Information Governance – information data protection, confidentiality and other legal matters

Practice Leads

  • Doctors: Ramesh Mehay (Clinical Information Governance Lead)
  • Admin: Chris Rushton (Deputy Information Governance Lead)

Date Reviewed

6th July 2016

Date of Next Review

September 2017

Basic Rule: If you are ever unsure whether to disclose information...

If you are ever unsure about whether to give out information to somebody or not, please contact Chris Rushton first and DO NOT give out any information until you have spoken to him.  He will involve Dr Mehay if clinical advice is required.  There are Information Governance Leads at the CCG that can be contacted for further advice (and Chris Rushton/Ramesh Mehay will do this if further expertise is required).

But the request for information is urgent and Chris or Ram are not here

  • Seek the advice of one of the GP partners at Ashcroft.
  • You can also seek the opinion of an experienced member of admin staff like Pam Brown.
  • It is important to use your judgement to strike a balance between the harm that could be done to a patient's health if information is not used or shared and the risk of breaching confidentiality if information is shared.  If you feel sharing information is necessary to avoid or reduce harm or distress to anyone, then the legal framework in the UK will generally support it.
  • Remember, the police do NOT have the automatic right to medical information (unless there has been gun or terrorist crime).
  • Giving information to patients or relatives can usually wait - so if you are unsure whether to disclose something, wait until you can speak to Chris or Ram.

What is Information Governance and why is it so important?

We all know what information is, which is essentially data about something or someone.    Governance is another word for control of something or the manner in which something is governed.   Therefore, Information Governance (in the NHS) is about the way information about patients is controlled or governed or handled.   And it is really important that we control or 'protect' the way a patients information is handled because otherwise patient's would be fearful to tell us anything if they felt that information could easily leak out.   So, Confidentiality is all about maintaining trust with patients.  Confidentiality is so important that it is protected by law.  And for that reason, Information Governance/Confidentiality is a really important area for all NHS staff to understand.   Breaking the basic rules of Information Governance could lead to you losing your job - because it is part of your job description to know and understand them.   On top of that, the practice you work for can end up facing a heavy fine.   And if you do break the rules, saying something like 'I didn't know the rules, no-one told me' will not get you out of trouble - because you have some personal responsibility to make sure you are familiar with them.   So, please read this webpage carefully.  Most of it is common sense and we hope is easy reading for you.

Now, think about this for a moment.

Patients entrust us with (or allow us to gather) some very sensitive information about their health or other matters. They do this in confidence and (quite rightly) expect us to keep this infomation private. We have all been patients at some time or another. As a patient, would you be upset if information about you leaked out to someone had no right to know things about you? How would it make you feel? Would you feel that your privacy had been violated? Would you trust the doctors, nurses or the reception staff at that pratice?

That's exactly why we must try our best to keep information about our patients private and reduce the chances of this information landing in the wrong hands.   In some circumstances, patients may lack the competence to extend this trust or may be unconscious, but this does not diminish the duty of confidence.  It is essential that we continue to provide a confidential service in order to secure the trust of our patients.   Information should only be furnished where proper informed consent has been obtained or given; consent means permission or agreement to do something.

I think I might have done something wrong in terms of Information Governance

If you think you have done something wrong in terms of Information Governance (for example, breaching one of the rules), please do NOT keep it a hidden secret.  Please tell Chris Rushton, our Deputy Information Governance Lead.    He will make sure that

  1. Early corrective measures are put in place to protect patients.
  2. Make a log of it  - this needs to happen so it can be discussed as a significant event where we can learn from it to prevent similar occurences in the future.
  3. Ensure that it is discussed as a significant event amongst the partners shortly afterwards.

Please report things as soon as possible - even if the breach was not because of you.   The practice can be fined for breaches, but the penalty is less if we can show we took action as early as possible and tried to make things right.    Failure to report a breach is one of the factors taken into consideration by the ICO when assessing monetary penalties.


Other Medico-Legal Matters

A full range of advice sheets on all sorts of medico-legal matters can be found on this link:  It is a useful page by MPS and it provides fact sheets to cover the following.

  • Complaints & Claims
  • Communication
  • Confidentiality
  • Consent
  • Mental Capacity
  • Out of Hours Care
  • Patient Safety
  • Preparing for Court
  • Prescribing
  • Primary Care
  • Records & Reprots
  • Telemedicine