Information Security :: YourSpace Mersey Care

Information security refers to processes which are designed and implemented to protect all forms of information, but especially person-identifiable, confidential, and sensitive information, from unauthorised access, misuse, disclosure, destruction, modification, or disruption. The security of data in the NHS, especially patient information, is crucial and must remain secure at all times, both in transit and whilst at rest.

Individuals expect that their information will be held securely and confidentially at all times.

All staff are personally responsible for ensuring that they handle information with care and respect. It is their responsibility to protect this information from those who are not authorised to use it or view it. They must ensure that whilst in their care, and when transporting this information to somebody else, they have done everything possible to protect this information and comply with the law and relevant NHS guidance.

Information and systems used to store it are important assets and it is essential to take all the necessary steps to ensure that they are protected, available and accurate at all times to support the operation of the Trust.

The Trust acknowledges that it must protect its own assets, as well as those of its partner organisations. It aims to preserve the following security principles.

Confidentiality

Access to information must be confined to those with a specific work related need-to know and specific authority to view the information.

Integrity

Information must be complete and accurate. All systems, assets and networks must operate correctly and according to specification.

Availability

Information must be available and delivered to the right person at the right time when it is needed.

The Trust also recognises that its Information Technology (IT) equipment and information, along with Internet, email and social media applications, are valuable resources that support the delivery of the Trust's business objectives and bring opportunities to understand, engage and communicate with people in new ways. However, the wide range of information available on the Internet and the ease of using new technologies and corresponding with people electronically raises concerns about security, confidentiality and the potential for improper conduct. It is important that staff are able to use technologies and services effectively and flexibly, whilst ensuring that this is balanced with the Trust's duties to its patients, staff and partners, its legal responsibilities and maintaining its reputation.

The following documents are available in the policies and procedures section on the Trust's website.

IT02 - IM&T Security Policy (and associated standards as detailed below)

SS01 - Social Networking Security Standard

SS02 - Remote Working Mobile Devices Security Standard

SS03 - Internet and Email Security Standard

SS04 - User Account Investigation Security Standard

SS05 - Service User Internet Use Security Standard

SS06 - Network Account Management Security Standard

Secure Email – Guidance on how to send person-identifiable information securely both internally and externally using the Trust's email system and NHSmail.

Phishing Emails – Hints on how to spot them and help keep our Trust network safe.

Phishing Scams Poster

Cyber Security - Advice on how we can keep the Trust's data and network safe and secure from cyber threats.

Working from Home (IGAN22) – Quick guide to essential data protection and security whilst working at home, issued as part of business continuity measures for the COVID-19 pandemic.

Information Security

Popular pages

Your most visited pages

Information Security

Information Security Principles

IM&T Security Policy and Standards

Staff Guidance

Accessibility tools