A few more resrouces for you Jmz

Information Security Management: NHS Code of Practice : Department of Health - Publications
Cryptographic services for the NHS : Department of Health - Managing your organisation
http://nww.connectingforhealth.nhs.uk/igsecurity/gpg/ (need to be on an N3 link to view)

And one last piece of advice, have a chat with your Trusts IT Security chaps as well.

At the end of the day, this is patient data and you can't be too careful. If it did get stolen, you'd be screwed

Alan