We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Looking after information
Data security and information governance to keep health and care information safe and share it securely.
How we look after information
We take our responsibility for looking after care information very seriously. We follow legal rules, guidance and practices known as Information governance for our data collections and IT Infrastructure Systems.
Read more about how NHS Digital makes sure your information is safe.
Data security and information governance
NHS Digital offers guidance on protecting data and handling information securely.
Our guidance is designed to help health and care organisations meet the standards required to handle care information.
-
internal Data and cyber security: protecting information and data in health and care
Our Data Security Centre supports health and care to keep patient information and computer systems safe.
-
external UK Caldicott Guardian Council
A Caldicott Guardian is a senior person responsible for protecting the confidentiality of people's health and care information and making sure it is used properly.
-
external National Data Guardian (NDG)
Dame Fiona Caldicott independently advises on the use of confidential health and care information.
-
external IG Statement of Compliance
IG requirements for organisations accessing NHS digital services including N3.
-
internal NHS and social care data: off-shoring and the use of public cloud services
National guidance for health and care organisations who want to use cloud services or data offshoring to store patient information.
-
internal Data Security and Protection Toolkit
The Data Security and Protection Toolkit is an online self-assessment tool that all organisations must use if they have access to NHS patient data and systems.
-
internal Codes of practice for handling information in health and care
What health and care organisations must do to look after information properly, covering confidentiality, information security management and NHS records management.
-
internal Publication scheme
Our publication scheme, drawn up under the Freedom of Information Act 2000. It fulfils the requirements of the Information Commissioner as set out in the model publication scheme for FOI public authorities.
-
internal Supporting open data and transparency
Open data is data that can be used and shared by anyone, for any purpose. We make this data publicly available to improve transparency in health and care.
-
internal Information Governance Alliance (IGA)
Strategic information governance advice is now being provided by NHSX.
Your personal information choices
We collect information from the records health and social care providers keep about the care and treatment they give.
We can only provide access to identifiable information if it will be used to promote health or support improvements in the delivery of care services in England or the government decides it's an emergency or in the public interest.