NHS Data Sharing


This non-commercial website was written by Dr Neil Bhatia, a GP, Records Access Lead, Caldicott Guardian, Information Governance Lead, Data Privacy Officer, Data Protection Officer in Hampshire.

Twitter: @docneilb

This is a personal website and in no way affiliated with any GP surgery, Clinical Commissioning Group, or any other organisation.

All information is correct (most of it released to me under FOI), and up to date, as far as I can tell. Opinions on lawfulness, fairness, confidentiality, and privacy, are my own.

There is no third-party user tracking technology present on this website.
See my privacy policy


This site tells you about NHS Data sharing (in England) - the very many ways by which information from your electronic GP record is, or can be, made available to others.

The largest amount of information on this site relates to shared care records, where (almost) your entire GP record is made accessible to very many people outside of your GP surgery.


Just looking for information about the National Data Opt Out ("Your NHS data matters")?
Jump straight to this webpage

Just looking for information about the national Summary Care Record?
Jump straight to this webpage

Just looking for the opt-out form to control your GP record?
You can opt out by downloading this single form (as .doc or .pdf), and handing it in to your GP surgery.
Don't forget to set your National Data Opt Out.


"Confidentiality, once breached, is lost for ever"

Cream Holdings Limited and others (Respondents) v. Banerjee and others (Appellants) [2004] UK House of Lords


This site tells you how to control your GP record, so that you decide what happens to your personal confidential information. Once you know what can happen, or is already happening, to your personal information, then you can make an informed choice as to whether to allow such data sharing to happen or continue - in other words, whether to opt-out or not.

So you can share data on your terms.

It helps you find information about Shared Care Records (ICRs, LHCRs, LHCREs), where information from your GP record is combined with your hospital records, mental health records, and social care records, and made available to many organisations - and potentially thousands of individuals - outside of your GP surgery

It tells you about the Type 1 ("9Nu0") opt-out (or objection) - an electronic flag added to your GP record, at your request, that prohibits the use of your personal confidential information in various ways. It tells you what it does, and what it does not do; where it works, and it seems to have no effect (when it should).

It tells you about the National Data Opt Out, which replaced the Type 2 opt-out from October 2018.

It tells you how you can limit the ways that NHS Digital can disseminate and sell information that it holds about you, obtained from your GP/hospital/social care/mental health and other such records, to third parties within and outside of the NHS (including commercial organisations).

It helps you find information about:

This site tells you about other ways, completely unrelated to shared care records, by which your electronic GP record is, or can be, made available to health professionals providing you with direct medical care:

And this site mentions:


GP surgeries, in particular, process personal confidential medical information in very many ways. Have a look at this detailed privacy notice to get any idea of just how many.


The care.data project was down by the Department of Health, though it will be back in one way or another.

It is likely that care.data will be replaced by the Single National GP Dataset, a similar (but much bigger) extraction of personal confidential information from GP records to NHS Digital. It really is the "son of care.data", and you can find out about it in this document, and in this FOI response (to this FOI request) .


For many of the NHS Databases, where your information is extracted and uploaded from your GP record:

For nearly all shared care records, the only way to prevent medical information about you from hospitals and other non-GP sources from being disseminated in this way is to opt-out at your GP surgery.

You can opt-out, of any or all of the NHS databases, at any time - it is never "too late" to opt-out.

And you can opt back in, to any or all of the NHS Databases, at any time - should you wish.

When you opt-out your GP surgery will add a special electronic flag (known as a read code) to your GP record, which will block any extraction and uploading of your personal confidential information to the relevant databases.

If information about you has already been uploaded, then opting out will ensure that no further information is uploaded, and that any already uploaded information is either "blanked" or made unavailable.

You can opt out of each database individually (amend the opt-out form below accordingly).

Or you can opt out of all of these databases at once, by downloading this single form (as .doc or .pdf), and either:

Almost without exception within the NHS, you need to actively object if you do not want your personal confidential information shared or disseminated in these ways.



How do I find out what I have already opted out of, or am opted out of?

You can find out what you have already opted out of by simply asking your GP surgery.

Alternatively, you can just opt out of the schemes that you wish to - right now (by using the form linked to above).

It doesn't matter if you opt out of any - or all - of them more than once.



Terminology:

Data protection: the lawful control and use of personal data held by an organisation (the data controller). Data protection encompasses data security, data privacy, and data ethics. An important part of data protection is ensuring control over the access of personal information, as held by the controller, to third parties; and in particular, ensuring that there is no unauthorised access or disclosure.

Data privacy: ensuring and empowering data subjects to control the use, dissemination, and access to, their personal (and sometimes confidential) information. It enables people to make their own decisions about who can process their data, and for what purposes - autonomy over their personal information. That means upholding a person's right to privacy under Article 8 of the Human Rights Act.

"Privacy is having the choice - it is the right to decide who we tell what, to establish boundaries, to limit who has access to our bodies, places and things, as well as our communications and our information."
Privacy International

Data security: the protection of data from accidental, or intentional but unauthorised, modification, destruction, or disclosure of data held by an organisation. In other words, and simply - keeping data secure. Not keeping data secure may result in a data breach.

Data ethics: the correct, appropriate, proportionate, responsible, fair, privacy-respecting, subject rights respecting, harm-avoiding, use (or processing) of an individual's personal information. It includes respect for the individual's right to know what is happening to their information (to be informed), and their right to control it - the right to autonomy over their personal information."

"You need to stop and think not just about how you can use personal data, but also about whether you should.”
Information Commissioner's Office

Personal data: any information relating to an identified or identifiable natural person (data subject). Examples include your name, home//work address, email address, your computer IP address - and your medical records. Personal data includes personally identifiable information, special category data, and confidential data.

Personally identifiable data (or information): sometimes referred to as PII. Personal data which can be used to distinguish or trace an individual's identity, such as their name, NHS number, medical records, alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother's maiden name, etc.

Special category data: sometimes called sensitive data. Personal data revealing or concerning certain types of data, such as racial or ethnic origin, political opinions, religious beliefs, genetic data, sexual orientation, and health data (medical records).

Confidential data (or information): information given in circumstances where it is expected that a duty of confidence applies, and that information cannot normally be disclosed without the information provider's permission. Your medical records are confidential data.

So your medical records, whether held by your GP surgery or a hospital, clinic, or service:


Primary uses are uses of data for the main purpose for which they were originally collected directly from the individuals concerned.

For your GP record, this means making that information available, to healthcare professionals that you are seeing, within your GP surgery, for your direct medical care.

You can download a simple factsheet about data sharing between healthcare professionals here.

Click to to drop down/close more information about primary uses of your GP record

You have the right to opt-out of allowing your medical record to be shared, or be directly accessible, for primary purposes - for your direct medical care - beyond your GP surgery, if you so wish.

This may limit the opportunity for certain health professionals (other than those within your GP surgery) to directly access aspects of your electronic GP record in a particular way.

However, it in no way limits all of the other and many ways that your medical information can be made available to those who require it.

That information can, is, and always will be made available to those who require it by your GP, whether directly, by phone, fax, text, letter, email, e-referral or e-prescription.

That information can be made available by you - the patient - directly, by temporarily giving the health professional secure online access to your medical record, or by many of the other ways in which you can share information with health professionals outside of the surgery.

An example of preventing a primary use of your GP record would be opting out of the Summary Care Record.

You can opt back in to primary uses of your GP record at any time in the future.

You can opt back in and allow all the primary use schemes to extract and upload, or stream your data, or you can opt back into each scheme individually, as you prefer.

"Permission to View"

When your GP record is being accessed by someone outside of your surgery, such as access via a shared care record, for direct care (primary) purposes, you should be asked for your explicit permission before that clinician (or admin staff) accesses your personal confidential information. This is called permission to view (PTV).

But far from all shared care record schemes respect permission to view.

More information about permission to view can be found within the Shared Care Records section of this website.


Secondary uses are uses of existing data for purposes other than those for which they were originally obtained.

For your GP record, this means making that information available, to anyone (not just within the NHS), for purposes other than providing your direct medical care.

Examples of secondary uses include, research, audit, healthcare planning, "population health management", commercial and even political uses.

You can control the use of your medical records for secondary purposes by means of the Type 1 and National Data opt-outs.

You can download a simple factsheet about the Type 1 secondary uses opt-out here.

The National Data Opt Out

On 25th May 2018, NHS Digital launched the National Data Opt Out (NDOO), which replaced the GP Type 2 opt-out.

You can find information on the NDOO:

The NDOO is nothing new. The Type 2 opt-out has been around for a number of years.


The National Data Opt Out doesn't stop you contributing to any research where you are asked first.

It only stops the use of your confidential medical information where you are not asked before your data is taken and used.


Click to to drop down/close more information about secondary uses of your GP record

You have the right to opt-out of allowing your medical information to be used for secondary purposes - in ways unrelated to your direct medical care - if you so wish.

You can register a Type 1 objection ("9Nu0") with your GP surgery, which will act on your GP-held medical records, and/or you can register a Type 2 objection ("9Nu4") with your GP surgery, which will act on information that NHS Digital holds about you (whether derived from your GP record or hospital information).

Not allowing secondary uses of your GP record - which should prohibit risk stratification, the national audits and GPES extractions - will in no way affect the medical care that you receive, anywhere in the NHS or privately.

Opting out of secondary uses will hopefully opt you out of the forthcoming Single National GP Dataset, the successor to care.data.

Opting out of secondary uses of your GP record will not prevent medical researchers accessing your information - they just have to ask for your explicit permission first.

An example of prohibiting a secondary use of your GP record would be opting out of one or more of the national audits.

You can opt back in to secondary uses of your GP record at any time in the future.

You can opt back in and allow all the secondary use schemes to extract, upload and process your data, or you can opt back into each scheme individually, as you prefer.



Shared Care Records (ShCRs)

For the purpose of commissioning medical services, including the creation of shared care records, England is divided into seven regions - North East & Yorkshire, North West, Midlands, East of England, London, South East, South West.
Each region is then divided into STPs. STP stands for “sustainability and transformation partnership”. These are areas where local NHS organisations and councils drew up shared proposals to improve health and care in the areas they serve. So, for example, within the North West region, there are 4 STPs / Cheshire and Merseyside, Greater Manchester, Lancashire and South Cumbria, and North Cumbria.
Each STP includes one or more CCGs - clinical commissioning groups. All GP surgeries belong to a specific CCG. So, for example, within the Midlands region is the Coventry and Warwickshire STP, within which are Coventry and Rugby CCG, South Warwickshire CCG, and Warwickshire North CCG, and within which dozens of GP practices are so called “members” of each CCG.

As far as shared records go:

Some CCGs have their own shared record - a so-called “integrated care record”, or ICR. Wigan CCG’s “Share To Care” is one such example. Only the GP surgeries within Wigan CCG contribute to it.

STPs then consist of one or more CCG integrated care records, although sometimes there is a Local Health and Care Record, or LHCR, spanning one or more of the CCGs in that STP. In the Lincolnshire STP, for example, the Lincolnshire Care Portal LHCR involves all 4 of the CCGs – there are no individual CCG ICRs. Elsewhere, an LCHR may receive data feeds from one or more ICRs.

Finally, mega-LHCRs, also known as Local Health and Care Record Exemplars (LHCRE), exist, spanning across one or more STPs. These LHCREs aim to combine all the ICRs and LHCRs, and cover all CCGs and even all STPs, within a particular area. One such example is the Yorkshire and Humber LHCRE. This aims to “join up” the shared records of Humber, Coast and Vale STP, South Yorkshire and Bassetlaw STP, and West Yorkshire and Harrogate STP. That will necessarily include joining up the Doncaster CCG ICR, the Rotherham CCG ICR, and the Leeds Care Record (ICR).


You will not be asked for your explicit permission before your GP record is made accessible to others outside of your GP surgery.

And, in many areas, you will not be asked for your explicit permission before your GP record is accessed by others outside of your GP surgery.


Permission to View

When Permission to View (PTV) is upheld, you are always asked before your shared care record is accessed by anyone outside of your GP surgery.

What does the General Medical Council say about PTV?

"If you suspect a patient would be surprised to learn about how you are accessing or disclosing their personal information, you should ask for explicit consent unless it is not practicable to do so (see paragraph 14). For example, a patient may not expect you to have access to information from another healthcare provider or agency on a shared record."
“Asking for a patient’s consent to disclose information shows respect and is part of good communication between doctors and patients.”
"Trust is an essential part of the doctor-patient relationship and confidentiality is central to this. Patients may avoid seeking medical help, or may under-report symptoms, if they think their personal information will be disclosed by doctors without consent, or without the chance to have some control over the timing or amount of information shared.”

What does the British Medical Association say about PTV?

"If patients decide to have a shared record, their explicit consent to view must be obtained e.g. where a practice other than the patient’s is seeking to view the record for of out-of-hours care."

