Confidentiality: NHS Code of Practice

This code of practice provides detailed guidance for NHS bodies concerning confidentiality and patient’s consent to use their health information. It also details the required practice the NHS must follow concerning security, identifying the main legal responsibilities for an organization and also details employee’s responsibilities

Employee Code of Practice

Guidance produced by the Information Commissioner detailing the data protection requirements that relate to staff / employee and other individual’s information

HSC2002/003

Caldicott Guardians & Implementing the Caldicott Standard into Social Care

Provides guidelines relating to sharing of patient identifiable information and promotes the appointment of a senior health professional to oversee the implementation of the guidance. The Trust Caldicott Guardian is the Medical Director

Records Management: NHS Code of Practice 2006

Provides guidance to improve the management of NHS records, explains the requirements to select records for permanent preservation, lists suggested minimum requirements for records retention and applies to all information, regardless of the media, applicable to all personnel within the NHS such as patients, employees, volunteers etc. Aids compliance with the Data Protection and Freedom of Information Acts

ISO/IEC 27001 / 17799 Information Security Standards

These are the accepted industry standard for Information Management and Security and have been adopted by all NHS organizations. It is also a recommended legal requirement under principle 7 of the Data Protection Act.