ABSTRACT
In the face of new developments in information technology and rapid computerisation the NHS must do its best to ensure that patient information is processed fairly, respectfully, confidentially, and is secured from uncontrolled, unauthorised and inappropriate access. The foundation of the framework for information governance is provided by legislation as well as the NHS and professional body guidance. The main legislation and legal requirements are: the common law duty of confidentiality and Data Protection Act 1998. The main objective of information governance is to give guidance on the handling of patient data. The Caldicott Principles are guidelines as to what should be observed when information about patients needs to be passed on. Any member of staff clinical or non-clinical passing on information about patients must abide by these rules. The rules are Justify the purposes; Do not use patient-identifiable information unless it is absolutely necessary; and Understand and comply with the law.
