Skip to main content

Research Repository

Advanced Search

Analysis of Information governance and patient data protection within primary health care

Smith, Mike; Buchanan, William J; Thuemmler, Christoph; Bell, Derek; Hazelhoff Roelfzema, Nicole


Mike Smith

Christoph Thuemmler

Derek Bell

Nicole Hazelhoff Roelfzema


The introduction of Information Governance throughout the NHS in Great Britain from 2004 onwards, saw Pri-mary Care Medicine subject to a regulatory regime aligning current practice with codes, ethics, legislation and standards. However the Information Commissioners Office, as regulator of Healthcare Data Controllers, has issued statu-tory Undertakings to stem the tide of continued leakage of sensitive health data. Drawing on research from America, the issue of IT Security Risk is presented as problematic given the limitations of surveys indentifying industry trends and is viewed beyond the traditional Threat Value Asset Matrix towards a framework incorporating the reasonable man –taking all due care and diligence as is reasonably practicable in the circumstances. Following the identification of major problems across 10% of English general practices in comply-ing with both Confidentiality and Data Protection Assurance, and Information Security Assurance, a national survey of GP Practices was undertaken to investigate security incidents and risk. Contemporaneous to this, information on reported unto-ward security incidents was obtained from the regulator and all Health Boards across Scotland. Together, these results identified actual risk to securing patient data and concerns voiced from within the sector. This may be of relevance to practitioners, managers as well as policy makers particularly where changes to the structure of the NHS are proposed.


Smith, M., Buchanan, W. J., Thuemmler, C., Bell, D., & Hazelhoff Roelfzema, N. (2010). Analysis of Information governance and patient data protection within primary health care. International Journal for Quality in Health Care,

Journal Article Type Article
Publication Date 2010
Deposit Date Jan 31, 2011
Publicly Available Date Jan 31, 2011
Print ISSN 1353-4505
Electronic ISSN 1464-3677
Publisher Oxford University Press
Peer Reviewed Peer Reviewed
Keywords Risk management; risk assessment; risk control; information privacy; information security; compliance; healthcare; IT management;
Public URL


You might also like

Downloadable Citations