Friday, August 25, 2006

NHS responsibilities for information governance

Thanks to an anonymous friend for the contents of this letter from the acting head of the National Health Service:
Department of Health
Richmond House
79 Whitehall

21 August 2006

Gateway Ref: 7042

To: SHA Chief Executives

Dear Colleague

National Programme for IT — responsibilities and information governance

Following the recent NAO report and PAC Chief Executive’s hearing, I want to restate the key responsibilities and accountabilities in relation to the National Programme for IT.

New arrangements shared with you at the NHS Management Board in July will ensure that we can deliver our commitment to implement the pertinent NAO recommendations on implementation and tracking progress against the business cases. These arrangements are as follows:

  • you are the appointed SRO for implementation and benefits realisation of the programme for your part of the NHS

  • you should appoint a CIO who can report to you and be accountable for delivery of the NPfIT. It is expected that the CIO will work collaboratively with commissioning and service development colleagues to ensure there is a joined up approach to exploiting the benefits of the technology in pursuit of service transformation and improvements in quality safety and productivity

  • you should put in place implementation programmes with identified benefits streams which are robust, achievable and supported across the health community

  • you will provide annual statements of benefits realised across the NHS in your area. The scope and mechanism for reporting will be developed collaboratively by SHAs, the National Programme and ISIP

  • PCT CEOs are delegated SROs for their areas and that PCTs should have the necessary capability to deliver the NPfIT locally, working with their providers

  • reinforce in the FT diagnostic and PCT development process the accountabilities and capabilities required to deliver the IM&T agenda successfully.

The scope and function of the National Programme Office will be extended to ensure the capacity exists to incorporate the SHA programmes. A single source of data will exist to report progress against implementation plans and benefits realised as recommended in the NAO report. The same information source will support the management of risks and issues and the identification of the need for intervention down the management line through Duncan Selbie, the Director General of Commissioning.

Information Governance and the Care Record Guarantee

The Care Record Guarantee has been endorsed by Ministers and is available at and in the ‘what’s new in patient confidentiality and Access to Health Records’ section at It sets out the principles the NHS should establish to enable patient information to be shared appropriately by health care staff to improve standards of care, while ensuring that it is kept securely and confidentially. It is important to note that the provisions of the guarantee apply to all local patient information systems, whether a new NPfIT application/compliant application or not.

It is possible that publication of the Care Record Guarantee will promote local enquiries from the public regarding how information on them is held and used locally and of their options for influencing decisions on those matters. NHS organisations are advised to strengthen existing arrangements for dealing with such enquiries, and to ensure with local partners a review of Information Governance to ensure that local procedures for using and sharing patient information reflect as far as possible the commitments within the Care Record Guarantee.

To assist in this exercise, a high-level review of Information Governance in the NHS was carried out by the National IT Programme Board and its recommendations were agreed by ministers earlier this year. It is available at The Department of Health has also issued v4 of the Information Governance Toolkit in June 06, currently available at From early September, it will also be available on the NHS CFH website together with guidance on the Information Governance responsibilities of Organisations using the Care Record Service.

The annual compliance statement of all NHS organisations for 06/07, based on the Information Governance toolkit, will reflect the delivery of these requirements.

I have asked Richard Jeavons to oversee this work on my behalf and he will be happy to discuss this further with you if that would be helpful.

Yours sincerely


cc. SHA CIOs
Richard Jeavons
Richard Granger
Gordon Hextall

No comments: