Information governance - Your information

Information governance (IG) is the way in which the NHS handles all of its information, in particular the personal and sensitive information relating to patients and employees.

It provides a framework to ensure that personal information is dealt with legally, securely, efficiently and effectively, in order to deliver the best possible care. 

It also offers NHS employees a clear structure to deal consistently with the many different rules about how information is handled, including those set out in:

• The Data Protection Act 2018;
• The Common Law Duty of Confidentiality;
• The Confidentiality NHS Code of Practice;
• The NHS Care Record Guarantee for England;
• The Social Care Record Guarantee for England;
• The Information Security NHS Code of Practice;
• The Records Management NHS Code of Practice;
• The Freedom of Information Act 2000.

• The penalties for breaking data protection and associated laws can be significant. Organisations can be fined up to £500,000 for each breach or subject to other sanctions
• Individuals responsible for breaches may be subject to disciplinary action that can result in dismissal
• Staff morale can be hit – and reputations which organisations have worked hard to build over many years can take even longer to rebuild among local communities.

Fair Processing notice

A Fair Processing notice is a written statement that individuals are given when information is collected about them. As a minimum, a privacy notice should tell people who we are, what we are going to do with their information and who it will be shared with.

Information governance statement of compliance

The information governance statement of compliance (IG SoC) is the process by which organisations enter into an agreement with HSCIC for access to the NHS National Network (N3).

NHS NEW Devon CCG have gained approval status. More information can be found within the certificate below: