Information Governance & Data Protection
Handling information safely, respectfully and in line with NHS expectations.
Vanguard Ultrasound Services Limited (VanUS) is an NHS-facing ultrasound insourcing provider. We take confidentiality and data protection seriously and agree practical information governance arrangements with each NHS organisation we support—so delivery is safe, auditable and aligned to local processes.
Before you read further
This page explains how we approach information governance in practice. For details about how VanUS uses personal information on our website, recruitment and enquiries, please see our Privacy Notice. Please do not send patient-identifiable information via website forms or general enquiries.
What this means in practice
When VanUS supports an NHS service, you can expect: clear agreement on how information is accessed, handled and shared, role-based access and appropriate controls aligned to local requirements, clarity on reporting workflows and escalation routes, confidentiality expectations for all staff, incident awareness and prompt escalation of information governance concerns, a practical approach that fits local systems and ways of working.
Our approach to information governance
We work to UK GDPR and NHS information governance expectations, appropriate to the service scope. Our approach focuses on: confidentiality – respecting patient privacy and handling information appropriately, access control – ensuring only authorised access for agreed purposes, safe handling – using secure storage and transfer methods where applicable, accountability – defined responsibilities, oversight and auditability, continuous improvement – learning from issues and strengthening controls.
Working within NHS systems
VanUS services are delivered within NHS sites and local pathways. Information handling arrangements are agreed with the host organisation and reflect local processes, including: how reporting is completed and communicated, how urgent findings and patient safety concerns are escalated, local rules for system access and documentation, local incident reporting routes and contacts, device and workspace requirements (where relevant), practical do’s and don’ts for handling information.
Access, confidentiality and safe handling
We put practical controls in place to reduce risk and support safe delivery. These typically include: confidentiality expectations and appropriate training for staff, access provided only where required for agreed delivery, clear guidance on what information is handled and why, secure handling of devices and documents in clinical areas, appropriate restrictions on copying, storing or transferring information.
Information governance incidents and concerns
If an information governance concern arises, we act promptly and work within the host organisation’s processes. This includes: escalating concerns to the host service and the relevant VanUS lead, supporting investigation and learning where required, taking corrective action to reduce the risk of recurrence, documenting outcomes appropriately within agreed arrangements.
Records management
Where VanUS contributes to records or reporting workflows, arrangements are agreed with the host organisation. This includes clarity on: how records are created or updated within local systems, responsibilities for retention and storage (normally held by the host organisation), appropriate handling of any VanUS-held records linked to recruitment or enquiries (see Privacy Notice).
Supplier and system assurance
Where VanUS uses suppliers or systems to support its operations (for example, secure email, IT support or hosted services), we apply appropriate checks and contractual controls and expect suppliers to meet security expectations proportionate to the risk.
Operational set-up with NHS sites (what we agree before go-live)
Access requirements and local approvals, reporting workflow and responsibilities, escalation routes for urgent findings and safety concerns, local information governance contacts and incident routes, device and workspace requirements (where relevant), practical do’s and don’ts for handling information.
