5 min read

What is Information Governance?

By Gabriella Mangham on 09/07/21 16:05

What is Information Governance:

Information Governance is the system an organisation develops to handle information. This includes personal information on any level (e.g. clients, patients, employees, etc) and all corporate information (e.g. records, audits, financial, etc). 

The strategy will have to be compliant with any laws, regulations, and charters set out either by the government, industry, or your organisation.

What is Information Governance for the NHS:

The NHS is regulated with different laws than other industries and has developed their own Information Governance Strategy. This has to be compliant with many legal frameworks:

  • The NHS Act 2006.
  • The Health and Social Care Act, 2012.
  • The Data Protection Act, 2018.
  • The Human Rights Act.
  • EU General Data Protection Regulations (GDPR).
  • The NHS Digital Data Protection and Security Toolkit.
  • Elements of the international standard for information security management systems, namely ISO27001.

This may sound complicated, but essentially it is the 5 Ws:

  • Who can have information on patients and employees? 
  • What can they do with it? 
  • Where should it be stored? 
  • How long can they retain said information? 
  • How should it be stored? 

Firstly, who can have the personal information of patients? Strictly, only those the patient gives consent to. No individual patient should be identifiable to a secondary party, unless they consent to have their personal information shared. 

If you work within the NHS, before transmitting any information, you should if it’s necessary to share it at all. If you need to share a patient's information via an email or a written document of any kind, it is important to use their NHS number and not any of their personal information. No more than the absolute bare minimum should ever be sent in an email. 

So, what can you do with the information you do have? Some secondary uses include: research, audits, commissioning, contract monitoring, capacity planning, performance management reviews, service redesign and benchmarking. 

How should information be stored? The NHS has its own NHSnet or NHSmail to transmit sensitive data. Any software that the NHS buys has to be certified ISO27001 and have the best security systems.

If you are still unsure, you should consult your Region's or NHS England's Information Governance handbooks.

What is Information Governance for other organisations:

Every industry and organisation is regulated by Information Governance laws. In the UK, those laws are The Data Protection Act 1998, The Common Law Duty of Confidentiality and the International Information Security Standard (ISO/IEC 27002:2005). As well as, the Freedom of Information Act 2000, the General Data Protection Regulations (GDPR), and finally the Human Rights Act. 

The purpose of Information Governance for non-Healthcare organisations is to determine the value of the business information. This is so your organisation can:

  • Comply with regulatory, legal, audit, and discovery requests.
  • Easily access any information whenever you need.
  • Share the information smartly, simply and securely.
  • Keep customer and employee personal information, as well as any enterprise confidential information, safe.
  • Ensure any information is disposed of once it no longer is useful in a legal or business sense.
  • Confirm that all information is authentic and complete.

Strong Information Governance can make your organisation more effective, as it saves time and money.  Should you be taken to court it is important to ensure any questions are easy to answer. Therefore, your lawyers will spend less time in discovery, and it will become easier to see trends. It is estimated that companies could lose up to $900 million due to poor Information Governance! We have some tips on how to develop an effective strategy to avoid this.

What to take into account when drafting an Information Governance Strategy:

There are 6 key things to take into account when developing an Information Governance Strategy:

  1. Confidentiality — It is important that all sensitive information is dealt with appropriately. What are your organisation’s confidentiality procedures? What information will need consent to be shared? 
  2. Transportation — Confidential information should be sent securely and only on a need-to-know basis. Ask yourself: can I justify why this information should be sent in this way to this person?
  3. Storage — All personal and confidential information stored electronically should be backed up regularly and securely. The safety of this information should be a top priority in your organisation.
  4. Record Management — There needs to be a strategy for how all information, both paper and electronics, is stored and archived. 
  5. Training — It is key that your employees are taught and aware of how the Information Governance strategy will come into play. How your employees will be trained has to come into consideration, and the system has to be intuitive. 
  6. Lifecycle — How long should information be stored? This should take into account how long, legally, personal information can be stored. An archive can be expensive, but a useful addition to any Information Governance strategy. 

How to have a good Information Governance:

To have a good Information Governance in the modern day, technology must play a role. Security and accessibility are must-haves. Any information must be easily retrievable and protected with the best programming. ECM expert Chris Walker has identified 10 principles that form the basis of good Information Governance:

  1. Information is an asset.
  2. Information has purpose.
  3. Information has sources and targets.
  4. Information has deadlines.
  5. Information has consumers.
  6. Information carries obligations.
  7. Information carries risks.
  8. Information has many forms.
  9. Information isn’t immortal.
  10. Information demands accountability.


This means that information needs to constantly be regulated and reviewed. Having an Information Governance Officer can help with this. Another way is to ensure that all systems work for an easy check. Investing in a software solution, like Convene, with a comprehensive record library can ensure secure information management. 

How can Convene help you with Information Governance:

Convene’s board portal solution ensures that all information and data is easily accessible. With an intuitive design, Convene helps even the most technophobic feel comfortable when using our software. Just see our customer success stories! 

Our features make auditing, meeting minutes, and meetings easier. As mentioned, our Records' Library is a fundamental part of this, all meeting documents and more are easily accessible. This ensures only the right people can see it with only a simple click of a button! 

If you have any queries or would like to book a demo, don’t hesitate to contact us!

Gabriella Mangham

Written by Gabriella Mangham

Subscribe to the Convene blog to get regular tips and updates on Governance and Digital Transformation!