What does the National Data Guardian say about PTV?

"You are quite correct in stating in your correspondence with my office that my 2016 and 2013 reviews re-iterated the Caldicott Principles, and that only relevant information about a patient should be shared between health professionals in support of their care. Both took the position that explicit consent should be obtained before accessing someone’s whole record."

“The Review Panel concluded that consent should be obtained before sharing a patient’s whole care record with other registered and regulated health and social care professionals for the purposes of direct care. Any exceptions to this guidance should be based on professional judgement in individual cases.”

“Explicit consent should be obtained before accessing someone’s whole record."

"There should be ‘no surprises’ for the public in regard to how their confidential information is being used."

"There can be no assumptions made about today’s citizens. They have a right to know, and object about how their data is used, if they wish."

"In the material that you have sent us, you highlight an issue that my panel and I have seen occurring in a number of places this year, namely confusion between the requirement of GDPR and the common law, particularly on the issue of consent. I agree that when confidential patient information is being shared the requirements of both GPDR and the common law should be considered. I also agree that even where consent is the basis on which the duty of confidentiality is set aside, it is not necessarily the case that consent is the appropriate GDPR basis for processing."

What does the Information Commissioner (ICO) say about PTV?

That PTV would “be considered desirable from a GDPR perspective as it would increase transparency and promote legality and fairness”.
That “the GDPR does not prohibit the collection of consent (i.e. PTV) for the purposes of sharing data under the CLDC.""
That permission to view “would be consistent with GDPR”.
That “the process of obtaining consent or permission to view for the purposes of the CLDC would improve transparency and this is an important aspect when considering whether the processing falls within the reasonable expectations of the patient. For example, a patient would expect their GP to share information with the hospital in the context of a referral, however, the patient may not expect the GP to share data with the Local Authority for social care purposes”.
That “there is nothing from a GDPR perspective that would prohibit a prompt for obtaining patient consent for CLDC purposes”.

That “It appears that in an attempt to promote GDPR compliance, there has been a conflation of the concepts of consent as a lawful basis of processing under GDPR and consent as a basis to share confidential information under the CLDC”.
That PTV "should not be confused with providing GDPR Consent."

What does the NHS Constitution say about PTV?

"You have the right to be informed about how your information is used."
"You have the right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered, and where your wishes cannot be followed, to be told the reasons including the legal basis."
"The NHS also pledges: where identifiable information has to be used, to give you the chance to object wherever possible."
"All staff have responsibilities to the public, their patients and colleagues. You should aim to inform patients about the use of their confidential information and to record their objections, consent or dissent."


This DPIA contains detailed discussion about permission to view - and how the absence of it leads to the very real possibility of a breach of confidence, a breach of privacy, and unfair and unlawful processing of personal confidential information.

There is no technological, or administrative, or procedural reason why permission to view should be absent.
PTV does not hinder lawful, fair, proportionate, ethical, rights-upholding data sharing. It does not put “barriers” to data sharing.
To the contrary, asking the patient before accessing their shared record ensures that both the clinician - and the GP surgery allowing such access - is complying with lawful, fair, and ethical data processing, and upholds the patient's right to privacy and autonomy over their personal confidential information.

When an ICR joins a LHCR, or when an ICR/LHCR is incorporated into a LCHRE, then very many more individuals, teams, services, and organisations suddenly gain access to the shared medical record.
And if PTV is not upheld then there is no way for an individual to prevent those new organisations accessing their GP record - without opting out entirely and permanently.
That means that their shared record can never be accessed, by anyone.
And when - inevitably - all the LHCRs and LCHREs are linked, your medical records will be accessible across England, by thousands of organisations, and hundreds of thousands of individuals. And if PTV is not upheld then there is no way for an individual to prevent anyone from accessing their GP record - without opting out entirely and permanently.
That means that their shared record can never be accessed, by anyone.

And that is manifestly unfair.


What is the Common Law of Confidentiality (CLoC)?

“Respecting the confidentiality of health data is a vital principle in the legal systems of all contracting parties to the Convention”
MS v Sweden, ECHR 27 AUG 1997

You can download a factsheet on the Common Law of Confidentiality from this website.

The CLoC is precedent-based law, and the general principle is that if information is given in circumstances where it is expected that a duty of confidence applies, that information cannot normally be disclosed without the information provider’s consent. That absolutely applies to the information recorded by your GP surgery in your practice record, where personal medical information is recorded to assist those within the surgery to provide you with medical care.

Confidential patient information is defined in section 251 of the NHS Act 2006:

11. For the purposes of this section, patient information is “confidential patient information” where

When disclosing personal confidential information for purposes other than direct medical care (as is the case in some ICRs/LHCRs/LCHREs, for risk stratification schemes, and for stand-alone population health management schemes), it is only lawful when:

If none of these conditions are met then the disclosure of personal confidential information, by your GP surgery or local NHS trust or local authority, represents a breach of confidentiality.
It is unlawful processing - a breach of Article 5(1)(a) of GDPR.

The General Medical Council’s guidance on confidentiality is clear about this (paragraphs 80, and 103-105).

In particular, paragraph 85:

"If it is not practicable for the information to be anonymised within the direct care team, it may be anonymised by a data processor under contract, as long as:

  • there is a legal basis for any breach of confidentiality (see paragraph 80)
  • the requirements of data protection law are met (see the legal annex), and
  • appropriate controls are in place to protect the information (see paragraph 86)"
  • The British Medical Association’s guidance is also clear.

    What does NHSX say about the CLoC?

    "Access to confidential patient information requires explicit patient consent, or where this is impracticable, approval under section 251 of the NHS Act 2006"


    What is not a legal basis in its own right to meet the duty of confidence?

    "Principle 6: Comply with the law
    Every use of confidential information must be lawful. All those handling confidential information are responsible for ensuring that their use of and access to that information complies with legal requirements set out in statute and under the common law."

    The Caldicott Principles


    "Only by demonstrating that health and social care can be trusted to be respectful and do the right thing with people’s data will we earn the goodwill to use their data."

    National Data Guardian, December 2020


    LHCREs

    GREAT NORTH CARE RECORD (GNCR)
    Type: LHCRE

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations across multiple STPs

    Region(s): North East & Yorkshire, North West
    Estimated population covered: at least 3.6 million

    Data processor used?
    No - data is viewed/streamed in real time. Data remains only within the contributing controller’s system (e.g. your GP surgery system).

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Permission to View upheld: NO

    The GNCR used to fully respect permission to view, and from the beginning of this project publicly promised patients that they would always be asked prior to their record being accessed.
    They have now reneged on this promise.
    Phrases such as "The secret of getting consent, is to get consent" and "There for the asking, but not for the taking" sure ring hollow now.

    What does this mean?

    That means that on each occasion that your record is accessed:


    YORKSHIRE AND HUMBER CARE RECORD (YHCR)
    Type: LHCRE

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations across multiple STPs

    Region(s): North East and Yorkshire
    Estimated population covered: at least 5.8 million

    Data processor used?
    Yes - personal confidential information is extracted and uploaded to a third-party database. Your personal confidential information exists in 2 (or more) databases, for example firstly in your GP surgery system, secondly in the data processor’s system (where it made available for direct care purposes), and thirdly in a sub-processor’s system (e.g. Microsoft) where your personal confidential information is processed for secondary uses.

    Purposes of processing: direct medical care and secondary uses

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Article 28 Data Processor Contract: Download here

    Permission to View upheld: no

    What does this mean?

    That means that on each occasion that your record is accessed:

    Secondary Uses Processing

    DPIA (latest version): Download here

    How is the common law of confidentiality met for the disclosure of your personal confidential information, to 3rd parties (such as data processors and sub-processors), for purposes unrelated to direct medical care?

    YCHR is the only LHCR so far that has applied to CAG for s251 approval, in order to render any such disclosures and processing lawful.

    Is the GP surgery disclosing only completely anonymised information for secondary purposes? NO
    Clearly identifiable, or pseudonymised, personal confidential information is being disclosed

    Does secondary uses processing respect the Type 1 opt-out? NO

    Does secondary uses processing respect the National Data Opt Out? YES

    What does this mean?

    If you want to ensure that your personal confidential information is not processed for secondary uses then you are advised to set your National Data Opt Out flag to “do not allow”.
    You cannot opt-out of this type of secondary processing via your GP surgery, because a Type 1 objection is ignored for this project.
    More information on the National Data Opt Out can be found here: www.nationaldataoptout.info


    SHARE2CARE
    Type: LHCRE

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations across multiple STPs

    • Cheshire and Merseyside STP
    • Lancashire and South Cumbria STP
    Region(s): North West

    Data processor used?
    No - data is viewed/streamed in real time. Data remains only within the contributing controller’s system (e.g. your GP surgery system).

    Purposes of processing: direct medical care

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Permission to View upheld: NO

    What does this mean?

    That means that on each occasion that your record is accessed:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information

    THE GREATER MANCHESTER CARE RECORD (GMCR)
    Type: LHCRE

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations across Greater Manchester STP
    Region(s): North West
    Estimated population covered: at least 2.8 million

    Data processor used?
    Yes - personal confidential information is extracted and uploaded to a third-party database.

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Article 28 Data Processor Contract: Status uncertain

    What does this mean?

    By law, every data controller (DC) must hold (i.e. be a signatory and party to) a data processing contract between the controller and the data processor (DP). If no such contract, or other legal act that binds the processor with respect to the controller, exists then that is a breach of Article 28 and the data processor is acting unlawfully (ultra vires).

    Permission to View upheld: VARIABLY

    What does this mean?

    Some organisations accessing your record respect permission to view, some do not.

    That means that on certain occasions:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information

    ONELONDON
    Type: LHCRE

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations across multiple STPs

    • East London STP
    • North London STP
    • North West London STP
    • South East London STP
    • South West London STP
    Region(s): London
    Estimated population covered: at least 9.3 million

    Data processor used?
    No - data is viewed/streamed in real time. Data remains only within the contributing controller’s system (e.g. your GP surgery system).

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Each STP has its own DPIA

    Article 28 Data Processor Contract: See individual STPs

    Permission to View upheld: See individual STPs


    THAMES VALLEY
    Type: LHCRE

    Click to to drop down/close more information about this shared care record
    Website: Click here
    Contributing organisations: GP surgeries and other organisations across multiple STPs
    • Buckinghamshire, Oxfordshire and Berkshire West STP
    • Frimley Health and Care STP
    • Surrey Heartlands STP
    Region(s): South East
    Estimated population covered: at least 3.5 million

    Data processor used?
    See individual ICRs/LHCRs

    Purposes of processing: direct medical care and secondary uses

    Direct Medical Care (primary uses processing)

    DPIA (latest version): See individual ICRs/LHCRs

    Article 28 Data Processor Contract: See individual ICRs/LHCRs

    Permission to View upheld: VARIABLY

    What does this mean?

    Some organisations accessing your record respect permission to view, some do not.

    That means that on certain occasions:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information

    Secondary Uses Processing

    DPIA (latest version): See individual ICRs/LHCRs

    How is the common law of confidentiality met for the disclosure of your personal confidential information, to 3rd parties (such as data processors and sub-processors), for purposes unrelated to direct medical care?

  • Your explicit permission - NO
  • A legal obligation upon your GP surgery to disclose - NO
  • An obligation to disclose information under Regulation 2 (Cancer) or Regulation 3 (COVID19) of COPI 2002- NO
  • Approval granted under s251 of the NHS Act 2006 (Regulation 5 of COPI 2002), by the HRA’s Confidentiality Advisory Group - NO
  • Is the GP surgery disclosing only completely anonymised information for secondary purposes? NO
    Clearly identifiable, or pseudonymised, personal confidential information is being disclosed

    What does this mean?

    • Your personal confidential information is being processed unlawfully
    • This is a breach of Article 5(1)(a) of GDPR
    • Your personal confidential information is being processed unfairly
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld – that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld – that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information – that you have suffered misuse of your personal confidential information

    Does secondary uses processing respect the Type 1 opt-out? See individual ICRs/LHCRs

    Does secondary uses processing respect the National Data Opt Out? See individual ICRs/LHCRs


    WESSEX
    Type: LHCRE

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations across multiple STPs

    • Hampshire and Isle of Wight STP
    • Dorset STP
    Region(s): South East and South West
    Estimated population covered: at least 2.7 million

    Data processor used?
    Yes - personal confidential information is extracted and uploaded to a third-party database.

    Purposes of processing: direct medical care

    Direct Medical Care (primary uses processing)

    DPIA (latest version): See individual ICRs/LHCRs

    Article 28 Data Processor Contract: See individual ICRs/LHCRs

    Permission to View upheld: VARIABLY

    What does this mean?

    Some organisations accessing your record respect permission to view, some do not.

    That means that on certain occasions:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information

    ONE SOUTH WEST
    Type: LHCRE

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations across multiple STPs

    • Bath, North East Somerset and South Gloucestershire STP
    • Cornwall and Isles of Scilly STP
    • Devon STP
    • Gloucestershire STP
    • Somerset STP
    Region(s): South West
    Estimated population covered: at least 3.9 million

    Data processor used?
    See individual ICRs/LHCRs

    Purposes of processing: direct medical care and secondary uses

    Direct Medical Care (primary uses processing)

    DPIA (latest version): See individual ICRs/LHCRs

    Article 28 Data Processor Contract: See individual ICRs/LHCRs

    Permission to View upheld: VARIABLY

    What does this mean?

    Some organisations accessing your record respect permission to view, some do not.

    That means that on certain occasions:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information

    Secondary Uses Processing

    DPIA (latest version): See individual ICRs/LHCRs

    How is the common law of confidentiality met for the disclosure of your personal confidential information, to 3rd parties (such as data processors and sub-processors), for purposes unrelated to direct medical care?

  • Your explicit permission - NO
  • A legal obligation upon your GP surgery to disclose - NO
  • An obligation to disclose information under Regulation 2 (Cancer) or Regulation 3 (COVID19) of COPI 2002- NO
  • Approval granted under s251 of the NHS Act 2006 (Regulation 5 of COPI 2002), by the HRA’s Confidentiality Advisory Group - NO
  • Is the GP surgery disclosing only completely anonymised information for secondary purposes? NO
    Clearly identifiable, or pseudonymised, personal confidential information is being disclosed

    What does this mean?

    • Your personal confidential information is being processed unlawfully
    • This is a breach of Article 5(1)(a) of GDPR
    • Your personal confidential information is being processed unfairly
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld – that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld – that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information – that you have suffered misuse of your personal confidential information

    Does secondary uses processing respect the Type 1 opt-out? See individual ICRs/LHCRs

    Does secondary uses processing respect the National Data Opt Out? See individual ICRs/LHCRs



    REGION: NORTH EAST AND YORKSHIRE

    DONCASTER CARE RECORD
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Additional information:

    Contributing organisations: GP surgeries and other organisations within Doncaster CCG
    Part of: South Yorkshire and Bassetlaw STP
    Will feed into: YHCR LHCRE
    Region(s): North East and Yorkshire
    Estimated population covered: at least 320,000

    Data processor used?
    No - data is viewed/streamed in real time. Data remains only within the contributing controller’s system (e.g. your GP surgery system).

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Permission to View upheld: YES

    “For records to be viewed at the point of care the explicit consent of the patient will be sought.”

    What does this mean?

    This means that you will be asked for your permission each time someone wishes to access your shared record, unless you cannot give your permission, e.g. you are seriously ill or unconscious or lack capacity (in which case your shared record might be accessed as an “emergency”).

    In asking for your “permission to view”:

    • You are informed that a shared record exists about you - this might be the only way that you are made aware of the existence of such a shared record
    • Your right to be informed is being upheld
    • You can agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information
    • You are, therefore, afforded the opportunity to contemporaneously object to such access, on each and every occasion
    • By being informed, you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery).
    • By being informed, you can, if you so wish, ask your GP surgery to subsequently apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is fully and fairly upheld. You do not have to opt- out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is fully and fairly upheld. When a new organisation is granted access to your shared care record, you can prevent that organisation, or any individual/team/service within it, from accessing your shared care record without needing to opt-out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your personal confidential information is being processed fairly
    • Your right to privacy (under Article 8 of the Human Rights Act) is being upheld
    • The 8th Caldicott Principle is being upheld : your right to know how information about you is being used - "no surprises"
    • Your right to confidentiality is being upheld
    • You have not lost control of your information - you retain autonomy over it

    ROTHERHAM HEALTH RECORD
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations within Rotherham CCG
    Part of: South Yorkshire and Bassetlaw STP
    Will feed into: YHCR LHCRE
    Region(s): North East and Yorkshire
    Estimated population covered: at least 265,000

    Data processor used?
    No - data is viewed/streamed in real time. Data remains only within the contributing controller’s system (e.g. your GP surgery system).

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Permission to View upheld: NO

    What does this mean?

    That means that on each occasion that your record is accessed:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information

    LEEDS CARE RECORD
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations within Leeds CCG
    Part of: West Yorkshire and Harrogate STP
    Will feed into: YHCR LHCRE
    Region(s): North East and Yorkshire
    Estimated population covered: at least 870,000

    Data processor used?
    Yes - personal confidential information is extracted and uploaded to a third-party database.

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Article 28 Data Processor Contract: Download here

    Permission to View upheld: NO

    What does this mean?

    That means that on each occasion that your record is accessed:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information


    REGION: NORTH WEST

    CHESHIRE CARE RECORD
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations within Cheshire CCG
    Part of: Cheshire and Merseyside STP
    Will feed into: Share2Care LHCRE
    Region(s): North West
    Estimated population covered: at least 767,000

    Data processor used?
    Yes - personal confidential information is extracted and uploaded to a third-party database. Your personal confidential information exists in 2 (or more) databases, for example firstly in your GP surgery system, secondly in the data processor’s system (where it made available for direct care purposes), and thirdly in a sub-processor’s system (e.g. Microsoft) where your personal confidential information is processed for secondary uses.

    Purposes of processing: direct medical care and secondary uses

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Article 28 Data Processor Contract: Download here

    Permission to View upheld: YES

    “The CCR currently exceeds the minimum standards of law by also requiring explicit consent to view the first time shared information…where the patient has capacity.”

    What does this mean?

    This means that you will be asked for your permission each time someone wishes to access your shared record, unless you cannot give your permission, e.g. you are seriously ill or unconscious or lack capacity (in which case your shared record might be accessed as an “emergency”).

    In asking for your “permission to view”:

    • You are informed that a shared record exists about you - this might be the only way that you are made aware of the existence of such a shared record
    • Your right to be informed is being upheld
    • You can agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information
    • You are, therefore, afforded the opportunity to contemporaneously object to such access, on each and every occasion
    • By being informed, you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery).
    • By being informed, you can, if you so wish, ask your GP surgery to subsequently apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is fully and fairly upheld. You do not have to opt- out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is fully and fairly upheld. When a new organisation is granted access to your shared care record, you can prevent that organisation, or any individual/team/service within it, from accessing your shared care record without needing to opt-out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your personal confidential information is being processed fairly
    • Your right to privacy (under Article 8 of the Human Rights Act) is being upheld
    • The 8th Caldicott Principle is being upheld : your right to know how information about you is being used - "no surprises"
    • Your right to confidentiality is being upheld
    • You have not lost control of your information - you retain autonomy over it

    Secondary Uses Processing

    DPIA (latest version): Download here

    How is the common law of confidentiality met for the disclosure of your personal confidential information, to 3rd parties (such as data processors and sub-processors), for purposes unrelated to direct medical care?

  • Your explicit permission - NO
  • A legal obligation upon your GP surgery to disclose - NO
  • An obligation to disclose information under Regulation 2 (Cancer) or Regulation 3 (COVID19) of COPI 2002- NO
  • Approval granted under s251 of the NHS Act 2006 (Regulation 5 of COPI 2002), by the HRA’s Confidentiality Advisory Group - NO
  • Is the GP surgery disclosing only completely anonymised information for secondary purposes? NO
    Clearly identifiable, or pseudonymised, personal confidential information is being disclosed

    What does this mean?

    • Your personal confidential information is being processed unlawfully
    • This is a breach of Article 5(1)(a) of GDPR
    • Your personal confidential information is being processed unfairly
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld – that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld – that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information – that you have suffered misuse of your personal confidential information

    Does secondary uses processing respect the Type 1 opt-out? NOT KNOWN

    Does secondary uses processing respect the National Data Opt Out? NOT KNOWN


    iLINKS
    Type: LHCR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Additional information:

    Contributing organisations: GP surgeries and other organisations within
    • Liverpool CCG
    • South Sefton CCG
    • Southport and Formby CCG
    Part of: Cheshire and Merseyside STP
    Will feed into: Share2Care LHCRE
    Region(s): North West
    Estimated population covered: at least 760,000

    Data processor used?
    No - data is viewed/streamed in real time. Data remains only within the contributing controller’s system (e.g. your GP surgery system).

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): No DPIA available or produced

    Permission to View upheld: YES

    "The ILINKS Information Sharing Framework is based around the principle that the information shared across professional groups and organisational boundaries is facilitated only when an individual has given consent to do."

    What does this mean?

    This means that you will be asked for your permission each time someone wishes to access your shared record, unless you cannot give your permission, e.g. you are seriously ill or unconscious or lack capacity (in which case your shared record might be accessed as an “emergency”).

    In asking for your “permission to view”:

    • You are informed that a shared record exists about you - this might be the only way that you are made aware of the existence of such a shared record
    • Your right to be informed is being upheld
    • You can agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information
    • You are, therefore, afforded the opportunity to contemporaneously object to such access, on each and every occasion
    • By being informed, you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery).
    • By being informed, you can, if you so wish, ask your GP surgery to subsequently apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is fully and fairly upheld. You do not have to opt- out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is fully and fairly upheld. When a new organisation is granted access to your shared care record, you can prevent that organisation, or any individual/team/service within it, from accessing your shared care record without needing to opt-out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your personal confidential information is being processed fairly
    • Your right to privacy (under Article 8 of the Human Rights Act) is being upheld
    • The 8th Caldicott Principle is being upheld : your right to know how information about you is being used - "no surprises"
    • Your right to confidentiality is being upheld
    • You have not lost control of your information - you retain autonomy over it

    ST HELENS SHARED CARE RECORD
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Additional information:

    Contributing organisations: GP surgeries and other organisations within St Helens CCG
    Part of: Cheshire and Merseyside STP
    Will feed into: Share2Care LHCRE
    Region(s): North West
    Estimated population covered: at least 178,000

    Data processor used?
    Yes - personal confidential information is extracted and uploaded to a third-party database.

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): No DPIA available or produced (will be available in March)

    Article 28 Data Processor Contract: Status unknown

    What does this mean?

    By law, every data controller (DC) must hold (i.e. be a signatory and party to) a data processing contract between the controller and the data processor (DP). If no such contract, or other legal act that binds the processor with respect to the controller, exists then that is a breach of Article 28 and the data processor is acting unlawfully (ultra vires).

    Permission to View upheld: NO

    What does this mean?

    That means that on each occasion that your record is accessed:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information

    WIRRAL CARE RECORD
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Additional information:

    Contributing organisations: GP surgeries and other organisations within Wirral CCG
    Part of: Cheshire and Merseyside STP
    Will feed into: Share2Care LHCRE
    Region(s): North West
    Estimated population covered: at least 337,000

    Data processor used?
    Yes - personal confidential information is extracted and uploaded to a third-party database.

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Article 28 Data Processor Contract: Not available - no such contract appears to exist

    What does this mean?

    By law, every data controller (DC) must hold (i.e. be a signatory and party to) a data processing contract between the controller and the data processor (DP). If no such contract, or other legal act that binds the processor with respect to the controller, exists then that is a breach of Article 28 and the data processor is acting unlawfully (ultra vires).

    Permission to View upheld: YES

    “Patients are required to give consent to view the record the first time that any care professional accesses it”

    What does this mean?

    This means that you will be asked for your permission each time someone wishes to access your shared record, unless you cannot give your permission, e.g. you are seriously ill or unconscious or lack capacity (in which case your shared record might be accessed as an “emergency”).

    In asking for your “permission to view”:

    • You are informed that a shared record exists about you - this might be the only way that you are made aware of the existence of such a shared record
    • Your right to be informed is being upheld
    • You can agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information
    • You are, therefore, afforded the opportunity to contemporaneously object to such access, on each and every occasion
    • By being informed, you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery).
    • By being informed, you can, if you so wish, ask your GP surgery to subsequently apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is fully and fairly upheld. You do not have to opt- out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is fully and fairly upheld. When a new organisation is granted access to your shared care record, you can prevent that organisation, or any individual/team/service within it, from accessing your shared care record without needing to opt-out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your personal confidential information is being processed fairly
    • Your right to privacy (under Article 8 of the Human Rights Act) is being upheld
    • The 8th Caldicott Principle is being upheld : your right to know how information about you is being used - "no surprises"
    • Your right to confidentiality is being upheld
    • You have not lost control of your information - you retain autonomy over it

    BOLTON CARE RECORD
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Additional information:

    Contributing organisations: GP surgeries and other organisations within Bolton CCG
    Part of: Greater Manchester CCG
    Will feed into: Greater Manchester Care Record LHCRE
    Region(s): North West
    Estimated population covered: at least 312,000

    Data processor used?
    Yes - personal confidential information is extracted and uploaded to a third-party database.

