Back to Information governance
NHS England - Transformation Directorate
We hope that you find the guidance on these pages useful. Have we done a good job? Let us know through our feedback form, or alternatively contact us
Available now - our free elearning provides practical tips and real life scenarios to enhance your understanding of the principles for sharing information securely for individual care, research and planning.
Use and share information with confidence
This guidance will support you to use and share information with confidence when caring for patients and service users.
Integrated care systems (ICSs), integrated care boards (ICBs) and integrated care partnerships (ICPs) - a quick guide
Advice for information governance professionals on sharing information between organisations within different collaborative systems, as well as determining controllership arrangements.
Universal information governance templates and FAQs
NHS England has produced a suite of universal IG templates to support health organisations’ lawful collection, processing and sharing of information.
Personal data breaches
This guidance will help health and care organisations deal with personal data breaches, for example, losing personal information. It provides advice on what a personal data breach is and the steps that need to be taken if a breach occurs.
Sharing information with the police
This guidance is about disclosure of information by health and care organisations to the police.
What is and isn’t direct marketing?
The ICO has produced wider guidance on direct marketing for the public sector. This guidance, produced by the panel, specifically considers the rules on direct marketing in the context of health and care communications.
Bring your own device (BYOD) guidance
BYOD is a service offered by organisations to their employees to enable them to use their own devices for work, such as mobile phones, laptops and tablets. This guidance focuses on the IG considerations.
Subject Access Requests
This guidance will help you understand what a Subject Access Request is and how they are responded to.
Consent and confidential patient information
This guidance is about consent and what it means when sharing Confidential Patient Information.
Inquiries, reviews, investigations and court orders in health and social care services
This guidance is aimed at providing health and care services with IG advice on how to deal with requests for records from statutory public enquiries, non-statutory public enquiries, and courts.
Virtual wards support people, who would otherwise be in hospital, to receive the care and treatment they need in their own home or usual place of residence. Virtual wards are suitable for a range of conditions that can be safely and effectively monitored at home including respiratory conditions, heart failure and COVID-19.
This guidance focuses on the IG implications of using AI in health and care settings, and should help support the lawful and safe use of data for AI innovations.
Legal requirements for using health and care data in data-driven technologies
This guidance gives an overview of the legal requirements for using health and care data in the development and deployment of data-driven technologies.
Accessing health and care data for research on data-driven technology
This guidance gives a step-by-step overview of the process for accessing health and social care data for research of data-driven technologies.
UK GDPR guidance for researchers and study coordinators
This operational guidance has been produced by the Health Research Authority for researchers and study coordinators on the implications of the UK GDPR for the delivery of research in the UK.
Information governance in local quality improvement
This guide by Healthcare Quality Improvement Partnership (HQIP), describes how information governance (IG) laws and principles apply to the use of personal data in multi-agency healthcare quality improvement studies.