Robust information governance enables organisations to safeguard the privacy and confidentiality of personal confidential information. In the new commissioning environment, information governance will remain vitally important as it deals with particularly sensitive and personal issues for patients. Liability for information governance rests with the legal entity controlling that information, even where this is contracted out, and organisations need to ensure they comply with their legal obligations. The Information Commissioner's Office (ICO) has the ability to set monetary penalties against organisations up to £500,000 for serious breaches of the Data Protection Act.
The Secretary of State for Health has asked Dame Fiona Caldicott to undertake a review of information governance to consider the right balance between sharing and protecting patient and service user information. Whilst the Review may make recommendations it will remain individual information controller's duty to ensure that all information processing is fully compliant with existing information governance rules and legal obligations particularly in the context of Data Controllers and Data Processors. Further information can be found here.