Information security refers to processes which are designed and implemented to protect all forms of information, but especially person-identifiable, confidential, and sensitive information, from unauthorised access, misuse, disclosure, destruction, modification, or disruption. The security of data in the NHS, especially patient information, is crucial and must remain secure at all times, both in transit and whilst at rest.

Individuals expect that their information will be held securely and confidentially at all times.

All staff are personally responsible for ensuring that they handle information with care and respect. It is their responsibility to protect this information from those who are not authorised to use it or view it. They must ensure that whilst in their care, and when transporting this information to somebody else, they have done everything possible to protect this information and comply with the law and relevant NHS guidance.

Information and systems used to store it are important assets and it is essential to take all the necessary steps to ensure that they are protected, available and accurate at all times to support the operation of the Trust.

The Trust acknowledges that it must protect its own assets, as well as those of its partner organisations. It aims to preserve the following security principles.

  • Confidentiality
    Access to information must be confined to those with a specific work related need-to know and specific authority to view the information.
  • Integrity
    Information is to be complete and accurate. All systems, assets and networks must operate correctly and according to specification.
  • Availability
    Information must be available and delivered to the right person at the right time when it is needed.


The Trust also recognises that its Information Technology (IT) equipment and information, along with Internet, email and social media applications, are valuable resources that support the delivery of the Trust's business objectives and bring opportunities to understand, engage and communicate with people in new ways.  However, the wide range of information available on the Internet and the ease of using new technologies and corresponding with people electronically raises concerns about security, confidentiality and the potential for improper conduct. It is important that staff are able to use technologies and services effectively and flexibly, whilst ensuring that this is balanced with the Trust's duties to its patients, staff and partners, its legal responsibilities and maintaining its reputation. 

Digital Services and Security Policy

Digital Security and Acceptable Uses Procedure - details the proper and unacceptable use of Trust IT equipment, systems and the internet.

Mobile Devices Procedure - details the proper and unacceptable use of Trust mobile devices, particulary when connected to other IT equipment and network and internet facilites.

Wound Photography - Standard Operating Procedure.

Network Procedure  - details how the Trust and its IT providers aim to ensure the security of the networks. As such, The Trust and its IT providers supply specific controls and training to ensure confidentiality, integrity and availability of the network and their key information assets. As the Trust's networks are provided by St Helens & Knowsley Health Informatics Service and NHS Informatics Merseyside, this Procedure must be read in conjunction with their network and security policies and procedures.

Back-Up Procedure - applies to all equipment and data owned and operated by the Trust which is connected to the Trust's IT providers' network. This procedure ensures that there is a consistent and reliable method for backing up and recovering Trust data in the event of loss.

Digital Forensic Readiness Procedure - Cyber-crime is on the increase and the Trust needs to be prepared to efficiently and effectively react to all serious Information Governance incidents. This procedure sets out the framework by which the Trust will embed digital forensic readiness throughout the organisation in order to safeguard the interests of patients, staff and the Trust.

Secure Email – Guidance on how to send person-identifiable information securely both internally and externally using the Trust's email system and NHSmail. Here you will also find guidance on how to open an encrypted email which can be shared with recipients.

Phishing Emails – Hints on how to spot them and help keep our Trust network safe.

Cyber Security - Advice on how we can keep the Trust's data and network safe and secure from cyber threats.

Working from Home (IGAN22)  – Quick guide to essential data protection and security whilst working at home, issued as part of business continuity measures for the COVID-19 pandemic.