Doc menu

12.2 Information governance

Health records are confidential. They should be shared only on a need-to-know basis. Information governance ensures necessary safeguards for, and appropriate use of, patient and personal information. There should be systems in place to protect the confidentiality and security of patient information and provide access to relevant information only to those who need it. In practice, this is addressed through three fundamental principles - confidentiality, integrity and availability.

Confidentiality - Information must be secured against unauthorised access.

Integrity - Information must be safeguarded against unauthorised modification.

Availability - Information must be accessible to authorised users at times when they require it.

In order to maintain these principles, the following standards must be observed:

  • All patient information should be recorded factually, lawfully and  as transparently as possible to allow the public to:
    • understand the reasons for processing personal information
    • give their consent for the disclosure and the use of personal information
    • gain their trust in the way the service provider handles the information
    • understand their rights to access information held about them.

Patients’ medical records and reports from imaging examinations must be stored in a secure place within a specified time and a duplicate record kept. This may be in paper or digital format such as Picture Archiving and Communications Systems (PACS). A report should be produced for all examinations.

  • Images (whether hard copy or digital) must be provided for all examinations except where it has been agreed and documented that this practice is unnecessary.
  • Images and records must be kept in accordance with agreed local policy and to comply with statutory requirements.
  • Particular attention must be given to insurance, indemnity, public liability and data protection.

Content tools

Accessibility controls

Text size