Locala cannot guarantee the accuracy of this translation service.

Information Governance

Each year we have to complete the Information Governance (IG) Toolkit and submit our evidence the NHS Health and Social Care Information Centre. In our recent submission (for 2015/16) we achieved Level 2 against all IG standards with a score of 75%. This is classed as a 'satisfactory' score - it meets the requirement for us to be able to access NHS patient data and demonstrates that we are practising good information governance. While this is a self-assessment our Internal Audit colleagues have independently reviewed a sample of our submission and given 'substantial assurance' for the validity of our work. You can access the results here.

A little more background information for you

What is the IG Toolkit?

The Information Governance Toolkit is a performance tool produced by the Department of Health (DH) and now hosted by the Health and Social Care Information Centre (HSCIC). It draws together the legal rules and central guidance set out above and presents them in one place as a set of information governance requirements. The organisations described below are required to carry out self-assessments of their compliance against the IG requirements.

What are the information governance requirements?

There are different sets of information governance requirements for different organisational types. However all organisations have to assess themselves against requirements for:

Management structures and responsibilities (eg assigning responsibility for carrying out the IG assessment, providing staff training, etc).

Confidentiality and data protection.

Information security.

What is the purpose of the information governance assessment?

The purpose of the assessment is to enable organisations to measure their compliance against the law and central guidance and to see whether information is handled correctly and protected from unauthorised access, loss, damage and destruction.

Where partial or non-compliance is revealed, organisations must take appropriate measures, (eg assign responsibility, put in place policies, procedures, processes and guidance for staff), with the aim of making cultural changes and raising information governance standards through year on year improvements.

The ultimate aim is to demonstrate that the organisation can be trusted to maintain the confidentiality and security of personal information. This in-turn increases public confidence that ‘the NHS’ and its partners can be trusted with personal data.