The principles of information security require that all reasonable care is taken to prevent inappropriate access, modification or manipulation of data from taking place. In the case of the NHS, the most sensitive of our data is patient record information.
In practice, this is applied through three cornerstones - confidentiality, integrity and availability
- Information must be secured against unauthorised access - confidentiality
- Information must be safeguarded against unauthorised modification - integrity
- Information must be accessible to authorised users at times when they require it - availability
Information Governance is there to ensure these principles are upheld by setting clear guidelines (policy) for all NHS users.
More importantly, Information Governance provides guidance and an update to the contractual controls that protect patient, system and employee information.
Without these contractual controls there is no way for the NHS to support, through legal action, human rights, data protection or other forms of regulation, the levels of protection we all work so hard to maintain.