Information governance

Last updated on 21 Feb 2023

Information Governance, to the HRA, is a framework for handling not only personal and sensitive information but all information in a robust and transparent manner, applying confidentiality and security where appropriate and operating to high ethical and quality standards. It is therefore about:

  • holding information securely and confidentially
  • obtaining information fairly and efficiently
  • recording information accurately and reliably
  • using information effectively and ethically
  • sharing information appropriately and lawfully.

To do this requires:

  • striking an appropriate balance between openness and confidentiality in the management and use of information;
  • fully acknowledging its public accountability, but equally placing an importance on the confidentiality of personal information and commercially sensitive information;
  • recognising the need to share information with other organisations in a controlled manner consistent with the interests of research and, in some circumstances, the public interest.

Our HRA Confidentiality Policy sets out the standards that you can expect from us.


To help maintain the highest standards we have the following management structure:

  • the Deputy Director of Approvals is the Caldicott Guardian;
  • the Deputy Chief Executive & Director of Resources is the Senior Information Risk Owner (SIRO);
  • the Company Secretary is the Data Protection Officer and can be contacted at

  • an Information Governance Steering Group meets regularly to discuss current issues and monitor actions;
  • it has a suite of policies in place to ensure information is processed properly by all staff;
  • an established incident reporting procedure is in place that ensures all security information incidents are reported; and
  • it produces an annual information governance report reviewed by the HRA's Audit & Risk Committee.

Relevant laws

The main codes, standards and laws which apply are:

Information Asset Register

All information assets and associated systems are identified and included in an Information Asset Register and are subject to annual information asset assessments. The principal information assets managed by the HRA are:

Caldicott Guardian

A Caldicott Guardian is a senior person responsible for protecting the confidentiality of people’s health and care information and making sure it is used properly.

All NHS organisations and local authorities which provide social services must have a Caldicott Guardian.

The HRA’s Caldicott Guardian is Jonathan Fennelly-Barnwell, Deputy Director of Approvals. We use The Caldicott Principles to ensure that we keep people’s information confidential and use it properly.

For more information please email

Back to governance