Information governance guidance

Information Governance Framework: Shared Care Records

The Information Governance Framework for Integrated Health and Care: Part 1 - Shared Care Records has been developed to provide a structured approach to ensure Shared Care Records meet their legal obligations.

Use and share information with confidence

This guidance will support you to use and share information with confidence when caring for patients and service users.

Using video conferencing and consultation tools

This guidance sets out how video conferencing and consultation tools can be used safely and securely.

Information sharing in Multidisciplinary Teams (MDTs)

A MDT is a group of health and care staff from different organisations and professions that together make decisions regarding the treatment of individual patients and service users. There are some IG considerations when working as part of an MDT.

Sharing information with the voluntary sector

This guidance provides information to health and care organisations on how information about patients and service users can be shared safely with the voluntary sector

Use of mobile devices by patients in hospitals

This guidance provides advice for patients using mobile devices such as phones, tablets and cameras in acute hospitals.

Video conferencing with colleagues

This advice sets out the IG considerations when staff are using video conferencing tools to communicate with other members of staff during the COVID-19 pandemic.

Access to patient records through the NHS App

The NHS App is changing to make it easier for patients to read new entries in their GP record. This guidance covers the key things that patients, GPs and IG professionals should know.

Sharing information with unpaid carers

This guidance aims to advise those being cared for, carers and health and care professionals about how to share confidential information about an individual to support their care.

Integrated care systems (ICSs), integrated care boards (ICBs) and integrated care partnerships (ICPs) - a quick guide

Advice for information governance professionals on sharing information between organisations within different collaborative systems, as well as determining controllership arrangements.

Universal information governance templates and FAQs

NHS England has produced a suite of universal IG templates to support health organisations’ lawful collection, processing and sharing of information.

HIV and Sexually Transmitted Infections (STIs)

A guide to how HIV and STI information is kept confidential, used and shared.

A just culture guide for information governance and cyber security

This guidance supports organisations to understand and embed a just culture in their information governance (IG) and cyber security risk management work, taking a compassionate approach to and learning from any data incidents.

Personal data breaches and related incidents

This guidance provides advice to patients and service users on what a personal data breach is and to help health and care organisations deal with personal data breaches.

Records Management Code of Practice

The Records Management Code of Practice sets out how records relating to health and care should be managed.

Sharing information with the police

This guidance is about disclosure of information by health and care organisations to the police.

What is and isn’t direct marketing?

The ICO has produced wider guidance on direct marketing for the public sector. This guidance, produced by the panel, specifically considers the rules on direct marketing in the context of health and care communications.

Understanding Health Data Access (UHDA)

A suite of short films and resources explaining the rules that govern how health and social care data is shared beyond the treatment of individuals.

Bring your own device (BYOD) guidance

BYOD is a service offered by organisations to their employees to enable them to use their own devices for work, such as mobile phones, laptops and tablets. This guidance focuses on the IG considerations.

Using mobile messaging

This guidance will support the safe and secure use of mobile messaging software in health and care settings.

Subject Access Requests

This guidance will help you understand what a Subject Access Request is and how they are responded to.

Consent and confidential patient information

This guidance is about consent and what it means when sharing Confidential Patient Information.

Email and text message communications

This guidance is about how you can safely use email and text messages to communicate with patients and service users.

Template for email and text message communications

This is a template policy which can be adapted for when using text and emails to communicate with patients/service users.

Caldicott principles

Eight principles to ensure people's information is kept confidential and used appropriately.

Amending patient and service user records

This guidance provides advice on patients and service users requesting changes to their health and care records. It also covers how staff should amend records.

Access to the health and care records of deceased people

This guidance provides advice on access to health and care records following the death of an individual.

Preparing for the UK COVID-19 Inquiry

This guidance does not constitute legal advice. It is for each individual organisation to ensure they are appropriately prepared to respond to any request from the inquiry and seek independent legal advice where required.

Information sharing in social care

This guidance will support adult social care professionals with their legal duty to share information to support individual care.

Inquiries, reviews, investigations and court orders in health and social care services

This guidance is aimed at providing health and care services with IG advice on how to deal with requests for records from statutory public enquiries, non-statutory public enquiries, and courts.

Requesting information from a public body: freedom of information

The Freedom of Information Act (FOIA) allows people to request any recorded information held by a public body. This guidance is to help health and care organisations deal with Freedom of Information (FOI) requests.

Virtual wards

Virtual wards support people, who would otherwise be in hospital, to receive the care and treatment they need in their own home or usual place of residence. Virtual wards are suitable for a range of conditions that can be safely and effectively monitored at home including respiratory conditions, heart failure and COVID-19.

Artificial Intelligence

This guidance focuses on the IG implications of using AI in health and care settings, and should help support the lawful and safe use of data for AI innovations.

Legal requirements for using health and care data in data-driven technologies

This guidance gives an overview of the legal requirements for using health and care data in the development and deployment of data-driven technologies.

Accessing health and care data for research on data-driven technology

This guidance gives a step-by-step overview of the process for accessing health and social care data for research of data-driven technologies.

UK GDPR guidance for researchers and study coordinators

This operational guidance has been produced by the Health Research Authority for researchers and study coordinators on the implications of the UK GDPR for the delivery of research in the UK.

Guidance for CAG Applicants

Detailed guidance from the Health Research Authority on submitting an application to Confidentiality Advisory Group (CAG) for both research and non-research purposes.

Information governance in local quality improvement

This guide by Healthcare Quality Improvement Partnership (HQIP), describes how information governance (IG) laws and principles apply to the use of personal data in multi-agency healthcare quality improvement studies.