Information Governance

Information Governance ensures the necessary safeguards for, and appropriate use of, personal confidential data.

The NHS Information Governance Framework is the means by which the NHS manages the handling of personal confidential data. The aim of the Framework is to enable the NHS and partner organisations to use personal confidential data in effective ways to deliver the best possible care and that this data is always used legally, securely and efficiently.

The Framework is managed by Health and Social Care Information Centre and brings together all requirements, standards and best practices that apply to the handling of personal confidential data.

The HSCIC implements national advice, guidance and policy and provides for planned year-on-year improvement in organisational performance.



The Health and Social Care Information Centre website provides up to date information for the following key areas of NHS information governance:

Information Governance Statement of Compliance (IGSoC). The agreement between Health and Social Care Information Centre and Approved Service Recipients that sets out the process by which organisations enter into an agreement with HSCIC for access to the NHS National Network (N3). The process includes elements that set out terms and conditions for use of HSCIC systems and services including the N3, in order to preserve the integrity of those systems and services.

Information Governance Toolkit. A tool with which organisations can assess their compliance with current legislation, UK Government directives and other national guidance. Version 11.2 of the IG Toolkit Is now live.

Information Governance Training Tool. A structured eLearning programme with Introductory, Foundation and Practitioner level modules; Introductory materials are designed for all staff members; Foundation materials build upon introductory modules and are relevant to those who process personal information as part of their role; Practitioner materials are primarily aimed for those in Information Governance roles.

This training enables NHS and organisations providing NHS services to educate all their staff in information governance principles and to ensure they meet their obligations to use personal confidential data properly.  Over 40 hours of training is available.

Confidentiality: Guidance on key patient confidentiality topics

Information Security: Guidance on key information security principles.

NHS Records Management: Including the Records Management Roadmap which contains a range of practical tools and guidance designed to support organisations in the implementation of an effective records management system in line with the principles contained in the Records Management: NHS Code of Practice.

The Roadmap comprises ‘how to’ materials in the form of templates and checklists to assist organisations in developing and implementing solid records management processes. It complements the guidance and knowledge-based materials in the Information Governance Toolkit.


ICO logo

The Information Commissioners Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest, promote openness by public bodies and data privacy for individuals. The ICO responsibilities and obligations cover:

Legislation: the Data Protection Act 1998, the Privacy and Electronic Communications Regulations 2003, the Freedom of Information Act 2000, the Environmental Information Regulations 2004, and the INSPIRE Regulations 2009;
Enforcing compliance with the legislation;
Maintaining the public register of data controllers.
Working with organisations to improve their processing of personal data;
Dealing with complaints from members of the public who are concerned about their information rights
Monitoring and issuing reports about the timeliness of organisations responding to freedom of information requests and adoption and operation of publication scheme across the public sector.

The ICO also has an international role including cooperation with similar organisations in Europe, the European Commission and other countries.