Skip Navigation

Information security and standards

We offer guidance and support for standards that allow organisations to handle health and care data safely and securely.

How we look after information

We take our responsibility for looking after care information very seriously. We follow legal rules, guidance and practices known as Information Governance for our data collections and IT Infrastructure Systems.

Read more about how NHS Digital makes sure your information is safe.

Information Governance

NHS Digital offers guidance on looking after information. This guidance helps health and care organisations meet the standards required to handle information.

UK Caldicott Guardian Council

A Caldicott Guardian is a senior person responsible for protecting the confidentiality of people's health and care information and making sure it is used properly.

View our latest guidance on responding to the cyber attack on the NHS on 12 May 2017

Including technical information on patching to protect against attack.

NHS Public Key Infrastructure (PKI)

The infrastructure security system that supports smartcards.

Information Security

Safeguards and guidelines for protecting patient data.

See more

Information Standards

An information standard is defined in the Health and Social Care Act 2012 as: "a document containing standards that relate to the processing of information". Care organisations need to follow them, or have a good defence for why not.

Visit the current directory of standards and collections.

Terminology and Classifications

National standards for recording and categorising information to support care delivery, statistical analysis, research and the reimbursement of health and care providers.

Image representing NHS Data Model and Dictionary Service

NHS Data Model and Dictionary Service

The NHS Data Model and Dictionary develops, maintains and supports NHS data standards.

Information Standards and Collections

The development, assurance and approval of information standards, data collections and data extractions (ISCE).

Common User Interface (CUI)

The design of common methods to use healthcare IT systems relies on standards and guidance.

Your personal information choices

We collect information from the records health and social care providers keep about the care and treatment they give.

We can only provide access to identifiable information if it will be used to promote health or support improvements in the delivery of care services in England or the government decides it's an emergency or in the public interest.

If you do not want your information to be used for any purpose beyond providing your care you can choose to opt-out by informing your GP.

Find out more about your choices

Have a question? Call us on 0300 303 5678 or contact

Tell us what you think of the new website beta.

We use cookies to provide you with a better service. Carry on browsing if you're happy with this, or find out how to manage cookies. Find out more