Skip to main content

Part of NHS Digital annual report and accounts 2018 to 2019

Our regulatory and compliance framework

Current Chapter

Current chapter – Our regulatory and compliance framework


Our regulatory and compliance framework includes (but is not limited to):

The published guidance of the National Data Guardian, Department of Health and Social Care and NHS England:

  • Caldicott Report - Review of Patient-Identifiable Information 1997
  • Caldicott 2 Report - Information: To Share or Not To Share? The Information Governance Review 2013
  • Caldicott 3 Report - Review of Data Security, Consent and Opt-Outs 2016
  • Care Quality Commission - Safe Data, Safe Care: Data Security Review 2016
  • Code of Practice on Confidential Information, NHS Digital
  • Common law duty of confidentiality
  • Confidentiality: NHS Code of Practice 2003

NHS Acts including:

  • NHS Act 2006
  • Health and Social Care Act 2012
  • Care Act 2014

Legislation affecting the management of information:

  • Data Protection Act 2018 and EU General Data Protection Regulation
  • Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426)
  • Environmental Information Regulations 2004
  • Freedom of Information Act 2000
  • ICO Code of Practice and Anonymisation Standard
  • Public Records Act 1958
  • Human Fertilisation and Embryology Act 1990
  • Gender Recognition Act 2004
  • Statistics and Registration Service Act 2007
  • The False or Misleading Information (Specified Care Providers and Specified Information) Regulations 2015
  • Official Statistics Order 2018/888
  • Information Security Management: NHS Code of Practice 2007
  • International Information Security Standard: ISO/IEC 27001:2013 and ISO/IEC 27002:2013
  • International Standard on Records Management ISO 15489-1:2016
  • BS 10008 Evidential Weight and Legal Admissibility of Electronic Information
  • Records Management Code of Practice for Health and Social Care 2016
  • The UK Statistics Authority, established under the Statistics and Registration Service Act 2007, guides our statistical work through its Code of Practice for Official Statistics. The authority monitors and can comment publicly on compliance with the code. It also formally assesses compliant statistics for  designation as National Statistics

Legislation impacting management of public services:

  • Re-Use of Public Sector Information Regulations 2005
  • Copyright, Designs and Patents Act 1988
  • Human Rights Act 1998, Article 8
  • Equality Act 2010
  • Public Contracts Regulations 2015
  • European Union exit-related legislation

Last edited: 7 October 2019 4:46 pm