Information governance

Welcome to NHS England’s central hub for disseminating information about Information governance.

The legal framework governing the use of personal confidential data in health care is complex. It includes the NHS Act 2006, the Health and Social Care Act 2012, the Data Protection Act, and the Human Rights Act.

The law allows personal data to be shared between those offering care directly to patients but it protects patients’ confidentiality when data about them are used for other purposes. These “secondary uses” of data are essential if we are to run a safe, efficient, and equitable health service. They include:

  • Reviewing and improving the quality of care provided
  • Researching what treatments work best
  • Commissioning clinical services
  • Planning public health services

Generally speaking, people within the healthcare system using data for secondary purposes must only use data that do not identify individual patients unless they have the consent of the patient themselves.

Information Governance Support Materials

Further information:



NHS England is working closely with partner organisations such as the Health and Social Care Information Centre (HSCIC). Further advice and guidance can therefore also be found on the HSCIC website.