Please view our cookie policy that explains what cookies are and how they are used on our website. This also provides you with a guide on how to disable cookies, but please be aware that parts of the site will not function correctly if you disable them.

By closing this message, you consent to our use of cookies on this device in accordance with our cookie policy unless you have disabled them.

North Cumbria University Hospitals NHS Trust - 70 years of the NHS

Home > About us > How we govern our organisation > Information governance

Information governance

The Trust recognises the need for an appropriate balance between openness and confidentiality in the management and use of information. The Trust fully supports the principles of corporate governance and recognises its public accountability, but equally places importance on the confidentiality of, and the security arrangements to safeguard, both personal information about patients and staff and commercially sensitive information. The Trust also recognises the need to share patient information with other health organisations and other agencies in a controlled manner consistent with the interests of the patient and, in some circumstances, the public interest.

The Trust believes that accurate, timely and relevant information is essential to deliver the highest quality health care. As such it is the responsibility of all clinicians and managers to ensure and promote the quality of information and to actively use information in decision-making processes.

There are 4 key interlinked strands to our information governance policy:

  • Openness
  • Legal compliance
  • Information security
  • Quality assurance

Openness

The Trust recognises the need for an appropriate balance between openness and confidentiality in the management and use of information:

  • Non-confidential information on the Trust and its services is available to the public through a variety of media (including the publication scheme), in line with the Trust’s code of openness
  • The Trust has established and maintains policies and procedures to ensure compliance with the Data Protection Act, Freedom of Information Act and common law duty of confidentiality
  • The Trust undertakes or commissions annual assessments and audits of its policies and arrangements for openness
  • Patients have ready access to information relating to their own health care, their options for treatment and their rights as patients
  • The Trust has clear procedures and arrangements for liaison with the press and broadcasting media
  • The Trust has clear procedures and arrangements for handling queries and requests for information from patients and the public

Legal Compliance


  • The Trust regards all identifiable personal information relating to patients as confidential
  • The Trust undertakes or commissions a programme of assessments and audits of its compliance with legal requirements
  • The Trust regards all identifiable personal information relating to staff as confidential except where national policy on accountability and openness requires otherwise
  • The Trust has established and maintains policies to ensure compliance with the Data Protection Act, Human Rights Act and the common law of confidentiality in line with Department of Health and “Connected for Health” Guidance
  • The Trust has established and maintains policies for the controlled and appropriate sharing of patient information with other agencies, taking account of relevant legislation (e.g. Health and Social Care Act, Crime and Disorder Act, Children Act, Criminal Justice Act)

Information Security

  • The Trust maintains policies for the effective and secure management of its information assets and resources
  • The Trust undertakes or commissions a programme of assessments and audits of its information and IT security arrangements
  • The Trust promotes effective confidentiality and security practice to its staff through policies, procedures and training
  • The Trust has established and maintains incident reporting procedures and monitors and investigates all reported instances of actual or potential breaches of confidentiality and security
  • The Trust manages its Information Security using the ISO/IEC 27000 series of standards

Information Quality Assurance

  • The Trust has established and maintains policies and procedures for information quality assurance and the effective management of records
  • The Trust undertakes or commissions a programme of assessments and audits of its information quality and records management arrangements
  • Managers are expected to take ownership of, and seek to improve, the quality of information within their services
  • Wherever possible, information quality should be assured at the point of collection
  • Data standards are set through clear and consistent definition of data items, in accordance with national standards
  • The Trust promotes information quality and effective records management through policies, procedures/user manuals and training

An assessment of compliance with the requirements in the Information Governance toolkit (IGTK) is undertaken each year. Annual reports are provided to the Trust Board, and action plans developed and reported regularly through the relevant committees.