Skip to main content

Keeping patient information safe

Modern healthcare needs information that is instantly available where and when it's needed - whether that's in the hospital, the GP surgery or the patient's home.


At the same time, it's important that patients' confidential and sensitive information remains secure.


So, as the organisation with overarching responsibility for many of the critical technology services used by NHS Wales - by clinicians, carestaff and patients - we put clinical risk management and patient information safety at the heart of all we do.


For example, the data security for all national systems throughout NHS Wales is managed through:


  • A  single user ID for every member of NHS Wales’ staff
  • A  cyber audit that spots any unauthorised access to patients’ electronic records, or potential data breaches
  • An electronic master patient index to keep patient data such as name, address, date of birth and sex, current  and accurate

New systems, services and programmes are monitored closely throughout the design, development and testing stages to ensure they are safe and have the strongest, most up-to-date safeguards to protect against threats and unauthorised access.


Digital Health and Care Wales works within a comprehensive framework and information governance that brings together legal, ethical and quality standards that apply to the handling of information. It applies to sensitive and personal information, of both employees and patients.


That information governance includes adhering with:

  • Data Protection legislation
  • Caldicott Report
  • Common Law Duty of Confidentiality
  • Freedom of Information Act
  • Information Sharing standards as defined by the "Wales Accord on the Sharing of Personal Information"
  • Data accreditation and data quality
  • Information Security assurance
  • Records Management

The protection of patient-identifiable information is particularly vital when the information is vulnerable, such as when it is transported outside organisations on laptops, memory sticks or CDs. As a further layer of precaution, we provide standard encryption products and services, which can be used to help organisations protect sensitive information.