Introducing the Information Governance Alliance

The Information Governance Alliance (IGA) is a group of national health and care organisations that are working together to provide a joined up and consistent approach to information governance

For more information about the IGA please visit the IGA web pages.

The IGA has identified a set of key existing health and care information governance documents on confidentiality, security and records management.

A key objective for the IGA is ensuring that guidance is consistent and high quality. Their work programme therefore includes reviewing key existing information governance materials that have been produced by members.


Key guidance from the Department of Health

Confidentiality: NHS Code of Practice (PDF 220Kb):  The Code is the core guide to required practice for those who work within or under contract to NHS organisations concerning confidentiality and people who use health and care services’ consent to the use of their health records.

Confidentiality: NHS Code of Practice Supplementary Guidance: Public Interest Disclosures (PDF 112Kb):  This document expands upon the principles set out within the Department of Health's core guidance Confidentiality: NHS Code of Practice. The document is aimed at aiding staff in making difficult decisions about when disclosures of confidential information may be justified as in the public interest.

"Striking the Balance" - Guidance on information sharing - Gateway reference 17380:  This guidance is a joint publication by the Department and the UK Council of Caldicott Guardians. Its purpose is to assist those who need to share information about individuals involved in domestic violence, for example at a MARAC (Multi Agency Risk Assessment Conference) – a local, multi agency victim-focused meeting where information is shared on the highest risk cases of domestic abuse between different agencies.

Key guidance from NHS England

Information Governance and Risk Stratification: Advice and Options for Clinical Commissioning Groups and General Practices (PDF 801Kb):  The guidance explains the information governance issues relating to risk stratification; provides a checklist of steps that general practices, clinical commissioning groups (CCGs), and other organisations involved in risk stratification should undertake to comply with the law and describes a range of options that CCGs can use to conduct risk stratification legally.

Who Pays? Information Governance Advice for Invoice Validation (PDF 750Kb):  This guidance is for anyone who is involved in the creation, submission, receipt, validation, or payment of invoices for health care services funded by the NHS. It helps clinical commissioning groups to understand their commissioning responsibilities and to determine who pays for a patient’s care.

Key guidance from the Health and Social Care Information Centre

A guide to confidentiality in health and social care: Treating confidential information with respect:  A five-rule guide designed to strike the right balance between sharing and protecting personal confidential information. The guide starts from the historic cornerstone of medical practice that promises confidentiality between doctor and patient, while also recognising that people who use health and care services and the wider public can all reap the benefits from the sharing of information about their care.

The Information Governance Review and Government Response

Information: To Share or Not To Share? The Information Governance Review (PDF, 776.5kB):  Following a request from the Secretary of State for Health, Dame Fiona Caldicott carried out this independent review of information sharing to ensure that there is an appropriate balance between the protection of patient information and the use and sharing of information to improve patient care.

Information: To Share or not to Share - Government Response to the Caldicott Review (PDF, 757.9kB):  The Government response that accepted all the recommendations of the Caldicott Report, including the revised Caldicott Principles. The response sets out how individuals and organisations should improve the way that information is used for research, commissioning and above all for good care.

Key guidance from the Information Commissioner’s Office

Anonymisation: Managing data protection risk - Code of practice (PDF 2.87Mb):  The code explains the issues surrounding the anonymisation of personal data, and the disclosure of data once it has been anonymised. It explains the relevant legal concepts and tests in the Data Protection Act 1998, and provides good practice advice that will be relevant to all organisations that need to convert personal data into a form in which individuals are no longer identifiable.

Data sharing - Code of practice (PDF 466Kb):  The code explains how the Data Protection Act 1998 applies to the sharing of personal data. It also provides good practice advice that will be relevant to all organisations that share personal data.

Information Security

Key guidance from the Department of Health

Information Security: NHS Code of Practice (PDF 340Kb):  The Department of Health core guide to the methods and required standards of practice in the management of information security for those who work within or under contract to, or in business partnership with, NHS organisations in England.#

Key guidance from the Health and Social Care Information Centre

Approved Cryptographic Algorithms (PDF 504Kb):  Guidance on standards for cryptographic algorithms and key sizes

Disposal and Destruction of Sensitive Data (PDF 324Kb):  Provides guidance for organisations on the disposal and destruction of sensitive data.

General Principles for Securing Information System (PDF 130Kb):  Provides introductory information on general principles for securing information systems.

Business Continuity and Disaster Planning (PDF 148Kb):  Provides guidance for organisations implementing business continuity planning and disaster planning procedures.

Key national codes of practice

The three documents below are available via the IG Toolkit to NHS IG Toolkit administrators only, who are authorised to download one copy on behalf of their organisation.

BS ISO/IEC 27002:2013 Information technology - Security techniques - Code of practice for information security controls: This is the international standard for information security management. It provides a useful reference for those wishing to gain a greater understanding of the security controls, or those who wish to become fully compliant with the standard.

BS ISO/IEC 27001:2013 Information technology - Security techniques - Information security management systems - Requirements: This guidance is used to formulate an Information Security Management System (ISMS) (that is part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security) for those organisations wishing to fully comply with the standard.

BS ISO/IEC 27005:2011 Information technology - Security techniques - Information security risk management: This International Standard provides guidelines for information security risk management in an organisation, supporting in particular the requirements of an information security management (ISMS) according to ISO/IEC 27001.

Records Management

Key guidance from the Department of Health

Records Management: NHS Code of Practice Part 1 (PDF, 222.4kB):  The Department of Health’s core guide to the required standards of practice in the management of records for those who work within or under contract to NHS organisations in England.

Records Management: NHS Code of Practice Part 2 (PDF, 583.6kB):  This annexe sets out the minimum periods for which the various records created within the NHS or by predecessor bodies should be retained, either due to their ongoing administrative value or as a result of statutory requirement. A version for editing is also available at: Records Management: NHS Code of Practice Part 2 (DOC, 645.0kB).

Page Processing Time: 0.02 seconds
Page Render Time:  seconds
Supported By: SOCITM society logo SOCITM Local CIO Council logo Directors of adult social services logo