[Skip to content]

Search our Site
National Patient Safety Agency

Information governance

Information governance is the set of standards the NHS must follow to ensure it carries out its duty to maintain full and accurate information and keep that information confidential and secure.


Compliance with information governance standards in the NHS is measured against the Connecting for health information governance toolkit.


Information governance in the NPSA covers the following areas:


Records management


Records are a valuable resource because of the information they contain.


High quality information underpins the delivery of a high quality service. Information has most value when it is accurate, up-to-date and accessible when it is needed.


An effective records management service ensures information is properly managed and is available whenever and wherever there is a justified need for that information, and in whatever media it is required.


Information security


Without effective security, NHS information assets may become unreliable and untrustworthy, may not be accessible where or when needed, or may be compromised by unauthorised third parties.


All NHS organisations and those who supply or make use of NHS information have an obligation to ensure there is adequate provision for the security management of the information resources that they own, control or use.


Confidentiality and data protection

The duty of confidence arises when one person discloses information to another (e.g. patient to clinician) in circumstances where it is reasonable to expect that the information will be held in confidence. Information provided in confidence should not be used or disclosed in a form that might identify an individual without his or her consent. There are a number of exceptions to this rule but it applies in most circumstances.

Patients have a right of access to health information about themselves. This is governed by the Data Protection Act 1998.