Data security and information governance
NHS Digital offers guidance on protecting data and handling information securely. Our guidance is designed to help health and care organisations meet the standards required to handle care information.
Search A-Z
Search A-Z
Codes of practice for handling information in health and care
What health and care organisations must do to look after information properly, covering confidentiality, information security management and NHS records management.
Cyber and data security
We protect our NHS and care organisations from cyber attacks and we monitor for new threats 24 hours a day. Our teams support organisations across the NHS with advice, assessments, and training.
Data Security and Protection Toolkit
The Data Security and Protection Toolkit is an online self-assessment tool that all organisations must use if they have access to NHS patient data and systems.
IG Statement of Compliance
IG requirements for organisations accessing NHS digital services including N3.
National Data Guardian (NDG)
The National Data Guardian independently advises advises on the use of confidential health and care information.
NHS and social care data: off-shoring and the use of public cloud services
National guidance for health and care organisations who want to use cloud services or data offshoring to store patient information.
Publication scheme
Our publication scheme, drawn up under the Freedom of Information Act 2000, fulfils the requirements of the Information Commissioner's Office (ICO) and sets out our commitment to make certain classes of information routinely available as per the model publication scheme for public authorities.
Secure Data Environment: Department for Health and Social Care access to the NHS England Secure Data Environment
The Department for Health and Social Care’s unique use of the NHS England Secure Data Environment requires some oversight functions to be delegated to ensure a timely response to specific parliamentary requests.
Supporting open data and transparency
Open data is data that can be used and shared by anyone, for any purpose. We make this data publicly available to improve transparency in health and care.
UK Caldicott Guardian Council
A Caldicott Guardian is a senior person responsible for protecting the confidentiality of people's health and care information and making sure it is used properly.