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Article 28 Data Processor Contract: Not available - no such contract appears to exist

    What does this mean?

    By law, every data controller (DC) must hold (i.e. be a signatory and party to) a data processing contract between the controller and the data processor (DP). If no such contract, or other legal act that binds the processor with respect to the controller, exists then that is a breach of Article 28 and the data processor is acting unlawfully (ultra vires).

    Permission to View upheld: NO

    What does this mean?

    That means that on each occasion that your record is accessed:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information

    SHAREFORYOU
    Type: LHCR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Additional information:

    Contributing organisations: GP surgeries and other organisations within 3 CCGs
    • Bury CCG
    • Heywood, Middleton and Rochdale CCG
    • Oldham CCG
    Part of: Greater Manchester STP
    Will feed into: Greater Manchester Care Record LHCRE
    Region(s): North West
    Estimated population covered: at least 653,000

    Data processor used?
    Yes - personal confidential information is extracted and uploaded to a third-party database.

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Article 28 Data Processor Contract: Not available - no such contract appears to exist

    What does this mean?

    By law, every data controller (DC) must hold (i.e. be a signatory and party to) a data processing contract between the controller and the data processor (DP). If no such contract, or other legal act that binds the processor with respect to the controller, exists then that is a breach of Article 28 and the data processor is acting unlawfully (ultra vires).

    Permission to View upheld: NO

    What does this mean?

    That means that on each occasion that your record is accessed:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information

    SALFORD INTEGRATED RECORD
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations within Salford CCG
    Part of: Greater Manchester Care Record LHCRE
    Will feed into: North West
    Region(s):
    Estimated population covered: at least 270,000

    Data processor used?
    Yes - personal confidential information is extracted and uploaded to a third-party database. Your personal confidential information exists in 2 (or more) databases, for example firstly in your GP surgery system, secondly in the data processor’s system (where it made available for direct care purposes), and thirdly in a sub-processor’s system (e.g. Microsoft) where your personal confidential information is processed for secondary uses.

    Purposes of processing: direct medical care and secondary uses

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Article 28 Data Processor Contract: Not available - no such contract appears to exist

    What does this mean?

    By law, every data controller (DC) must hold (i.e. be a signatory and party to) a data processing contract between the controller and the data processor (DP). If no such contract, or other legal act that binds the processor with respect to the controller, exists then that is a breach of Article 28 and the data processor is acting unlawfully (ultra vires).

    Permission to View upheld: NO

    What does this mean?

    That means that on each occasion that your record is accessed:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information

    Secondary Uses Processing

    DPIA (latest version): Download here

    How is the common law of confidentiality met for the disclosure of your personal confidential information, to 3rd parties (such as data processors and sub-processors), for purposes unrelated to direct medical care?

  • Your explicit permission - NO
  • A legal obligation upon your GP surgery to disclose - NO
  • An obligation to disclose information under Regulation 2 (Cancer) or Regulation 3 (COVID19) of COPI 2002- NO
  • Approval granted under s251 of the NHS Act 2006 (Regulation 5 of COPI 2002), by the HRA’s Confidentiality Advisory Group - NO
  • Is the GP surgery disclosing only completely anonymised information for secondary purposes? NO
    Clearly identifiable, or pseudonymised, personal confidential information is being disclosed

    What does this mean?

    • Your personal confidential information is being processed unlawfully
    • This is a breach of Article 5(1)(a) of GDPR
    • Your personal confidential information is being processed unfairly
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld – that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld – that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information – that you have suffered misuse of your personal confidential information

    Does secondary uses processing respect the Type 1 opt-out? UNCLEAR

    Does secondary uses processing respect the National Data Opt Out? YES

    What does this mean?

    If you want to ensure that your personal confidential information is not processed for secondary uses then you are advised to set your National Data Opt Out flag to “do not allow”.
    You might not be able to opt-out of this type of secondary processing via your GP surgery, because a Type 1 objection might be ignored for this project.
    More information on the National Data Opt Out can be found here: www.nationaldataoptout.info


    THE STOCKPORT HEALTH AND CARE RECORD
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Additional information:

    Contributing organisations: GP surgeries and other organisations within Stockport CCG
    Part of: Greater Manchester STP
    Will feed into: Greater Manchester Care Record LHCRE
    Region(s): North West
    Estimated population covered: at least 315,000

    Data processor used?
    Yes - personal confidential information is extracted and uploaded to a third-party database.

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Article 28 Data Processor Contract: Not available - no such contract appears to exist

    What does this mean?

    By law, every data controller (DC) must hold (i.e. be a signatory and party to) a data processing contract between the controller and the data processor (DP). If no such contract, or other legal act that binds the processor with respect to the controller, exists then that is a breach of Article 28 and the data processor is acting unlawfully (ultra vires).

    Permission to View upheld: YES

    "Professionals should only access this information with your permission"

    What does this mean?

    This means that you will be asked for your permission each time someone wishes to access your shared record, unless you cannot give your permission, e.g. you are seriously ill or unconscious or lack capacity (in which case your shared record might be accessed as an “emergency”).

    In asking for your “permission to view”:

    • You are informed that a shared record exists about you - this might be the only way that you are made aware of the existence of such a shared record
    • Your right to be informed is being upheld
    • You can agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information
    • You are, therefore, afforded the opportunity to contemporaneously object to such access, on each and every occasion
    • By being informed, you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery).
    • By being informed, you can, if you so wish, ask your GP surgery to subsequently apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is fully and fairly upheld. You do not have to opt- out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is fully and fairly upheld. When a new organisation is granted access to your shared care record, you can prevent that organisation, or any individual/team/service within it, from accessing your shared care record without needing to opt-out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your personal confidential information is being processed fairly
    • Your right to privacy (under Article 8 of the Human Rights Act) is being upheld
    • The 8th Caldicott Principle is being upheld : your right to know how information about you is being used - "no surprises"
    • Your right to confidentiality is being upheld
    • You have not lost control of your information - you retain autonomy over it

    WIGAN SHARE2CARE
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations within Wigan CCG
    Part of: Greater Manchester STP
    Will feed into: Greater Manchester Care Record LHCRE
    Region(s): North West
    Estimated population covered: at least 320,000

    Data processor used?
    No - data is viewed/streamed in real time. Data remains only within the contributing controller’s system (e.g. your GP surgery system).

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Permission to View upheld: YES

    “Before any information is collected or displayed to a care professional, patient consent must be provided. Patient consent is recorded on the system in an audit trail so that we know exactly who has accessed what information and when.”

    What does this mean?

    This means that you will be asked for your permission each time someone wishes to access your shared record, unless you cannot give your permission, e.g. you are seriously ill or unconscious or lack capacity (in which case your shared record might be accessed as an “emergency”).

    In asking for your “permission to view”:

    • You are informed that a shared record exists about you - this might be the only way that you are made aware of the existence of such a shared record
    • Your right to be informed is being upheld
    • You can agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information
    • You are, therefore, afforded the opportunity to contemporaneously object to such access, on each and every occasion
    • By being informed, you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery).
    • By being informed, you can, if you so wish, ask your GP surgery to subsequently apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is fully and fairly upheld. You do not have to opt- out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is fully and fairly upheld. When a new organisation is granted access to your shared care record, you can prevent that organisation, or any individual/team/service within it, from accessing your shared care record without needing to opt-out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your personal confidential information is being processed fairly
    • Your right to privacy (under Article 8 of the Human Rights Act) is being upheld
    • The 8th Caldicott Principle is being upheld : your right to know how information about you is being used - "no surprises"
    • Your right to confidentiality is being upheld
    • You have not lost control of your information - you retain autonomy over it

    THE LANCASHIRE PATIENT RECORD EXCHANGE
    Type: LHCR

    Click to to drop down/close more information about this shared care record

    Website: not available
    Contributing organisations: GP surgeries and other organisations across Lancashire and South Cumbria STP
    Will feed into: Share 2 Care LHCRE
    Region(s): North West
    Estimated population covered: at least 1.7 million

    Data processor used?
    No - data is viewed/streamed in real time. Data remains only within the contributing controller’s system (e.g. your GP surgery system).

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version):
    No DPIA available or produced

    Permission to View upheld: NO

    What does this mean?

    That means that on each occasion that your record is accessed:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information


    REGION: MIDLANDS

    YOUR CARE CONNECTED
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations within 2 CCGs

    • Birmingham and Solihull CCG
    • Sandwell and West Birmingham CCG
    Part of: Birmingham and Solihull STP and The Black Country STP
    Region(s): Midlands
    Estimated population covered: at least 1.8 million

    Data processor used?
    No - data is viewed/streamed in real time. Data remains only within the contributing controller’s system (e.g. your GP surgery system).

    Purposes of processing: : direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Permission to View upheld: NO

    What does this mean?

    That means that on each occasion that your record is accessed:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information

    COVENTRY AND WARWICKSHIRE INTEGRATED CARE RECORD
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Additional information:

    Contributing organisations: GP surgeries and other organisations across Coventry & Warwickshire STP
    Region(s): Midlands
    Estimated population covered: at least 1 million

    Data processor used?
    No - data is viewed/streamed in real time. Data remains only within the contributing controller’s system (e.g. your GP surgery system).

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): No DPIA available or produced. This ICR is yet to go live.

    Permission to View upheld: YES

    “At the point of receiving care, you will be asked for permission to access your data.”

    What does this mean?

    This means that you will be asked for your permission each time someone wishes to access your shared record, unless you cannot give your permission, e.g. you are seriously ill or unconscious or lack capacity (in which case your shared record might be accessed as an “emergency”).

    In asking for your “permission to view”:

    • You are informed that a shared record exists about you - this might be the only way that you are made aware of the existence of such a shared record
    • Your right to be informed is being upheld
    • You can agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information
    • You are, therefore, afforded the opportunity to contemporaneously object to such access, on each and every occasion
    • By being informed, you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery).
    • By being informed, you can, if you so wish, ask your GP surgery to subsequently apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is fully and fairly upheld. You do not have to opt- out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is fully and fairly upheld. When a new organisation is granted access to your shared care record, you can prevent that organisation, or any individual/team/service within it, from accessing your shared care record without needing to opt-out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your personal confidential information is being processed fairly
    • Your right to privacy (under Article 8 of the Human Rights Act) is being upheld
    • The 8th Caldicott Principle is being upheld : your right to know how information about you is being used - "no surprises"
    • Your right to confidentiality is being upheld
    • You have not lost control of your information - you retain autonomy over it

    JUCD SHARED CARE RECORD
    Type: ICR
    Website: Click here
    Contributing organisations: GP surgeries and other organisations across Derbyshire STP
    Region(s): Midlands
    Estimated population covered: at least 1,000,000

    Data processor used?
    Yes - personal confidential information is extracted and uploaded to a third-party database.

    Download here

    Permission to View upheld: NO

    Joined Up Care Derbyshire have commissioned their shared care record from Orion Health, with the aim of going live with this project from September 2021.


    HEREFORD ONE RECORD
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Additional information:

    Contributing organisations: GP surgeries and other organisations across Hereford and Worcestershire STP
    Region(s): Midlands
    Estimated population covered: at least 800,000

    Data processor used?
    No - data is viewed/streamed in real time. Data remains only within the contributing controller’s system (e.g. your GP surgery system).

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Permission to View upheld: YES

    “Consent will be achieved directly from the patient at the point of contact”

    What does this mean?

    This means that you will be asked for your permission each time someone wishes to access your shared record, unless you cannot give your permission, e.g. you are seriously ill or unconscious or lack capacity (in which case your shared record might be accessed as an “emergency”).

    In asking for your “permission to view”:

    • You are informed that a shared record exists about you - this might be the only way that you are made aware of the existence of such a shared record
    • Your right to be informed is being upheld
    • You can agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information
    • You are, therefore, afforded the opportunity to contemporaneously object to such access, on each and every occasion
    • By being informed, you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery).
    • By being informed, you can, if you so wish, ask your GP surgery to subsequently apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is fully and fairly upheld. You do not have to opt- out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is fully and fairly upheld. When a new organisation is granted access to your shared care record, you can prevent that organisation, or any individual/team/service within it, from accessing your shared care record without needing to opt-out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your personal confidential information is being processed fairly
    • Your right to privacy (under Article 8 of the Human Rights Act) is being upheld
    • The 8th Caldicott Principle is being upheld : your right to know how information about you is being used - "no surprises"
    • Your right to confidentiality is being upheld
    • You have not lost control of your information - you retain autonomy over it

    LINCOLNSHIRE CARE PORTAL
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Additional information:

    Contributing organisations: GP surgeries and other organisations across Lincolnshire STP
    Region(s): Midlands
    Estimated population covered: at least 800,000

    Data processor used?
    No - data is viewed/streamed in real time. Data remains only within the contributing controller’s system (e.g. your GP surgery system).

