NHS Connecting for Health ceased to exist on 31st March 2013. This website is therefore not being updated. For up to date information about systems and services visit the Health and Social Care Information Centre website at www.hscic.gov.uk/systems

You are here: Home Services & Applications Information Governance (IG) Publications and related links

Publications and related links

Publications

Letters from Sir David Nicholson - Chief Executive of the NHS in England

Information Governance reviews

Information sharing guidance

Events

NHS Connecting for Health programmes

Related links

Related legislation


Publications

NHS Connecting for Health / DH informatics

Department of Health

  • The Good Practice Guidelines for GP electronic patient records v4 March 2011 (PDF 1.69Mb): The new Good Practice Guidelines for GP electronic patient records v4 will act as a reference source of information for all those involved in developing, deploying and using general practice IT systems. The scope is extended in this fourth version to include new services (including the Summary Care Record, Electronic Prescription Service and GP2GP). There is also a greater focus on information sharing and the central themes of the guidelines are interoperability and data quality.

  • Confidentiality: NHS Code of Practice Supplementary Guidance: Public Interest Disclosures November 2010 (PDF 112Kb): This document expands upon the principles set out with the Department of Health's key guidance Confidentiality: NHS Code of Practice. The document is aimed at aiding staff in making difficult decisions about when disclosures of confidential information may be justified in the public interest.

  • Guidance for access to health records requests - February 2010: This guidance aims to assists NHS organisations in England, through the process of dealing with an access request in accordance with the relevant legislation and any subsequent considerations. The guidance covers legislation pertinent to accessing health records, such as:
    • Data Protection Act 1998
    • Access to Health Records Act 1990
    • Freedom of Information Act 2000
    • Access to Medical Reports Act 1988
  • NHS operating framework 2010/2011 (PDF 914Kb): The operating framework for the NHS for 2010/11 sets out the priorities for the NHS for the year ahead to enable them to begin their planning. For the third year in a row, the national priorities in the operating framework remain the same, providing important stability. The five priorities continue to be: improving cleanliness and reducing healthcare associated infections; improving access through achievement of the 18-week referral to treatment pledge and improving access (including at evenings and weekends) to GP services; keeping adults and children well, improving their health and reducing health inequalities; improving patient experience, staff satisfaction, and engagement; and preparing to respond in a state of emergency such as an outbreak of pandemic flu, learning from our experience of swine flu. During 2010/11, the NHS must also continue its work to reduce local variation and eliminate poor performance
  • Informatics planning 2010/2011 (PDF 913Kb): The operating framework 2010/11 confirms that informatics will be included in operational plans and this document provides guidance on the informatics components of these plans. Requirements for Information Governance Assurance are set out on pages 12-13.
  • Confidentiality: NHS Code of Practice (PDF 220Kb): a guide to required practice for those who work within or under contract to NHS organisations concerning confidentiality and patients' consent to the use of their health records.
  • Records Management: NHS Code of Practice Part 1 and 2: a guide to the required standards of practice in the management of records for those who work within or under contract to NHS organisations in England.
  • Information Security: NHS Code of Practice (PDF 340Kb): a guide to the methods and required standards of practice in the management of information security for those who work within or under contract to, or in business partnership with, NHS organisations in England.
  • NHS information governance: Guidance on legal and professional obligations (PDF 267Kb): best practice guidance, which outlines the likely impact on health and social care information, of the range of complex legal and professional obligations that limit, prohibit or set conditions in respect of the management, use and disclosure of information, and similarly those that permit or require information to be used or disclosed.

Caldicott Guardians

  • The Caldicott Guardian Manual 2010 (PDF, 383.7kB): Guidance that takes account of developments in information management in the NHS and in Councils with Social Care responsibilities since the publication of the Caldicott report. It sets out the role of the Caldicott Guardian within an organisational Caldicott/confidentiality function as a part of broader Information Governance.
  • Caldicott Guardian Manual (Scottish version) 2007: A guide for Caldicott Guardians that builds on the English Manual and takes into account the differences in legislation and central guidance.
  • Caldicott - Principles into Practice (Welsh Version) 2008: A foundation manual and linked website providing Caldicott Guardians with knowledge about the legal background to their role and its relationship with Information Governance.

UK Council of Caldicott Guardians

  • Council report 2005 - 2008 (PDF 359Kb): report setting out the work of the UK Council of Caldicott Guardians during the 3 years since its formation in October 2005. Further information about the Council is available on its webpages at: http://www.connectingforhealth.nhs.uk/systemsandservices/infogov/caldicott
  • Consultation responses: The Council's formal responses to consultations impacting on patient and service user confidentiality and information sharing.
  • Caldicott Guardian newsletters: published by the UK Council of Caldicott Guardians primarily for the Caldicott community. However, many of the articles will be of interest to those involved in other aspects of Information Governance.
  • 'Striking the Balance’ Guidance on information sharing - Gateway reference 17380: This guidance has been published jointly by the Department and the UK Council of Caldicott Guardians to assist those who need to share information about individuals involved in domestic violence, for example at a MARAC (Multi Agency Risk Assessment Conference) – a local, multi agency victim-focused meeting where information is shared on the highest risk cases of domestic abuse between different agencies.
  • UK Council of Caldicott Guardians 5 Year Strategy 2011-2016 (PDF, 178.0kB): The strategy recognises the significant changes in the delivery of health and social care since the 'Report of the Review of Patient-Identifiable Information' (the Caldicott Report), chaired by Dame Fiona Caldicott in 1997. Part one of the strategy sets out three primary objectives for reforming the Council - leadership, skills and innovation. Part two sets out nine strategic aims for reforming the Council over the next 5 years and how each aim will be achieved.

Cabinet Office

  • Protecting Information in Government January 2010 (PDF, 850Kb): The Data Handling Review was published in June 2008, putting in place a set of mandatory measures for government on protecting personal data. The report committed government to report annually on the progress made in meeting the requirements of the review, and work on information risk that will be necessary in the future. This is the first such report.
  • Data handling review report (PDF 277Kb): a Government commissioned report led by Sir Gus O'Donnell working with Departments and security experts to examine and improve data handling in Government in the wake of the HMRC data loss.
  • Coleman report (PDF 185Kb): an independent review of information assurance commissioned by the Cabinet Office, prior to the HMRC data loss, as part of the work to ensure government keeps pace with technological changes, to assess how well government is protected now and in the future.

Care Quality Commission

  • Essential Standards of Quality and Safety: The essential standards of quality and safety consist of 28 regulations (and associated outcomes). For each regulation, there is an associated outcome - the experiences the Care Quality Commission (CQC) expects people to have as a result of the care they receive. Providers must have evidence that they meet the outcomes. Regulation 20 - Records, sets out the requirement for people's personal records to be accurate, fit for purpose, and to be held securely and confidentially.

Information Commissioner's Office

  • The TH!NK PRIVACY campaign was created to aid the communication challenge faced by organisations of all sizes – reminding staff to 'press the mental pause button' before taking action. TH!NK PRIVACY offers a range of free downloadable materials including posters, bin stickers and postcards. The materials can be downloaded from the Information Commissioner's website at http://www.ico.gov.uk/news/current_topics/think_privacy.aspx
  • Changes to the rules on using cookies and similar technologies for storing information (PDF, 112.4kB): the law which applies to how cookies and similar technologies for storing information on a user's equipment such as their computer or mobile device changed on 26 May 2011. This document sets out these changes and explains what steps need to be taken to ensure compliance.

Ministry of Justice

National Information Governance Board for Health and Social Care

Professional and representative bodies

  • General Medical Council - Confidentiality - October 2009: Guidance document available from the GMC website, which sets out the principles of confidentiality and respect for patients' privacy that doctors are expected to understand and follow. Supplementary guidance explaining how these principles apply in situations doctors often encounter or find hard to deal with is also available.
  • PSNC/RPSGB - NHS Information Governance Pharmacy Contractor Workbook - January 2010 (PDF 554Kb): This workbook has been developed by the Pharmaceutical Services Negotiating Committee and Royal Pharmaceutical Society of Great Britain, with the Department of Health, NHS Connecting for Health and NHS Employers to support community pharmacies in complying with Information Governance requirements.

Back to the top


Letters from Sir David Nicholson

  • NHS IG Assurance – Joint Letter from NHS CE and the Information Commissioner - September 2011: (PDF, 123.3kB)With changes planned to commissioning structures and with increasingly diverse care providers, Sir David Nicholson, Chief Executive of the NHS in England and Christopher Graham, Information Commissioner published a joint letter to ensure that the NHS and its partners continue to give information governance the priority and attention it needs. The letter also signals the intention of the NHS and the Information Commissioner’s Office to work together in supporting the NHS to deliver good information governance. The letter was distributed to all Chief Executives of strategic health authorities (SHAs), NHS Trusts and primary care trusts (PCTs).
  • NHS IG Assurance - Previous letters to the NHS from Sir David Nicholson: In order to clarify new and existing requirements, a series of papers was issued to NHS organisations setting out the organisations' responsibilities for information governance and for providing additional assurances on information governance to each SHA, or to Monitor, the Independent Regulator of NHS Foundation Trusts.

Back to the top


Information Governance reviews

Back to the top


Information sharing guidance

Children and third party information

Mental Health

Emergency Planning

Back to the top


Events

Information Governance workshops

In July 2010, the Department of Health commisioned a series of information governance workshops. These were primarily aimed at the role of the Senior Information Risk Owner and Information Asset Owners. Presentation slides for these workshops can be downloaded below.

In 2009 the Digital Information Policy team provided a series of workshops for Primary Care Trusts and General Practices, the materials below were provided to attendees.

Appendix D: PCT Resource pack information – models and templates designed as a guide for PCTs.

Appendix E: GP Resource pack information – models and templates linked to the relevant IG toolkit requirement to assist Practices in identifying any gaps in their toolkit evidence.

Appendix F: Staff IG awareness handouts/posters – designed by Surrey Health Community, the following materials can be edited allowing you to tailor them to your organisation and add your logo.

National Information Governance conference

In February 2009 the UK Council of Caldicott Guardians in conjunction with the Digital Information Policy team held a national conference for Caldicott Guardians and IG leads. Delegates were provided with the pack and copies of the appendices below.

Appendix A: The UK Council of Caldicott Guardians

Appendix B: The National Information Governance agenda

The following letters were issued by David Nicholson, Chief Executive of the NHS and Matthew Swindells, the Department of Health's interim Chief Information Officer. The letters were addressed to all NHS organisations setting out the organisations' responsibilities for the IG Toolkit and Standards for Better Health and for providing additional assurances on Information Governance to each Strategic Health Authority.

Appendix C: The NHS Information Governance Assurance Framework

Appendix D: Information Sharing

Back to the top


NHS Connecting for Health programmes

  • Choose and Book: this area of the website is aimed at NHS organisations implementing and using Choose and Book. To support the NHS in using the system, a range of guides, tools and training materials are available to download.
  • Infrastructure Security Team (N3 connection required): the Infrastructure Security Team aims to provide security information, advice and guidance which will enable organisations to see real benefits from security implementation, reduce the operational cost of insecure systems and advise on the risks relating to security controls to prevent implementation of costly and ineffective controls.
  • Registration Authorities and smartcards: a brief overview of the need for registration authorities and smartcards to enable secure and confidential access to National Programme for IT (NPfIT) services.
  • Registration Authorities (NHS staff only): Guidance and advice to organisations registering individuals as users of the NHS Care Records Service and other National Programme for IT (NPfIT) services. Here you will find current policy, guidance and processes to help you set up and manage a Registration Authority (RA).
  • Secondary Uses Service (SUS) is the single source of comprehensive data to enable a range of reporting and analysis. SUS supports the NHS and its partners in the areas of planning; commissioning; management; research; audit; public health; and a number of national initiatives, such as Payment by Results.
  • IG Statement of Compliance: the IGSoC is the agreement between NHS CFH and Approved Service Recipients that sets out the information governance policy and terms and conditions for use of NHS CFH services.

Back to the top


Back to the top


Related legislation

Back to the top