Information governance framework and policy

The information governance framework and policy explains how the NHS in Essex manages, uses and protects personal and confidential information to keep it safe and support high-quality care.

For more information, read the full Information governance framework and policy by downloading the accessible Word document at the end of this page.

Who the policy applies to

  • patients and members of the public
  • NHS Essex staff
  • contractors and partner organisations working with NHS Essex

Why this policy is important

Information is essential for running health services and caring for patients.

This policy helps to:

  • keep personal and sensitive information safe
  • make sure information is used fairly and correctly
  • support safe, high-quality care
  • build trust between the public and NHS Essex

Protecting your personal information

Personal information includes details that can identify you, such as your name or health records.

NHS Essex works to:

  • keep your information private and secure
  • only use the minimum information needed
  • make sure data is accurate and up to date
  • only keep information for as long as needed

Your rights

You have clear rights about how your information is used.

These include the right to:

  • know how your data is used
  • see your information
  • ask for mistakes to be corrected
  • object to how your data is used in some cases

Using and sharing information

NHS Essex sometimes needs to share information to provide care and improve services.

This means:

  • sharing information safely between services
  • only sharing when there is a clear reason
  • asking for consent when needed
  • following strict rules to protect your privacy

Keeping information safe and secure

The organisation has systems and processes to protect information.

This includes:

  • controlling who can access information
  • using secure systems and processes
  • regularly checking for risks
  • acting quickly if something goes wrong

Managing risks and incidents

NHS Essex monitors risks and manages any issues involving data.

This helps to:

  • prevent mistakes or data breaches
  • learn from incidents
  • improve how information is handled over time

Keeping good records

The organisation manages records from when they are created to when they are safely destroyed.

This ensures:

  • information is easy to find and use
  • records are kept safe
  • data is disposed of securely when no longer needed

Roles and responsibilities

  • all staff must understand how to handle information safely
  • staff must follow guidance and protect confidential data
  • NHS Essex must provide systems, training and support
  • risks must be reported and managed quickly

Policy review

This policy was approved on 1 April 2026 and is due for review in April 2027.

For full details, download the accessible Word version of the policy below.

Information governance framework and policy (452kB docx)

Page last reviewed:
Next review date: