The DH and ICO have issued a joint letter to NHS chief executives and finance directors confirming their resolve to work together to ensure that information governance and the protection of sensitive patient information remains a high priority in the NHS at a time of changes to commissioning structures and care providers.

The letter stresses that all NHS organisations should:  

  • be using the NHS information governance toolkit;
  • ensure all staff take annual information governance training;
  • identify and train a board member to act as "serious information risk owner";
  • remind staff of their governance policies and that breaches will be regarded as a disciplinary matter; and
  • assist the information governance policy team in its risk assessment of all centrally hosted teams giving, as an example, public health observatories.  

PCT clusters are asked to produce an information governance assessment covering all constituent PCTs by 31 March 2012.

There is a reminder that the ICO can carry out data protection audits if requested to do so and organisations who would find this helpful are encouraged to contact the good practice team.  

Whilst the letter is friendly in its terms, it does remind readers of the ICO's power to impose a £500,000 fine for serious breaches of the Data Protection Act 1988!