Information cyber security policy

The information cyber security policy explains how the NHS in Essex protects information from unauthorised access, loss or damage and keeps services safe, reliable and trustworthy for everyone who uses them.

For more information, read the full Information cyber security policy by downloading the accessible Word document at the end of this page.

Who the policy applies to

  • patients and members of the public
  • NHS Essex staff
  • contractors and partner organisations working with NHS Essex

Why this policy is important

Protecting information is essential to delivering safe health services.

This policy helps to:

  • keep personal and confidential information safe
  • make sure systems work when they are needed
  • prevent data loss, cyber attacks and misuse
  • build trust between NHS Essex and the public

Keeping your information safe

NHS Essex stores information securely, whether it is on paper or on a computer.

The organisation works to make sure:

  • only authorised people can see information
  • information is accurate and up to date
  • systems are available when needed
  • data is protected from cyber threats

Protecting personal and confidential data

Personal data includes details that can identify you, such as your name or health information.

NHS Essex:

  • protects this data at all times
  • limits access to people who need it for their work
  • reviews risks and takes action to reduce them

Preventing cyber risks and security breaches

The policy focuses on reducing risks such as hacking, viruses or accidental data loss.

To manage this, NHS Essex:

  • uses secure systems and devices
  • checks for risks and monitors information use
  • investigates and responds quickly to any incidents
  • learns from issues to improve safety

Safe use of devices and technology

Staff use devices like laptops, phones and email systems safely.

This includes:

  • keeping devices secure and not leaving them unattended
  • using passwords to protect accounts
  • not sharing sensitive information in unsafe ways
  • working safely when away from the office

Handling and disposing of information

Information is managed carefully throughout its life.

This means:

  • storing information securely
  • only keeping it for as long as needed
  • safely destroying paper and digital records when no longer required

Working safely online

Staff must use the internet and email responsibly.

They must not:

  • access illegal or harmful content
  • misuse NHS systems
  • share information inappropriately

This helps protect both the organisation and the public.

Roles and responsibilities

  • all staff must protect information and follow security guidance
  • staff must report any risks or security incidents quickly
  • NHS Essex must put systems in place to keep information safe
  • managers support staff to understand and follow the rules

Policy review

This policy was approved on 1 April 2026 and is due for review in April 2028.

For full details, download the accessible Word version of the policy below.

Information cyber security policy (103kB docx)

Page last reviewed:
Next review date: