You are here: Home Services & Applications Information Governance (IG) Information Security
 

Principles of information security

The principles of information security require that all reasonable care is taken to prevent inappropriate access, modification or manipulation of data from taking place. In the case of the NHS, the most sensitive of our data is patient record information.

In practice, this is applied through three cornerstones - confidentiality, integrity and availability

  • Information must be secured against unauthorised access - confidentiality
  • Information must be safeguarded against unauthorised modification - integrity
  • Information must be accessible to authorised users at times when they require it - availability

Information Governance is there to ensure these principles are upheld by setting clear guidelines (policy) for all NHS users.

More importantly, Information Governance provides guidance and an update to the contractual controls that protect patient, system and employee information.

Without these contractual controls there is no way for the NHS to support, through legal action, human rights, data protection or other forms of regulation, the levels of protection we all work so hard to maintain.

Please visit Information Governance audit and security incident management.

NHS Information Risk Management

The guidance on this page is aimed at those responsible for managing information risk within NHS organisations, including SIROs and Information Asset Owners (IAOs). It reflects Government guidelines and is consistent with the Cabinet Office report - Data Handling Procedures within Government (PDF 278Kb) The page also contains the checklist for managing serious untoward incidents. Please visit NHS Information Risk Management

Information Security Management NHS Code of Practice

Visit NHS Codes of Practice and legal obligations for the 'Information Security Management: NHS Code of Practice'.

Infrastructure Security

Please also visit the Infrastructure Security website (N3 connection required).

NHS encryption tool

NHS Connecting for Health has completed the national procurement of an encryption solution for removable media and full disk encryption on behalf of the NHS. For all the latest information relating to this NHS encryption tool initiative, please visit the encryption tool section. Any further queries can be directed to cfh.encryptiontool@nhs.net.

Encryption policy guidance

Policy guidelines on use of encryption to protect person identifiable and sensitive information (PDF 191Kb). This document published by the Digital Information Policy team in January 2008, contains policy information about the use of encryption in the NHS.