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Permission to View upheld: NO

    What does this mean?

    That means that on each occasion that your record is accessed:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information

    NORTHAMPTONSHIRE CARE RECORD
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations across Northamptonshire STP
    Region(s): Midlands
    Estimated population covered: at least 800,000

    Data processor used?
    Yes - personal confidential information is extracted and uploaded to a third-party database.

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Article 28 Data Processor Contract: Not available - no such contract appears to exist at present. This ICR has not yet gone live.

    Permission to View upheld: NO

    What does this mean?

    That means that on each occasion that your record is accessed:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information

    CONNECTED NOTTINGHAMSHIRE
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations across Nottinghamshire STP
    Region(s): Midlands
    Estimated population covered: at least 1.1 million

    Data processor used?
    Yes - personal confidential information is extracted and uploaded to a third-party database. Your personal confidential information exists in 2 (or more) databases, for example firstly in your GP surgery system, secondly in the data processor’s system (where it made available for direct care purposes), and thirdly in a sub-processor’s system (e.g. Microsoft) where your personal confidential information is processed for secondary uses.

    Purposes of processing: direct medical care and secondary uses

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Article 28 Data Processor Contract: Download here

    Permission to View upheld: NO

    What does this mean?

    That means that on each occasion that your record is accessed:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information

    Secondary Uses Processing

    DPIA (latest version): Download here

    How is the common law of confidentiality met for the disclosure of your personal confidential information, to 3rd parties (such as data processors and sub-processors), for purposes unrelated to direct medical care?

  • Your explicit permission - NO
  • A legal obligation upon your GP surgery to disclose - NO
  • An obligation to disclose information under Regulation 2 (Cancer) or Regulation 3 (COVID19) of COPI 2002- NO
  • Approval granted under s251 of the NHS Act 2006 (Regulation 5 of COPI 2002), by the HRA’s Confidentiality Advisory Group - NO
  • Is the GP surgery disclosing only completely anonymised information for secondary purposes? NO
    Clearly identifiable, or pseudonymised, personal confidential information is being disclosed

    What does this mean?

    • Your personal confidential information is being processed unlawfully
    • This is a breach of Article 5(1)(a) of GDPR
    • Your personal confidential information is being processed unfairly
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld – that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld – that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information – that you have suffered misuse of your personal confidential information

    Does secondary uses processing respect the Type 1 opt-out? UNCERTAIN

    Does secondary uses processing respect the National Data Opt Out? UNCERTAIN


    STAFFORDSHIRE AND STOKE-ON-TRENT SHARED RECORD
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations across Staffordshire and Stoke-On-Trent STP
    Region(s): Midlands
    Estimated population covered: at least 1.2 million

    Data processor used?
    Not known

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): No DPIA available or produced

    Article 28 Data Processor Contract: Not known

    By law, every data controller (DC) must hold (i.e. be a signatory and party to) a data processing contract between the controller and the data processor (DP). If no such contract, or other legal act that binds the processor with respect to the controller, exists then that is a breach of Article 28 and the data processor is acting unlawfully (ultra vires).

    Permission to View upheld: YES

    “You will be asked directly to give your explicit consent, at the point of contact, for your GP medical record to be viewed. You can say yes or no; the Consultant/Doctor will only view your record if you say yes.”

    What does this mean?

    This means that you will be asked for your permission each time someone wishes to access your shared record, unless you cannot give your permission, e.g. you are seriously ill or unconscious or lack capacity (in which case your shared record might be accessed as an “emergency”).

    In asking for your “permission to view”:

    • You are informed that a shared record exists about you - this might be the only way that you are made aware of the existence of such a shared record
    • Your right to be informed is being upheld
    • You can agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information
    • You are, therefore, afforded the opportunity to contemporaneously object to such access, on each and every occasion
    • By being informed, you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery).
    • By being informed, you can, if you so wish, ask your GP surgery to subsequently apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is fully and fairly upheld. You do not have to opt- out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is fully and fairly upheld. When a new organisation is granted access to your shared care record, you can prevent that organisation, or any individual/team/service within it, from accessing your shared care record without needing to opt-out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your personal confidential information is being processed fairly
    • Your right to privacy (under Article 8 of the Human Rights Act) is being upheld
    • The 8th Caldicott Principle is being upheld : your right to know how information about you is being used - "no surprises"
    • Your right to confidentiality is being upheld
    • You have not lost control of your information - you retain autonomy over it


    REGION: EAST OF ENGLAND

    MY CARE RECORD
    Type: LHCR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations across the entire East of England region

    • Bedfordshire, Luton and Milton Keynes STP
    • Cambridgeshire and Peterborough STP
    • Hertfordshire and West Essex STP
    • Mid and South Essex STP
    • Norfolk and Waveney STP
    • Suffolk and North East Essex STP
    Region(s): East of England
    Estimated population covered: at least 6.8 million

    Data processor used?
    No - data is viewed/streamed in real time. Data remains only within the contributing controller’s system (e.g. your GP surgery system).

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    No DPIA available or produced

    Permission to View upheld: YES

    See ISA Addendum - Duty of Confidentiality

    What does this mean?

    This means that you will be asked for your permission each time someone wishes to access your shared record, unless you cannot give your permission, e.g. you are seriously ill or unconscious or lack capacity (in which case your shared record might be accessed as an “emergency”).

    In asking for your “permission to view”:

    • You are informed that a shared record exists about you - this might be the only way that you are made aware of the existence of such a shared record
    • Your right to be informed is being upheld
    • You can agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information
    • You are, therefore, afforded the opportunity to contemporaneously object to such access, on each and every occasion
    • By being informed, you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery).
    • By being informed, you can, if you so wish, ask your GP surgery to subsequently apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is fully and fairly upheld. You do not have to opt- out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is fully and fairly upheld. When a new organisation is granted access to your shared care record, you can prevent that organisation, or any individual/team/service within it, from accessing your shared care record without needing to opt-out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your personal confidential information is being processed fairly
    • Your right to privacy (under Article 8 of the Human Rights Act) is being upheld
    • The 8th Caldicott Principle is being upheld : your right to know how information about you is being used - "no surprises"
    • Your right to confidentiality is being upheld
    • You have not lost control of your information - you retain autonomy over it


    REGION: SOUTH EAST

    BUCKS MY CARE RECORD
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations within Buckinghamshire CCG
    Part of: Buckinghamshire, Oxfordshire and Berkshire West STP
    Will feed into: Thames Valley LHCRE
    Region(s): South East
    Estimated population covered: at least 530,000

    Data processor used?
    Yes - personal confidential information is extracted and uploaded to a third-party database. Your personal confidential information exists in 2 (or more) databases, for example firstly in your GP surgery system, secondly in the data processor’s system (where it made available for direct care purposes), and thirdly in a sub-processor’s system (e.g. Microsoft) where your personal confidential information is processed for secondary uses.

    Purposes of processing: direct medical care and secondary uses

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Article 28 Data Processor Contract: Not available - no such contract appears to exist

    What does this mean?

    By law, every data controller (DC) must hold (i.e. be a signatory and party to) a data processing contract between the controller and the data processor (DP). If no such contract, or other legal act that binds the processor with respect to the controller, exists then that is a breach of Article 28 and the data processor is acting unlawfully (ultra vires).

    Permission to View upheld: NO

    What does this mean?

    That means that on each occasion that your record is accessed:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information

    Secondary Uses Processing

    DPIA (latest version): Download here

    How is the common law of confidentiality met for the disclosure of your personal confidential information, to 3rd parties (such as data processors and sub-processors), for purposes unrelated to direct medical care?

  • Your explicit permission - NO
  • A legal obligation upon your GP surgery to disclose - NO
  • An obligation to disclose information under Regulation 2 (Cancer) or Regulation 3 (COVID19) of COPI 2002- NO
  • Approval granted under s251 of the NHS Act 2006 (Regulation 5 of COPI 2002), by the HRA’s Confidentiality Advisory Group - NO
  • Is the GP surgery disclosing only completely anonymised information for secondary purposes? NO
    Clearly identifiable, or pseudonymised, personal confidential information is being disclosed

    What does this mean?

    • Your personal confidential information is being processed unlawfully
    • This is a breach of Article 5(1)(a) of GDPR
    • Your personal confidential information is being processed unfairly
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld – that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld – that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information – that you have suffered misuse of your personal confidential information

    Does secondary uses processing respect the Type 1 opt-out? YES

    Does secondary uses processing respect the National Data Opt Out? YES


    OXFORDSHIRE CARE SUMMARY
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations within Oxfordshire CCG
    Part of: Buckinghamshire, Oxfordshire and Berkshire West STP
    Will feed into: Thames Valley LHCRE
    Region(s): South East
    Estimated population covered: at least 700,000

    Data processor used?
    No - data is viewed/streamed in real time. Data remains only within the contributing controller’s system (e.g. your GP surgery system).

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Permission to View upheld: YES

    "Patients will be asked their permission before a clinician views their Oxfordshire Care Summary, unless they are unable to do so and the clinician deems it clinically justified to view without permission."

    What does this mean?

    This means that you will be asked for your permission each time someone wishes to access your shared record, unless you cannot give your permission, e.g. you are seriously ill or unconscious or lack capacity (in which case your shared record might be accessed as an “emergency”).

    In asking for your “permission to view”:

    • You are informed that a shared record exists about you - this might be the only way that you are made aware of the existence of such a shared record
    • Your right to be informed is being upheld
    • You can agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information
    • You are, therefore, afforded the opportunity to contemporaneously object to such access, on each and every occasion
    • By being informed, you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery).
    • By being informed, you can, if you so wish, ask your GP surgery to subsequently apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is fully and fairly upheld. You do not have to opt- out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is fully and fairly upheld. When a new organisation is granted access to your shared care record, you can prevent that organisation, or any individual/team/service within it, from accessing your shared care record without needing to opt-out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your personal confidential information is being processed fairly
    • Your right to privacy (under Article 8 of the Human Rights Act) is being upheld
    • The 8th Caldicott Principle is being upheld : your right to know how information about you is being used - "no surprises"
    • Your right to confidentiality is being upheld
    • You have not lost control of your information - you retain autonomy over it

    SHARE YOUR CARE
    Type: LHCR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations within multiple STPs

    • Berkshire West CCG
    • Frimley Health and Care STP
    Will feed into: Thames Valley LHCRE
    Region(s): South East
    Estimated population covered: at least 1.3 million

    Data processor used?
    Yes - personal confidential information is extracted and uploaded to a third-party database. Your personal confidential information exists in 2 (or more) databases, for example firstly in your GP surgery system, secondly in the data processor’s system (where it made available for direct care purposes), and thirdly in a sub-processor’s system (e.g. Microsoft) where your personal confidential information is processed for secondary uses.

    Purposes of processing: direct medical care and secondary uses

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download Oakley Health Group's detailed DPIA

    Article 28 Data Processor Contract: Not available - no such contract appears to exist

    What does this mean?

    By law, every data controller (DC) must hold (i.e. be a signatory and party to) a data processing contract between the controller and the data processor (DP). If no such contract, or other legal act that binds the processor with respect to the controller, exists then that is a breach of Article 28 and the data processor is acting unlawfully (ultra vires).

    Permission to View upheld: NO

    What does this mean?

    That means that on each occasion that your record is accessed:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information

    Secondary Uses Processing

    DPIA (latest version): Download Oakley Health Group's detailed DPIA

    How is the common law of confidentiality met for the disclosure of your personal confidential information, to 3rd parties (such as data processors and sub-processors), for purposes unrelated to direct medical care?

  • Your explicit permission - NO
  • A legal obligation upon your GP surgery to disclose - NO
  • An obligation to disclose information under Regulation 2 (Cancer) or Regulation 3 (COVID19) of COPI 2002- NO
  • Approval granted under s251 of the NHS Act 2006 (Regulation 5 of COPI 2002), by the HRA’s Confidentiality Advisory Group - NO
  • Is the GP surgery disclosing only completely anonymised information for secondary purposes? NO
    Clearly identifiable, or pseudonymised, personal confidential information is being disclosed

    GP surgeries are disclosing clearly identifiable, personal confidential data to Graphnet for secondary uses.
    Graphnet is disclosing clearly identifiable, personal confidential data to Microsoft for secondary uses.

    What does this mean?

    • Your personal confidential information is being processed unlawfully
    • This is a breach of Article 5(1)(a) of GDPR
    • Your personal confidential information is being processed unfairly
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld – that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld – that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information – that you have suffered misuse of your personal confidential information

    Does secondary uses processing respect the Type 1 opt-out? NO

    Does secondary uses processing respect the National Data Opt Out? NO

    What does this mean?

