• Information governance

    What is information governance and how to protect the safety of patients and the practice in regards to sensitive data?

    Information governance

    Information governance (IG) is the term used to describe how organisations manage the way personal confidential information is handled and protected. It covers the behaviour and standards needed to ensure that confidential information is handled legally, securely, efficiently, effectively and in a way, which maintains public trust. It is based on the balance established in law between privacy and sharing of confidential data, which are fundamental to health and social care.

    This section aims to support GP practices and particularly their information governance leads, to meet the challenges that will arise from Patient Online and consider the implications of what it might mean to practices and their patients.

    See below for guidance, which includes implications for practices and patients, practice actions to support information governance, a planning checklist for practices, and links to further information and resources. Also see below for supporting material.


    Protecting the safety of patients and the practice – sensitive data

    All health care interventions have benefits, potential side effects and resource implications, and Patient Online is no different. Although there are clear benefits to patients and practices, Patient Online may also cause harm if the patient, or someone else, gains access to data that they find upsetting or harmful; if they come across data about other individuals in their record that should have been held confidentially by the practice; or if someone with malicious intent gains access to the record. This may affect the safety of the patient, the practice, and also practice team members and others if patients, or others, react aggressively to what they find in the record.

    This guidance describes how to implement Patient Online safely to mitigate these risks by carefully recording and redacting sensitive data at all times and registering patients for online access safely, screening every record for sensitive information.

    See below for guidance which includes information on how to manage Patient Online safely, considerations in regards to redaction of sensitive data, advice on creating a practice policy on checking patient's records before online access is switched on, when to refuse online access and how to deal with patient complaints about their records.

    Information governance - guidance for general practice:

    • Online services: Information governance and online access - guidance for general practice: PDF
    • Information governance overview: PDF
    • Protecting the safety of patients and the practice – Sensitive Data - guidance for general practice: PDF

    Information governance - supporting material:

    • Example registration form (for new applicants including record access): Word PDF
    • NHS England Materials for patients and Patient information leaflets
    • Coercion - Guidance for general practice: PDF
    • Information governance - checking for sensitive data - check list: Word I PDF
    • Information governance - getting ready check list: PDF
    • Identity verification - Guidance for general practice: PDF
    • Proxy access - Guidance for general practice: PDF
    • Patient Online: The Road Map: PDF
    • Patient Online: The Road Map Appendix 3 Information Governance Risk Register: PDF

    “Identity verification”, “Coercion”, “Proxy access” and “Protecting patients and practices” eLearning – available here (free registration/ login required)