Classification of Sensitive Information
[A consistent system for the classification of information within the NHS organisations enables common assurances in information partnerships, consistency in handling and retention practice when information is shared with non-NHS bodies. [NB. New guidance is being developed that is aimed to achieve consistency of information handling practice throughout the NHS]].
[The organisation] shall implement appropriate information classifications controls, based upon the results of formal risk assessment and guidance contained within the IG Toolkit to secure their NHS information assets.
The classificationNHS Confidential – shall be used for patients’ clinical records, patient identifiable clinical information passing between NHS staff and between NHS staff and staff of other appropriate agencies. In order to safeguard confidentiality, the term “NHS Confidential” shall not be used on correspondence to a patient in accordance with the Confidentiality: NHS Code of Practice. Documents so marked shall be held securely at all times in a locked room to which only authorised persons have access. They shall not be left unattended at any time in any place where unauthorised persons might gain access to them. They should be transported securely in sealed packaging or locked containers. Documents marked NHS Confidential not in a safe store or in transport should be kept out of sight of visitors or others not authorised to view them.
The classificationNHS Restricted -shall be used to mark all other sensitive information such as financial and contractual records. It shall cover information that the disclosure of which is likely to:
· adversely affect the reputation of the organisation or it’s officers or cause substantial distress to individuals;
· make it more difficult to maintain the operational effectiveness of the organisation;
· cause financial loss or loss of earning potential, or facilitate improper gain or disadvantage for individuals or organisations;
· prejudice the investigation, or facilitate the commission of crime or other illegal activity;
· breach proper undertakings to maintain the confidence of information provided by third parties or impede the effective development or operation of policies;
· breach statutory restrictions on disclosure of information;
· disadvantage the organisation in commercial or policy negotiations with others or undermine the proper management of the organisation and its operations.
NHS Restricted documents should also be stored in lockable cabinets