    • This means that the only way that you can prevent your personal confidential information from being processed for secondary purposes is by opting out entirely and permanently from the shared record. That means not allowing your record to be accessible for direct medical care purposes, even in an emergency
    • And you can only do that if you are actually aware that a shared care record exists about you. Which is very unlikely if the shared care record scheme does not respect permission to view
    • Your right to object to this processing - to opt-out - is not being upheld
    • Your personal confidential information is being processed unfairly
    • Your right to privacy (under Article 8 of the Human Rights Act) is not being upheld
    • Your right to confidentiality is not being upheld
    • You have lost control of your information

    SURREY CARE RECORD
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Additional information:

    Contributing organisations: GP surgeries and other organisations within Surrey Heartlands STP
    Will feed into: Thames Valley LHCRE
    Region(s): South East
    Estimated population covered: at least 1 million

    Data processor used?
    Yes - personal confidential information is extracted and uploaded to a third-party database.

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Article 28 Data Processor Contract: Not available - no such contract appears to exist

    What does this mean?

    By law, every data controller (DC) must hold (i.e. be a signatory and party to) a data processing contract between the controller and the data processor (DP). If no such contract, or other legal act that binds the processor with respect to the controller, exists then that is a breach of Article 28 and the data processor is acting unlawfully (ultra vires).

    Permission to View upheld: NO

    What does this mean?

    That means that on each occasion that your record is accessed:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information

    OUR CARE CONNECTED
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations across Sussex Health and Care Partnership STP
    Region(s): South East
    Estimated population covered: at least 1.8 million

    Data processor used?
    Not known. This ICR does not appear to have started yet (no privacy notices exist on any of the GP surgery websites).

    Purposes of processing: direct medical care

    Direct Medical Care (primary uses processing)

    DPIA (latest version): No DPIA available or produced


    THE KENT AND MEDWAY CARE RECORD
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations across Kent and Medway STP
    Region(s): South East
    Estimated population covered: at least 1.9 million

    Data processor used?
    No - data is viewed/streamed in real time. Data remains only within the contributing controller’s system (e.g. your GP surgery system).

    Purposes of processing: direct medical care and possibly secondary uses

    Direct Medical Care (primary uses processing)

    DPIA (latest version):
    No DPIA available or produced

    Permission to View upheld: NOT KNOWN

    This ICR does not appear to have gone live yet.



    REGION: SOUTH WEST

    CARE AND HEALTH INFORMATION EXCHANGE (CHIE)
    Type: LHCR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Additional information:

    Contributing organisations: GP surgeries and other organisations within:
    • Hampshire and Isle of Wight STP
    • North East Hampshire and Farnham CCG
    Will feed into: Wessex LHCRE
    Region(s): South West and South East
    Estimated population covered: at least 2.1 million

    Data processor used?
    Yes - personal confidential information is extracted and uploaded to a third-party database.

    Purposes of processing: direct medical care (CHIE have ceased/are about to cease secondary uses processing)

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Article 28 Data Processor Contract: Not available - no such contract appears to exist except just one between Oakley Health Group and SCW CSU

    What does this mean?

    By law, every data controller (DC) must hold (i.e. be a signatory and party to) a data processing contract between the controller and the data processor (DP). If no such contract, or other legal act that binds the processor with respect to the controller, exists then that is a breach of Article 28 and the data processor is acting unlawfully (ultra vires).

    Permission to View upheld: VARIABLY

    What does this mean?

    Some organisations accessing your record respect permission to view, some do not.

    That means that on certain occasions:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information

    THE DORSET CARE RECORD
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Additional information:

    Contributing organisations: GP surgeries and other organisations across Dorset STP
    Will feed into: Wessex LCHRE
    Region(s): South West
    Estimated population covered: at least 800,000

    Data processor used?
    No - data is viewed/streamed in real time. Data remains only within the contributing controller’s system (e.g. your GP surgery system).

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Permission to View upheld: NO

    What does this mean?

    That means that on each occasion that your record is accessed:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information

    BaNES INTEGRATED CARE RECORD
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations across Bath and North East Somerset, Swindon and Wiltshire STP
    Will feed into: One South West LHCRE
    Region(s): South West
    Estimated population covered: at least 0.9 million

    Data processor used?
    Yes - personal confidential information is extracted and uploaded to a third-party database. Your personal confidential information exists in 2 (or more) databases, for example firstly in your GP surgery system, secondly in the data processor’s system (where it made available for direct care purposes), and thirdly in a sub-processor’s system (e.g. Microsoft) where your personal confidential information is processed for secondary uses.

    Purposes of processing: direct medical care and secondary uses

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Article 28 Data Processor Contract: Download here

    Permission to View upheld: NO

    What does this mean?

    That means that on each occasion that your record is accessed:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information

    Secondary Uses Processing

    DPIA (latest version): Download here

    How is the common law of confidentiality met for the disclosure of your personal confidential information, to 3rd parties (such as data processors and sub-processors), for purposes unrelated to direct medical care?

  • Your explicit permission - NO
  • A legal obligation upon your GP surgery to disclose - NO
  • An obligation to disclose information under Regulation 2 (Cancer) or Regulation 3 (COVID19) of COPI 2002- NO
  • Approval granted under s251 of the NHS Act 2006 (Regulation 5 of COPI 2002), by the HRA’s Confidentiality Advisory Group - NO
  • Is the GP surgery disclosing only completely anonymised information for secondary purposes? NO
    Clearly identifiable, or pseudonymised, personal confidential information is being disclosed

    What does this mean?

    • Your personal confidential information is being processed unlawfully
    • This is a breach of Article 5(1)(a) of GDPR
    • Your personal confidential information is being processed unfairly
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld – that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld – that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information – that you have suffered misuse of your personal confidential information

    Does secondary uses processing respect the Type 1 opt-out? YES

    Does secondary uses processing respect the National Data Opt Out? YES


    CONNECTING CARE
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations across Bristol, North Somerset and South Gloucestershire STP
    Will feed into: One South West LHCRE
    Region(s): South West
    Estimated population covered: at least 1 million

    Data processor used?
    No - data is viewed/streamed in real time. Data remains only within the contributing controller’s system (e.g. your GP surgery system).

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Permission to View upheld: NO

    What does this mean?

    That means that on each occasion that your record is accessed:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information

    JOINING UP YOUR INFORMATION
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations across Gloucestershire STP
    Will feed into: One South West LHCRE
    Region(s): South West
    Estimated population covered: at least 600,000

    Data processor used?
    Yes - personal confidential information is extracted and uploaded to a third-party database.

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Article 28 Data Processor Contract: Not available - no such contract appears to exist

    What does this mean?

    By law, every data controller (DC) must hold (i.e. be a signatory and party to) a data processing contract between the controller and the data processor (DP). If no such contract, or other legal act that binds the processor with respect to the controller, exists then that is a breach of Article 28 and the data processor is acting unlawfully (ultra vires).

    Permission to View upheld: YES

    “Healthcare staff will ask for your permission when they need to view your JUYI record”

    What does this mean?

    This means that you will be asked for your permission each time someone wishes to access your shared record, unless you cannot give your permission, e.g. you are seriously ill or unconscious or lack capacity (in which case your shared record might be accessed as an “emergency”).

    In asking for your “permission to view”:

    • You are informed that a shared record exists about you - this might be the only way that you are made aware of the existence of such a shared record
    • Your right to be informed is being upheld
    • You can agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information
    • You are, therefore, afforded the opportunity to contemporaneously object to such access, on each and every occasion
    • By being informed, you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery).
    • By being informed, you can, if you so wish, ask your GP surgery to subsequently apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is fully and fairly upheld. You do not have to opt- out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is fully and fairly upheld. When a new organisation is granted access to your shared care record, you can prevent that organisation, or any individual/team/service within it, from accessing your shared care record without needing to opt-out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your personal confidential information is being processed fairly
    • Your right to privacy (under Article 8 of the Human Rights Act) is being upheld
    • The 8th Caldicott Principle is being upheld : your right to know how information about you is being used - "no surprises"
    • Your right to confidentiality is being upheld
    • You have not lost control of your information - you retain autonomy over it

    SOMERSET INTEGRATED DIGITAL E-RECORD (SiDER)
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations across Somerset STP
    Will feed into: One South West LHCRE
    Region(s): South West
    Estimated population covered: at least 600,000

    Data processor used?
    Yes - personal confidential information is extracted and uploaded to a third-party database.

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Article 28 Data Processor Contract: Not available - no such contract appears to exist

    What does this mean?

    By law, every data controller (DC) must hold (i.e. be a signatory and party to) a data processing contract between the controller and the data processor (DP). If no such contract, or other legal act that binds the processor with respect to the controller, exists then that is a breach of Article 28 and the data processor is acting unlawfully (ultra vires).

    Permission to View upheld: YES

    “SIDeR users will be encouraged to inform the individual that they can access the record at the point of care delivery and will deal with any concerns raised at that time.”

    What does this mean?

    This means that you will be asked for your permission each time someone wishes to access your shared record, unless you cannot give your permission, e.g. you are seriously ill or unconscious or lack capacity (in which case your shared record might be accessed as an “emergency”).

    In asking for your “permission to view”:

    • You are informed that a shared record exists about you - this might be the only way that you are made aware of the existence of such a shared record
    • Your right to be informed is being upheld
    • You can agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information
    • You are, therefore, afforded the opportunity to contemporaneously object to such access, on each and every occasion
    • By being informed, you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery).
    • By being informed, you can, if you so wish, ask your GP surgery to subsequently apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is fully and fairly upheld. You do not have to opt- out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is fully and fairly upheld. When a new organisation is granted access to your shared care record, you can prevent that organisation, or any individual/team/service within it, from accessing your shared care record without needing to opt-out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your personal confidential information is being processed fairly
    • Your right to privacy (under Article 8 of the Human Rights Act) is being upheld
    • The 8th Caldicott Principle is being upheld : your right to know how information about you is being used - "no surprises"
    • Your right to confidentiality is being upheld
    • You have not lost control of your information - you retain autonomy over it

    DEVON LOCAL SHARED CARE RECORD
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Additional information:

    Contributing organisations: GP surgeries and other organisations across Devon STP
    Will feed into: One South West LHCRE
    Region(s): South West
    Estimated population covered: at least 1.2 million

    Data processor used?
    Not known

    Purposes of processing: Not known

    This ICR has not started yet.



    REGION: LONDON

    EAST LONDON PATIENT RECORD (eLPR)
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations across East London STP
    Will feed into: One London LHCRE
    Region(s): London
    Estimated population covered: at least 2.2 million

    Data processor used?
    Yes - personal confidential information is extracted and uploaded to a third-party database. Your personal confidential information exists in 2 (or more) databases, for example firstly in your GP surgery system, secondly in the data processor’s system (where it made available for direct care purposes), and thirdly in a sub-processor’s system (e.g. Microsoft) where your personal confidential information is processed for secondary uses.

    Purposes of processing: direct medical care and secondary uses

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Article 28 Data Processor Contract: Not available - no such contract appears to exist

    What does this mean?

    By law, every data controller (DC) must hold (i.e. be a signatory and party to) a data processing contract between the controller and the data processor (DP). If no such contract, or other legal act that binds the processor with respect to the controller, exists then that is a breach of Article 28 and the data processor is acting unlawfully (ultra vires).

    Permission to View upheld: NO

    What does this mean?

    That means that on each occasion that your record is accessed:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information

    Secondary Uses Processing

    DPIA (latest version): Download here

    How is the common law of confidentiality met for the disclosure of your personal confidential information, to 3rd parties (such as data processors and sub-processors), for purposes unrelated to direct medical care?

  • Your explicit permission - NO
  • A legal obligation upon your GP surgery to disclose - NO
  • An obligation to disclose information under Regulation 2 (Cancer) or Regulation 3 (COVID19) of COPI 2002- NO
  • Approval granted under s251 of the NHS Act 2006 (Regulation 5 of COPI 2002), by the HRA’s Confidentiality Advisory Group - NO
  • Is the GP surgery disclosing only completely anonymised information for secondary purposes? NO
    Clearly identifiable, or pseudonymised, personal confidential information is being disclosed

    What does this mean?

    • Your personal confidential information is being processed unlawfully
    • This is a breach of Article 5(1)(a) of GDPR
    • Your personal confidential information is being processed unfairly
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld – that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld – that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information – that you have suffered misuse of your personal confidential information

    Does secondary uses processing respect the Type 1 opt-out? NOT KNOWN

    Does secondary uses processing respect the National Data Opt Out? NOT KNOWN


    NORTH LONDON HIE
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations across North London STP
    Will feed into: One London LHCRE
    Region(s): London
    Estimated population covered: at least 1.5 million

    Data processor used?
    Yes - personal confidential information is extracted and uploaded to a third-party database.

