We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Codes of practice for handling information in health and care
Code of practice on confidential information
Any organisation that collects, analyses, publishes or disseminates confidential health and care information must follow the Code of practice on confidential information. It clearly defines the steps that organisations must, should and may take to ensure that confidential information is handled appropriately. The code will help organisations put the right structures and procedures in place so that front-line staff follow the confidentiality rules. It provides good practice guidance to those responsible for setting and meeting organisational policy on the handling of confidential health and care information, such as board members.
The 'Confidentiality: NHS Code of Practice' sets out what health and care organisations have to do to meet their responsibilities around confidentiality and patients' consent to use their health records. It's based on legal requirements and best practice.
Information security management NHS code of practice
The 'Information Security Management: NHS Code of Practice' is a guide to the management of information security, for those who work in or with NHS organisations in England. It's based on current legal requirements, relevant standards and professional best practice, and its guidelines apply to NHS information assets of all types.
NHS Information Governance - Guidance on Legal and Professional Obligations
NHS Information Governance - Guidance on Legal and Professional Obligations provides best practice guidance on legal issues in health and care information governance. It covers a range of complex legal and professional obligations that limit, prohibit or set conditions for management, use and disclosure of information and a range of statutes that permit or require information to be used or disclosed. Where necessary, organisations should obtain professional legal advice.