT (NPfIT) services.
• Registration Authorities (NHS staff only): Guidance and advice to organisations registering individuals as users of the NHS Care Records Service and other National Programme for IT (NPfIT) services. Here you will find current policy, guidance and processes to help you set up and manage a Registration Authority (RA).
• Secondary Uses Service (SUS) is the single source of comprehensive data to enable a range of reporting and analysis. SUS supports the NHS and its partners in the areas of planning; commissioning; management; research; audit; public health; and a number of national initiatives, such as Payment by Results.
• IG Statement of Compliance: the IGSoC is the agreement between NHS CFH and Approved Service Recipients that sets out the information governance policy and terms and conditions for use of NHS CFH services.

Back to the top

Related links

• Cabinet Office
• Care Quality Commission
• Department for Constitutional Affairs: archive FOI page
• Department of Health
• Department for Children, Schools and Families
• Ethics and Confidentiality Committee of the NIGB
• Information Commissioner's Office
• Information Governance Training Tool
• Ministry of Justice
• National Information Governance Board for Health and Social Care
• NHS Education for Scotland: Information Governance elibrary
• NHS Education for Scotland: Information Governance newsletters
• NHS Information Centre for Health and Social Care
• The National Archives
• UK Council of Caldicott Guardians

Back to the top

Related legislation

• Access to Health Records Act 1990
• Access to Medical Reports Act 1988
• Data Protection Act 1998
• Environmental Information Regulations 2004
• Freedom of Information Act 2000
• Human Rights Act 1998
• Re-use of Public Sector Information Regulations 2005
• Section 251 of the NHS Act 2006 (formerly Section 60 of the Health and Social Care Act 2001)

Back to the top