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Article 28 Data Processor Contract: Download here

    Permission to View upheld: NO

    What does this mean?

    That means that on each occasion that your record is accessed:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information

    NORTH WEST LONDON CARE INFORMATION EXCHANGE
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations across North London STP
    Will feed into: One London LHCRE
    Region(s): London
    Estimated population covered: at least 2.4 million

    The NWL CIE is an opt-in project - a personal health record.


    CONNECTING YOUR CARE
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Contributing organisations: GP surgeries and other organisations across South West London STP
    Will feed into: One London LHCRE
    Region(s): London
    > Estimated population covered: at least 1.7 million

    Data processor used?
    No - data is viewed/streamed in real time. Data remains only within the contributing controller’s system (e.g. your GP surgery system).

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Permission to View upheld: NO

    What does this mean?

    That means that on each occasion that your record is accessed:

    • You will not be asked for your permission before your shared care record is accessed
    • There is no such thing as “emergency access” (or “break glass access”). All access takes place without your permission
    • You are not being informed that a shared record exists about you. This might have been be the only way that you were made aware of the existence of such a shared record. Your right to be informed is not being upheld
    • You may never realise that a shared care record exists about you. And if you do, it might only be after your record has been accessed
    • You cannot agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information. It is all or nothing
    • You are not afforded the opportunity to contemporaneously object to such access
    • NHS Staff cannot “inform patients about the use of their confidential information and to record their objections, consent or dissent” if they are not required to seek permission to view, if only once, for that patient
    • You may not realise that you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery)
    • You may not realise that, you can, if you so wish, ask your GP surgery to apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is not being fairly upheld. You have to opt-out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is not being fairly upheld. When a new organisation is granted access to your shared care record, you cannot prevent that organisation, or any individual/team/service within it, from accessing your shared care record without opting out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency

    • You have every right to state that it is iniquitous that your GP surgery requires your explicit permission to allow you secure online access to your GP record, yet allows hundreds of external organisations access to the same GP record without your explicit permission
    • You have every right to state that your personal confidential information is being processed unfairly
    • You have every right to state that the 8th Caldicott Principle is being breached : "no surprises"
    • You have every right to state that your right to privacy (under Article 8 of the Human Rights Act) is not being upheld - that you have suffered a privacy breach
    • You have every right to state that your right to confidentiality is not being upheld - that you have suffered a breach of confidentiality
    • You have every right to state that you experienced loss of control and autonomy over your information - that you have suffered misuse of your personal confidential information

    LOCAL CARE RECORD
    Type: ICR

    Click to to drop down/close more information about this shared care record

    Website: Click here
    Additional information:

    Contributing organisations: GP surgeries and other organisations across South East London STP
    Will feed into: One London LHCRE
    Region(s): London
    Estimated population covered: at least 2 million

    Data processor used?
    No - data is viewed/streamed in real time. Data remains only within the contributing controller’s system (e.g. your GP surgery system).

    Purposes of processing: direct medical care only

    Direct Medical Care (primary uses processing)

    DPIA (latest version): Download here

    Permission to View upheld: YES

    "Only professionals who are directly supporting your care will have access to your care record and wherever possible they will inform you that they are accessing your care record."

    What does this mean?

    This means that you will be asked for your permission each time someone wishes to access your shared record, unless you cannot give your permission, e.g. you are seriously ill or unconscious or lack capacity (in which case your shared record might be accessed as an “emergency”).

    In asking for your “permission to view”:

    • You are informed that a shared record exists about you - this might be the only way that you are made aware of the existence of such a shared record
    • Your right to be informed is being upheld
    • You can agree to such access, or refuse such access, depending on the occasion and on the individual, team, service, or organisation wishing to access your information
    • You are, therefore, afforded the opportunity to contemporaneously object to such access, on each and every occasion
    • By being informed, you can, if you so wish, opt-out entirely of the shared record scheme (via your GP surgery).
    • By being informed, you can, if you so wish, ask your GP surgery to subsequently apply one or more confidentiality policies to your record, so that particular items (e.g. a sensitive diagnosis) are not visible outside of your GP practice when your shared record is accessed in the future
    • Your right to object - to opt-out - is fully and fairly upheld. You do not have to opt- out entirely and permanently just to prevent an individual person (e.g. a family member, friend, or neighbour), a specific team, a specific service, or a specific organisation, from accessing your shared care record. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your right to object - to opt-out - is fully and fairly upheld. When a new organisation is granted access to your shared care record, you can prevent that organisation, or any individual/team/service within it, from accessing your shared care record without needing to opt-out entirely and permanently. Remember that opting out entirely means that your information can never be accessed in this way, even in an emergency
    • Your personal confidential information is being processed fairly
    • Your right to privacy (under Article 8 of the Human Rights Act) is being upheld
    • The 8th Caldicott Principle is being upheld : your right to know how information about you is being used - "no surprises"
    • Your right to confidentiality is being upheld
    • You have not lost control of your information - you retain autonomy over it

    Back to index



    The National Summary Care Record (SCR)

    Detailed information about the Summary Care Record can be found at www.summarycarerecord.info

    The site tells you about

    • "Core" Summary Care Records (very basic information extracted from your GP record and uploaded)
    • "Enriched" Summary Care Records (potentially vast amounts of information extracted from your GP record and uploaded), with factsheets and guides available for patients and for GPs.

    The Summary Care Record is an example of a database that processes your data for primary medical uses only, that is for the provision of direct medical care by healthcare professionals.

    Information uploaded from your GP record will be available to healthcare professionals across England, i.e. nationally.

    Click to to drop down/close more information about The Summary Care Record

    The Summary Care Record will ultimately hold personal confidential medical information from all 53 million people in England (unless individuals have opted out).

    Your GP surgery will not be the data controller for your uploaded information - NHS Digital will be.

    The SCR fully upholds "permission to view".

    • On any given occasion where someone wishes to access your SCR, you will be asked for your explicit permission first
    • You are being informed that your personal confidential information is accessible outside of your GP surgery
    • You can say yes to that access, or you can say no
    • You have the ability to object to any given individual, team, service, or organisation accessing your SCR
    • You have the ability to object on any given occasion
    • Your right to privacy is being upheld and respected
    • Your confidentiality is not being breached
    • You retain control over your medical record

    Your GP surgery will be extracting and uploading data to the Summary Care Record.

    Because every GP surgery in England is compelled to extract and upload information to the Summary Care Record - they have no choice.

    But you do.

    You do not have to have a Summary Care Record created about you if you do not want one.

    You have the right to opt-out of The Summary Care Record (at any time) and not allow your personal and identifiable information to be extracted from your GP record, uploaded, and processed for primary purposes.

    Opting out will ensure that either no personal confidential information about you is extracted and uploaded, or, as is more likely, that any already uploaded information is "blanked" or made unavailable, and that no further information is uploaded.


    Back to index



    Risk Stratification

    Many GP surgeries are uploading personal confidential information from GP records to third parties, for the secondary purpose of "risk stratification". The uploaded data is stored in massive databases (outside of your GP surgery), processed and analysed by the third party, and patients are "scored" as to their likelihood of being admitted to hospital, of attending Accident and Emergency or their GP surgery, and of costing the NHS large sums of money.

    Click to to drop down/close more information about risk stratification

    For any given GP surgery, only a fraction (1-2%) of patients will be identified as potentially "high-risk". For the remaining 98% of patients, the risk stratification analysis serves no purpose. GP surgeries do not narrow down the list of patients that are to have their information extracted, uploaded and analysed - instead the GP records of the entire surgery's patients are uploaded and processed in this way.

    A large number of Clinical Commissioning Groups (CCGs), and their member GP practices, are involved in risk stratification - you can see a list of such CCGs here.

    Currently, more than 100 CCGs have permission to extract information from GP records, upload it, and process it for risk stratification purposes.

    Some CCGs refer to risk management as "Personalised Care Management" instead.

    Risk stratification is an example of a database that processes your data for secondary uses, that is for purposes other than your direct medical care by healthcare professionals.

    As such, these schemes require special permission to upload the identifiable data without the explicit consent of patients, so called section 251 approval. However, a condition of s251 approval is that patients must be informed of the processing of their GP record for risk stratification and of their right to object, or opt-out, of the uploading of their data for this purpose.

    Section 251 approval requires meeting stringent requirements, including that such processing meets all of the GDPR principles.

    The Type 1 secondary uses (9Nu0) opt-out should prevent your data being processed for risk stratification. After all, it is a perfect example of secondary uses of your personal information.

    The Type 2 secondary uses (9Nu0) opt-out should also prevent your data being processed for risk stratification, the equivalent of setting your National Data Opt Out Status to "do not allow".

    The only sure way to find out whether your GP surgery is extracting and uploading your identifiable information for risk stratification uses is to ask them. Risk stratification schemes are voluntary for GP surgeries.

    You have the right to opt-out of Risk Stratification and not allow your personal and identifiable information to be extracted from your GP record, uploaded, and processed for secondary purposes.




    Recently, the Confidentiality Advisory Group of the Health and Research Authority clarified the scope of the s251 approval for risk stratification: CAG 7-04 (a)/2013 Disclosure of commissioning data sets and GP data for risk stratification purposes to data processors with existing contracts working on behalf of GPs.

    The clarification stated: that approval under Regulation 5 was limited to risk stratification for case finding only, and specifically excluded population health analytics.


    Back to index



    Population Health Management

    This refers to projects that analyse data from individuals across entire communities - CCGs, STPs, even entire regions. It is a secondary use of the information as the purpose of such analysis is not to enable direct medical care. Combining such data can give insights across the country, as can be seen by the analysis of aggregate data provided by GP surgeries for the Quality and Outcomes Framework.

    The disclosure of completely anonymised, or aggregate, datasets by data controllers (such as GP surgeries, hospital trusts, and local authorities) for such purposes is entirely lawful - as long as any such anonymisation is undertakem at source.

    Click to to drop down/close more information about population health management projects

    But many projects, and increasingly more projects, are asking data controllers - such as your GP surgery - to disclose personal confidential information about you. This, in some cases, is clearly identifiable data and in other cases is pseudonymised at source.

    Pseudonymisation (replacing most identifying fields within a data record by one or more artificial identifiers, or pseudonyms) does not render personal data as non-personal. It does not render confidential data as non-confidential. It is a security measure and a data minimisation measure, but it does not means that the disclosure of such information is out with the requirements of GDPR and of the Common Law of Confidentiality.

    "However, pseudonymisation is effectively only a security measure. It does not change the status of the data as personal data. Recital 26 makes it clear that pseudonymised personal data remains personal data and within the scope of the GDPR."
    ICO "What is personal data"

    The fact that data processors do not routinely access the personal data does not render the data as non-personal or non-confidential. That is a security measure (a commendable one), but it does not set aside the common law of confidentiality.

    Pseudonymisation helps data controllers meet their data protection obligations, particularly the principles of ‘data minimisation’ and ‘storage limitation’ (Articles 5(1c) and 5(1)e), and processing for research purposes for which "appropriate safeguards" are required.

    The gigantic linked-datasets generated in population health management projects, combining data from GP records and hospital records and mental health records and social care records, result in data that can be re-identified irrespective of pseudonymisation.

    Disclosure for population health management projects can occur:

    • as disclosure of personal confidential information released directly from the GP surgery, or
    • as disclosure of personal confidential information released from the shared care record data processor (holding the GP record for direct care purposes) to another data processor (or sub-processor)

    The disclosure of personal confidential information in the absence of a legal obligation, or the explicit permission of the patient, or Section 251 approval from CAG, makes any such disclosure a breach of confidentiality, and any such processing unlawful as a breach of Article 5(1)(a) of GDPR. It is a breach of privacy.

    You will not be asked for your permission before your GP records are disclosed in this way.

    But no one polices breaches of confidentiality. So data controllers can unlawfully disclose such information, and organisations can unlawfully process such information, with impunity.

    Much of this processing occurs hidden within processing for shared care records. See the many examples above.

    Examples of projects that are disclosing and processing personal confidential information in this way include:

    • The BNSSG CCG PHM programme : DPIA here
    • The Sussex Integrated Dataset PHM programme : DPIA here

    There are organisations lawfully processing personal confidential data for population health management purposes, with s251 CAG approval. The scheme that NHS Southend CCG ran did just this. And the Yorkshire and Humber Care Record is currently seeking CAG approval (20/CAG/0130) for the disclosure of information from the shared record for such secondary purposes.

    Sometimes, these projects do not respect the Type 1 opt-out; sometimes they do not respect the National Data Opt Out (NDOO). If you want to protect your GP records from such processing then the best you can do is to ensure that you have both a Type 1 out-out recorded and your NDOO set to "do not allow".


