In support of DH policy, the National Information Governance Board published a briefing setting out a change to the Security Assessment process for section 251 applications. The change replaces the desk based review of security documentation and associated elements of the application process with a requirement for applicants to provide assurance through the IG Toolkit. Therefore, with immediate effect, all bodies (new and existing applicants) that are seeking access to NHS patient information via section 251 NHS Act 2006 applications to the ECC are required to provide IG assurances using the IG Toolkit assessment tool by following the process within the document below and demonstrating a satisfactory level of compliance.

The Health and Social Care Information Centre (HSCIC) have taken similar measures in relation to requests for either identifiable data where informed consent has been given or sensitive de-identified data items and those covering access to Registration data approved by Office of National Statistics (ONS) via the Data Access Advisory Group (DAAG). Applicants can provide assurance that good Information Governance practices are being maintained by:-

• Completing an IG Toolkit assessment (follow process within the document below to assist within this requirement) and meeting a satisfactory level of attainment or;
• Providing details of certification to DAAG directly against international security standard ISO 27002 or;
• Demonstrating that other assurances are in place (details of which must be provided to DAAG directly).

Please read the document below for further detail.

Download the process for IG assurance in support of ECC and DAAG applications