This site uses cookies to improve your user experience. By using this site you agree to these cookies being set. To find out more, please read our privacy policy.

Information Governance

NHS Informatics Merseyside provides expert guidance on protecting data and handling information securely.

Information Governance (IG) is the framework for handling information in a secure and confidential manner that allows organisations and individuals to manage patient, personal and sensitive information legally, securely, efficiently, and effectively in order to deliver the best possible healthcare and services. 

Our service remit includes:

  • Access to records and data subject access requests.
  • Caldicott Guardian and Senior Information Risk Owner functional support.
  • Clinical and non-clinical records management (electronic and hard copy).
  • Mental health clinical coding (ICD10 and OPCS4).
  • Data protection and confidentiality.
  • Freedom of Information (FoI) and Environmental Information Regulations Requests.
  • Information Governance (including general enquiries, strategies, policies, procedures and guidance, etc.).
  • Information risk management (including incident investigation and support).
  • Information security.
  • Confidentiality and information sharing.
  • Information Governance training.

Service features

  • An experienced and qualified team of experts in Information Governance and Security, Records Management, and Clinical Coding.
  • Data Protection Officer as a Service (DPOaaS).
  • Training course design and delivery on all aspects of protecting data and handling information securely. 
  • Strategy and policy writing service covering Information Governance and Security, Records Management and Clinical Coding.
  • Review and management of Information Governance and security risks and breaches, including serious incidents. 
  • Advice and support to senior Information Governance roles including Senior Information Risk Owner (SIRO), Caldicott Guardian (CG) and Data Protection Officer (DPO).
  • Provision of advice and guidance on information access requests in accordance with relevant legislation.
  • Completion of Data Protection Impact Assessments (DPIA) to help identify and minimise data protection risks.
  • Data Security and Protection Toolkit (DSPT) compliance support to provide assurance that organisations are practicing good data security and handle personal information correctly.
  • Production of Data Sharing Agreements (DSA) to help demonstrate compliance with the UK General Data Protection Regulation (UK GDPR), the Common Law Duty of Confidentiality and other Data Protection law beyond the outline strategic view given in the Data Protection Impact Assessment (DPIA).
  • Liaison with Information Commissioner’s Office (ICO) and Care Quality Commission (CQC).
  • Records management advice and support - a scanning bureau service will be available in the near future.

Service standards

  • Masters level expertise in Web Sciences and Big Data. 
  • Experienced and knowledgeable Information Governance professionals who have completed Caldicott Guardian and Senior Information Risk Owner training.
  • Service delivered in accordance with the Data Security and Protection Toolkit (DSPT) standards. 

Service achievements

NHS Informatics Merseyside’s Information Governance Service has achieved 'Standards Met' and 'Significant Assurance' for our Data Security and Protection Toolkit (DSPT) submissions across multiple organisations during a significant period of transition. This  demonstrated the service’s knowledge and experience in responding to the complexity of managing Data Protection and Information Governance arrangements spanning organisational and care boundaries.