Information governance

What is Information Governance?

Information Governance (IG) is about how to manage and share information or data appropriately. This includes information about patients collected digitally.

This includes understanding how to treat information about patients, and if and when you should share that information with others who are involved in that care.
It also relates to the use of data for other purposes such as research or evaluating the quality of care.

Why is understanding IG important?

In the UK the main legislation related to IG is the EU General Data Protection Regulation (GDPR) and the UK Data protection Act 2018. It is important that you understand the general principles for data protection in your work. Patients, their families and you (as employees) expect data about them (often known as personal information) or information that could mean that they could be identified (known as sensitive information) is managed and used appropriately.

The laws surrounding IG can be complex, and it can sometimes be difficult to identify if you should be sharing patient information with others (either individuals or organisations).

Basic Principles

Information should be:

• used fairly, lawfully and transparently
• used for specified, explicit purposes
• used in a way that is adequate, relevant and limited to only what is necessary
• accurate and where necessary kept up to date
• kept for no longer than is necessary
• handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, loss, destruction or damage.

Where can I go for more information?

NHSX has an Information Governance portal which brings together national guidance on IG – to give you clear and consistent guidance on what to do in different situations, if you work in health and care organisations.