About information governance

The legal framework governing the use of personal confidential data in health care is complex. It includes the NHS Act 2006, the Health and Social Care Act 2012, the Data Protection Act, and the Human Rights Act.

The law allows personal data to be shared between those offering care directly to patients but it protects patients’ confidentiality when data about them are used for other purposes. These “secondary uses” of data are essential if we are to run a safe, efficient, and equitable health service. They include:

  • Reviewing and improving the quality of care provided
  • Researching what treatments work best
  • Commissioning clinical services
  • Planning public health services

Generally speaking, people within the healthcare system using data for secondary purposes must only use data that do not identify individual patients unless they have the consent of the patient themselves.

Information governance support materials

Further information: