Website of the Department of Health
Please note that this website has a UK government access keys system.
Page menu
You are here:
Information security
Vast quantities of sensitive information are handled by the NHS and its partners every day so guidance and policy have been designed to protect patients and NHS staff.
Information Security Management: NHS Code of Practice
The Information Security Management: NHS Code of Practice is a guide to the methods and required standards of practice in the management of information security for those who work within or under contract to, or in business partnership with NHS organisations in England. It is based on current legal requirements, relevant standards and professional best practice.
This Code of Practice replaces: HSG 1996/15 – NHS Information Management and Technology Security Manual. The Code provides a key component of information governance arrangements for the NHS. It is part of an evolving information security management framework because risk factors, standards and practice covered by the Code will change over time. The guidelines contained within the Code of Practice apply to NHS information assets of all types.
Information security and risk management
Information governance good practice guidelines
The Connecting for Health website contains information governance good practice guidelines. It is designed for NHSNet users only.
Protecting the NHS infrastructure
Information systems used by NHS organisations and their information partners are becoming increasingly interconnected. This creates many new and useful benefits. But at the same time, these arrangements introduce new risk factors. Many of the critical services that are essential to the well-being of the UK are dependent, to a greater or lesser extent, on information technology. These services are provided by both public and private sector organisations. The Government is identifying the core services that need to be secured from electronic attack and is seeking to work with those organisations responsible for these systems so that these services are protected in a way that is proportional to the threat. This is known as the Critical National Infrastructure (CNI) protection programme.
Security update, 21 September 2001
This update provides further Information Policy Unit guidance on NHS information security issues, and the NHS security arrangements that underpin them.
Reminder about information security, 17 September 2001
The recent events in the US have tragically illustrated the uncertainties associated with security generally and the need to track and manage changing risk factors. Issues of information technology are no different. Risk factors may change or new ones appear at a pace that might easily outdate protective safeguards that have already been implemented or recovery plans that had previously been developed and tested.
Cryptographic services for the NHS
This section provides detail of the considerations applicable to the selection and deployment of cryptographic services generally and for their potential to underpin and support NHS digital information processing requirements.
Frequently asked questions about Public Key Infrastructure
Questions about the role of Public Key Infrastructure (PKI) in safeguarding sensitive data and protecting critical systems in the NHS and social care.
Access keys
