skip to main content

Easy Read Information

Information Security is about how we look after information in a safe and proper way. This page gives more details of how we look after confidential information.

What we do

Information Security Management forms part of the wider Information Governance Agenda that all NHS organisations must adhere to, which ensures they follow the statutory requirements set out in legislation, guidance and general best practice. This, in turn, ensures the protection of patient records and key information services

Robust information management also needs to be in place to guarantee the three cornerstones of Information Security:

  • Confidentiality – Information must be secured against unauthorised access.
  • Integrity – Information must be safeguarded against unauthorised modification.
  • Availability – Information must be accessible to authorised users at the times at which they require it.

Without effective security, The information that the NHS holds may become unreliable and untrustworthy, may not be accessible where and when needed, or may be compromised by unauthorised third parties. All NHS organisations (and those who supply or make use of NHS information) therefore have an obligation to ensure that there is adequate security management of the information resources that they own, control or use.

NHS information assets may consist of:

  • Digital or hard copies of patient health records.
  • Digital or hard copies of administrative information.
  • Digital media (for example, CD ROMs, DVDs and USB memory sticks).
  • Computerised records, including those that are processed in networked, mobile or stand-alone systems.
  • Email, text and other message types.

Information, regardless of its format, is critical to the NHS, and is also critical to the delivery of effective patient care and the smooth running of other business processes.

The importance of having accurate, up-to-date and accessable information is vital for patient care. If the information we hold is incorrect, outdated or cannot be found, it can cause disruption and distress to patients and relatives, as well as creating a risk to the patient’s care.

This Trust also understands the factors involved to ensure the key elements of information security are followed upon the creation of a new system. This is because NHS information may be required to:

  • Support patient care and continuity of that care.
  • Support day-to-day business processes that help improve the delivery of that care.
  • Support good clinical practice backed up by strong evidence.
  • Support the promotion of good community health and speedily communicate any emergency guidance.
  • Support good decision-making, that also helps improve the knowledge the NHS holds.
  • Meet legal requirements, including requests from patients under the provisions of the Data Protection Act or the Freedom of Information Act.
  • Assist clinical or other types of audit.
  • Support improvements in clinical care and effectiveness through completed research.
  • Support the archiving of information by taking into account its improtance.
  • Support patient choice and control over treatment and services

The Department of Health publishes its Code of Practice in relation to Confidentiality and information management. Its purpose is to identify and address security management in the processing and use of NHS information and is based on current legal requirements, relevant standards and professional best practice.

Further details and advice on the principles of information security is available from the NHS Digital website.


Contact us

Information Assurance Office
Derwent House
188 - 192 London Road
L3 8JN

Tel: 0151 706 3671