What is Information Governance?
Information Governance ensures necessary safeguards for, and appropriate use of, patient and personal information. Key areas are information policy for health and social care, IG standards for systems and development of guidance for NHS and partner organisations.
Information Governance provides a framework to bring together all the legal rules, guidance and best practice that apply to the handling of information, allowing:
- implementation of central advice and guidance;
- compliance with the law;
- year on year improvement plans.
At its heart, Information Governance is about setting a high standard for the handling of information and giving organisations the tools to achieve that standard. The ultimate aim is to demonstrate that an organisation can be trusted to maintain the confidentiality and security of personal information, by helping individuals to practice good information governance and to be consistent in the way they handle personal and corporate information.
There are many different standards and legal rules that apply to information handling, including:
- The Data Protection Act 1998.
- The common law duty of confidence.
- The Confidentiality NHS Code of Practice.
- The NHS Care Record Guarantee for England.
- The Social Care Record Guarantee for England.
- The international information security standard: ISO/IEC 27002: 2005.
- The Information Security NHS Code of Practice.
- The Records Management NHS Code of Practice.
- The Freedom of Information Act 2000.
Due to the range and complexity of the standards and legal rules, the Department of Health has developed sets of information governance requirements, available in the IG Toolkit, which enable NHS and partner organisations to measure their compliance. The requirements cover all aspects of information governance including:
- data protection and confidentiality;
- information security;
- information quality;
- health / care records management;
- corporate information.
Information Governance ensures the appropriate use of information (both corporate and personal). All staff with access to NHS patient information undertake appropriate information governance training.