Information governance

What is Information governance?

Information governance sits alongside other corporate governance initiatives, it is to do with the way organisations process or handle information. It covers personal information, relating to patients/service users and employees, and corporate information, e.g. financial and accounting records.

Information governance allows organisations and individuals to ensure that personal information is handled legally, securely, efficiently and effectively, in order to deliver the best possible care. It additionally enables organisations to put in place procedures and processes for their corporate information that support the efficient location and retrieval of corporate records where and when needed, in particular to meet requests for information and assist compliance with Corporate Governance standards.

Information governance provides a framework to bring together all the legal rules, guidance and best practice that apply to the handling of information, allowing:

  • implementation of central advice and guidance
  • compliance with the law
  • year on year improvements

At its heart, Information governance is about setting a high standard for the handling of information and giving staff the tools to achieve that standard. The ultimate aim is to demonstrate that an organisation can be trusted to maintain the confidentiality and security of personal information by helping individuals to practice good information governance and be consistent in the way they handle personal and corporate information and avoid duplication of effort, leading to improvements in:

  • information handling activities
  • patient and service user confidence in care providers
  • employee training and development

What are the standards and requirements that make up Information governance?

Information governance provides a consistent way for employees to deal with the many different standards and legal rules that apply to information handling, including:

  • The Data Protection Act 2018
  • The common law duty of confidence
  • The Confidentiality NHS Code of Practice
  • The NHS Care Record Guarantee for England
  • The Social Care Record Guarantee for England
  • The international information security standard: ISO/IEC 27002: 2005
  • The Information Security NHS Code of Practice
  • The Records Management NHS Code of Practice
  • The Freedom of Information Act 2000

The Department of Health has developed sets of information governance requirements, which enable NHS and partner organisations to measure their compliance with the information handling standards and legal rules. The requirements cover all aspects of information governance including:

  • data protection and confidentiality
  • information security
  • information quality
  • health / care records management
  • corporate information

Information governance can help improve patient/service user care

Information governance can help to improve the care and services that patients and service users receive by:

Improving the quality of information – accurate and complete patient/service user information means:

  • care professionals will be able to rely on the information to make decisions about care, treatment and services
  • care professionals will be able to rely on the information to communicate effectively with other professionals involved in providing services for the patient/service user
  • patients and service users will receive the most appropriate treatment or care in a timely manner
  • the risks posed by duplicate records will be minimised

Improving the security of patient/service user information – using robust security processes, controls and management means:

  • that the confidentiality of patient/service user information will be maintained
  • patients/service users will have increased confidence in the care organisation’s ability to manage their information securely and are therefore more likely to provide accurate, up-to-date information which ultimately improves the quality of care and services they receive.