What is Information Governance?

Information Governance (IG) is the framework for handling information in a secure and confidential manner that allows organisations and individuals to manage patient, personal and sensitive information legally, securely, efficiently, and effectively in order to deliver the best possible healthcare and services.

IG applies to, and impacts on, everyone working for, or on behalf of the Care Group. Additionally, everyone working in the Care Group has a legal duty to keep information about others secure and confidential.

IG is concerned with the standards that should apply when information is processed. Information processing has five broad aspects that encompass how information is obtained, recorded, held, used and shared. Therefore, it is of paramount importance that the Care Group ensures that all information is:

  • Held safely and confidentially
  • Obtained fairly and effectively
  • Recorded accurately and reliably
  • Used effectively and ethically
  • Shared appropriately and lawfully

It brings together all of the legal requirements, standards and best practices (including policies and procedures, management and reporting arrangements, processes and controls, and training) that apply to the handling of patient, personal and sensitive information, including but not limited to:

  • Access to Health Records Act
  • Caldicott Principles
  • Code of Practice on confidential information
  • Common Law Duty of Confidentiality
  • Computer Misuse Act
  • Confidentiality: NHS Code of Practice
  • Data Protection legislation - UK Data Protection Act 2018 and the UK General Data Protection Regulation 2016 (GDPR)
  • Data Security and Protection Toolkit (DSPT)
  • Freedom of Information Act
  • Information Security Management: NHS Code of Practice
  • Network and Information Systems (NIS) Regulations 2018
  • Records Management Code of Practice 2021.

The Care Group collects, stores and uses large amounts of personal confidential data every day, such as care records, personnel records and computerised information. This data is used by many people in the course of their work. IG allows the Care Group to demonstrate to the public that it takes its responsibilities to safeguard information seriously. It also aims to protect patient information and confidentiality and to protect the Care Group and its staff.

You can review our policies below on how we achieve this in Tower Hamlets GP Care Group. 

Meet our team

Sana Sabat

Information Governance Officer (IGO)



Christoper Norton 

Governance Manager, Senior Information Risk Owner (SIRO)


Toby Longwill 

Medical Director, Caldicott Guardian (CG)


Umar Sabat

Data Protection Officer



All Information Governance queries can be directed to the Information Governance inbox at: thgpcg.informationgovernance@nhs.net

For Subject Access Requests and Freedom of Information Requests please visit our online portal. 

Please note that we do not accept subject access requests via email. All requests must be made via the online portal. 

Further information about Subject Access Requests can be found here. 


Staff Policies and Privacy Notices

Information and Governance Policy

Data and Protection Confidentiality Policy

All Employees Privacy Notice

GDPR and Fair Processing

Privacy Notice for children and young people

Children Privacy Notice

Videos and recordings

Recording phone calls Privacy Notice

Video Consultations Privacy Notice

Video Recordings Privacy Notice

Subject Access Request

Subject Access Requests

Requests to see records and other related information about yourself are known as 'Subject Access Requests'. You have a right to get a copy of the information that is held about you.

Find out more