• Home
  • Information Governance

Information Governance

NCL Wide

Practice responsibilities for Information Governance

The Information Governance (IG) Framework for health and social care is formed by those elements of legislations, regulations, policies and procedures from which applicable IG standards are derived and the activities and roles which individually and collectively ensure that these standards are clearly defined and met.

NHS England (NHSE) states that the completion of a self-assessment is necessary in order for practices to ensure that their NHSE services continue to be provided. This is because every practice receiving these services needs to sign up annually to an IG Statement of Assuranc,e and the only way this can be signed/submitted is through the Data Security and Protection Toolkit online assessment.

The Data Security and Protection Toolkit is accessible online and annual IG/Data Security and Protection assessments can be started at any time once the new version is made available by NHS Digital. Each assessment must be completed and published by the GP practice before 30 June each year.

Practices are responsible for adhering to the regulations and requirements of the Data Protection Act 2018 and UK General Data Protection Regulations (UK GDPR).

Freedom of information requests on cyber security

Following cyber attacks in 2016-17, the Cabinet Office issued a letter and guidance on how to handle requests for information about cyber security. Please ensure your practice reads the documents to make sure requests are responded to appropriately without creating further risk of cyber attacks.

Data Protection Officer

If you have any Data Security and Protection queries or issues, please contact the Data Protection Officer for GPs, federations and primary care networks, Steve Durbin e: dpo.ncl@nhs.net

More information on IG

Further details regarding IG compliance can be found on the NHS Digital website.


Review date: Friday, 05 July 2024