    Back to index



    National Audits, the Clinical Practice Research Datalink (CPRD), and other data extractions to NHS Digital

    Some (but not all) GP surgeries upload information to NHS Digital as part of national audits. Identifiable information about you is extracted from your GP record and uploaded to NHS Digital, once again with s251 approval or, more commonly now, s259 approval (mandatory data extractions). As such, your explicit permission is neither required, nor asked for, before your information is uploaded.

    One such example is the National Diabetes Audit (NDA).

    Click to to drop down/close more information about National Audits, the CPRD, and GPES extractions

    Some national audits extract data to organisations other than NHS Digital. For example, the National CKD Audit (NCKDA) extracts personal identifiable data to BMJ health analytics.

    In addition, in the near future, identifiable information about you will be extracted from GP records and uploaded to NHS Digital as part of the General Practice Extraction Service (GPES).

    There is no longer any independent scrutiny of requests and extractions of data from your GP record via GPES - the advisory group overseeing this (the GPES IAG) was abolished by the HSCIC in June 2015.

    Your GP surgery will not be the data controller for your uploaded information - NHS Digital will be.

    Some GP surgeries upload de-identified data extracted from GP records to the Clinical Practice Research Datalink (CPRD), a governmental, not-for-profit research service, jointly funded by the NHS National Institute for Health Research (NIHR) and the Medicines and Healthcare products Regulatory Agency (MHRA), a part of the Department of Health. This is another purely secondary use of data.

    Your GP surgery will not be the data controller for the information about you uploaded to the CPRD.


    The national audits, the CPRD, and GPES extractions are processing your information for secondary uses only, that is for purposes other than your direct medical care by healthcare professionals.

    The Type 1 secondary uses (9Nu0) opt-out will prevent your personal confidential information being extracted and uploaded - without your knowledge and consent - for the national audits, CPRD and GPES.


    In addition, the 9Nu0 opt-out will also prohibit de-identified information about you concerning any eMed3 Statement of Fitness to Work reports (i.e. sick notes) being uploaded to NHS Digital and subsequently passed to the Department of Work and Pensions.

    Some more detail about the eMed3 extractions can be found in this FOI response from the HSCIC.

    The Type 1, 9Nu0, opt-out will also prohibit identifiable information about you from being uploaded to NHS Digital for the Individual GP level data collection, mandated by law. GP practices have to submit data to NHS Digital for this and so cannot opt-out, but patients can opt-out as individuals.


    Objecting to the extraction and uploading of your information for secondary purposes will have no impact whatsoever on the way that GPES extracts and uploads anonymised information to NHS England in order to ensure that GP surgeries are paid for certain healthcare programmes (such as immunisations).

    The secondary uses (9Nu0) opt-out will ensure that no identifiable information about you will be extracted and uploaded - to anyone, not just NHS Digital - without your express consent, for any other secondary uses, both now and in the future.

    The only sure way to find out whether your GP surgery is extracting and uploading your identifiable information to any or all of the National Audits is to ask them. These audits are voluntary for GP surgeries, and many surgeries do not extract and upload this data.

    You have the right to opt-out of any or all of The National Audits, the CPRD, identifiable GPES extractions, and mandated NHS Digital collections from your GP surgery, and not allow your personal and identifiable information to be extracted from your GP record, uploaded, and processed for such secondary purposes.


    Back to index



    Legal Obligations and Professional Duty

    Sometimes, your GP surgery has to share, or disclose, your personal confidential information by law, and without your explicit permission. For example, this might be mandated by the courts, or by NHS Digital, or by the DVLA. GPs have no choice in the matter, and the common law of confidentiality is met by virtue of this being a legal obligation.

    Other times, your GP surgery will disclose personal confidential information because they have a professional duty to do so. One such example is the sharing of information to local authorities for the investigation of childhood safeguarding investigations (a so-called section 47 request). GP surgeries will meet the common law of confidentiality because such disclosures are overwhelmingly in the public interest - to protect, or ensure the safety of, a child or other person. In the case of a section 47 request, which is a necessarily urgent matter, explicit permission from the parent will not be required.


    Back to index



    Remote consultations

    The GP record can also be streamed from one GP surgery to another, in real time, so that a GP at a surgery (that is not your registered one) has access to your full GP record should you have need to attend that other surgery.

    This most commonly occurs where GP practices work together in a federation, to share services (for example, one GP surgery providing asthma services to a number of other surgeries), or to facilitate providing extended access appointments (in the evenings and weekends).

    Click to drop down/close more information about secure access to remote consultations

    For GP surgeries running EMIS Web software, this facility is called "remote consultations", as the GP surgery that you attend has temporary access to your GP record from your registered surgery, and can directly enter the consultation into your home GP record ("one patient, one care record").

    One example, using EMIS Web Remote Consultations, is the Islington I:HUB, run by the Islington GP Federation, providing access to GPs and nurses during weekday evenings and throughout the weekend, for patients registered with an Islington CCG GP surgery. If you choose to book such an appointment, you give your explicit consent, at the time of booking, to allow a specific GP or nurse temporary access to your GP record for the purpose of that appointment only. The GP or nurse that you see can then record their consultation with you directly in your GP record (as if you had seen them in your own GP surgery).


    For Remote Consultations, there is no opt-out as such. Unless you:

    • Choose to book an appointment outside of your registered GP surgery, and
    • Give your explicit consent at the time of booking

    then no one can have access to your GP record in this way.

    It's an opt-in service.



    Back to index



    Cross Organisational consultations

    The GP record can also be streamed from one GP surgery to another, in real time, so that a GP at a surgery (that is not your registered one) has access to your full GP record should you have need to attend that other surgery.

    This is very similar to remote consultations, except that the organisation viewing your streamed GP record cannot enter the consultation into it. Instead, you are temporarily an "unregistered patient" with that organisation, and have a new, second, GP record created with them. The consultations that you have with clinicians from that organisation are both recorded in your second GP record, and also sent to your original, registered GP surgery ("one patient, two care records")

    Click to drop down/close more information about secure access to remote consultations

    As with remote consultations, this most commonly occurs where GP practices work together in a federation, to share services (for example, one GP surgery providing asthma services to a number of other surgeries), or to facilitate providing extended access appointments (in the evenings and weekends).

    One such example of cross organisational appointments is the Taurus Local Health Record Network (LHRN).
    This project will only apply to you if you are registered with one of the 24 GP surgeries in Herefordshire.


    For Cross Organisational Consultations, there is no opt-out as such. Unless you:

    • Choose to book an appointment outside of your registered GP surgery, and
    • Therefore are seen as an unregistered patient

    then no one can have access to your GP record in this way.

    It's an opt-in service.



    Back to index



    Secure access to your online GP record

    The NHS Databases have absolutely nothing to do with the ability to securely access your GP electronic record online, as you are entitled to from 1st April 2015. Secure records access (as it is known) does not involve uploading information extracted from your GP record, and your GP surgery remains the data controller for the information. Your GP records are only available to you in this way, and again are streamed in real time.

    Click to drop down/close more information about secure access to your online medical record

    In contrast to the NHS Databases, you will need to give your explicit consent before your records are made available via secure records access.

    Opting out of any or all of the NHS Databases in no way prevents you from asking for, and being granted, secure online access to your GP electronic record.

    You can find out about accessing your medical record online in this factsheet.

    Only data stored within your electronic GP record is accessible in this way, and then not everything in your record may be accessible to you via secure online records access. You can ask your GP surgery what they are permitting patients to access from their GP record in this way. It will vary from surgery to surgery.

    You can potentially have access to your full electronic GP record including consultations, medication, allergies, vaccinations, GP and hospital letters, blood test results and x-ray/scan reports. You are also able to check the results of any blood tests or x-rays requested by your GP, download them, print them off at home, take them to hospital appointments etc.

    You are also able to show your GP record, if you wish, to any healthcare professional (or anyone else) that you might see, anywhere in the world (e.g. in a GP out-of-hours centre, A&E department or hospital), directly, or by permitting secure temporary access, or by exporting your record to a secure mobile device. You can read about these facilities here.

    EMIS is one GP software supplier that offers this via their Patient Access product, TPP offers their SystmOnline product, Vision offers Vision Online, and Microtest offers The Waiting Room.

    Another benefit of signing up to secure online access to your medical record is the ability to easily see who, outside of your GP surgery, has accessed your GP record (this only covers instances where your record has been accessed outside your GP practice for direct care purposes, i.e. it does not cover accesses by your own GP, and it does not cover the data that gets copied for research and to NHS Digital.)

    For patients at a GP surgery running EMIS Web, this is a feature, called GP Shared Record History.

    If you are interested in obtaining secure records access then just register for it at your GP surgery.


    In addition, the NHS Databases have absolutely nothing to do with the ability to securely access some aspects of your hospital records online, again only at your explicit request.

    These portals include :


    Back to index



    Other ways to share your GP information

    So when it comes to allowing healthcare professionals outside of your GP surgery access to information from your GP record, you have options:


    • You do not have to allow any such access - by opting out of all such schemes

    • You can allow nationwide access to limited information from your GP record (allergies and medication) by not opting out of The Summary Care Record

    • You can allow your entire GP record to be extracted, uploaded, combined with your information from hospital trusts, mental health services, social services, and community services, and made available regionally
      Your combined data may also be used for secondary purposes (unrelated to your direct medical care)
      You can do this, depending on where you live, by not opting out of your local shared care record scheme (ICR, LHCR, LHCRE)


    • You can control access to your GP record, completely and personally, by allowing temporary secure online access to your GP record, should you have chosen to enable this
      In theory, your information is available to healthcare professionals worldwide, should you allow it in any given situation

    • If you have enabled secure online access for your GP record, then you can export your record and either print it off or save it securely on a mobile device, and then take it with you to show a healthcare professional when needed (e.g. during an outpatient appointment)


    • If you live in Berkshire, Hampshire, Oxfordshire, Buckinghamshire, on on the Isle of Wight, then you can register to self-upload medical (and any other) information about yourself to the Auxilium secure database, which allows Ambulance trusts to access that information should they need to attend you.
      More information about this system is available in this factsheet

    • If you live in areas covered by South East Coast Ambulance Trust (SECAMB), your GP can, with your explicit consent, upload information about you, or a care plan, to their bespoke and secure IBIS (Intelligence Based Information System) database, and so allow that information to be accessible to ambulance crews to enable them to have up to date information about your health and about your care plans and needs (see video here)

    • If you live in London then your GP might be able to upload a care plan about you to the Coordinate My Care (CMC) database, making that information available to the ambulance services (LAS and SECAMB), NHS 111 operators, GPs, out of hours GP services, hospitals, nursing and care homes, hospices and community nursing teams

    • Your GP, with your explicit consent, can upload information about you, or a care plan, to your local GP out-of-hours or urgent care centre, and make that information available, via the widely used Adastra software and database, to healthcare professionals, should you have need to see someone when your GP surgery is closed

    • If you use an iPhone running Apple's iOS 8 or higher, you can set up an emergency Medical ID, which can then provide important personal health related information (including name, date of birth, list of medical conditions, notes, allergies, reactions and medications) if and when required


    • You can choose to share information in many other ways - for example, medical alert cards (such as MediPal, Steroid alert cards, Biological therapy cards, rare diseases cards, even bus pass cards), medical alert jewellery (such as MedicAlert, SOS Talisman), Zaptag, Tap2Tag and EIO smart cards, and personal health apps such as Evergreen Life, SiKL, or SOS QR.

    You can have any combination of the above, opting out of any particular data sharing schemes, and/or opting in to any that you wish to.


    Back to index



    Pharmacy Access

    Pharmacy Access services enable GP surgeries running EMIS Web software and community pharmacies running EMIS Health's Proscript software to work together more efficiently, by allowing direct access to certain parts of your GP record.

    Click to drop down/close more information about Pharmacy Access

    There are two components to Pharmacy Access.

    Medicines Manager enables pharmacies to electronically transmit repeat prescription requests to GP surgeries, either regularly (e.g. monthly), or at the patient's request. GP surgeries can then approve those prescription requests and send it back to the pharmacy electronically for it to be dispensed to the patient.

    The GP Record Viewer (GPRV) enables pharmacies to securely view a very limited subset of the patient's electronic GP record, which may be of use when dispensing a prescription. The GPRV uses the same EMIS Web data sharing principles as the many other local schemes mentioned above, and as such data is streamed in real time, not extracted or uploaded. A "GP to Pharmacy Record Sharing" data sharing agreement must be in place, and activated, and a full audit trail is available to the surgery.

    The data that the pharmacy can view is as follows:

    • current medication
    • allergies
    • blood pressure
    • INR results (for patients on warfarin)
    • HbA1C results (for diabetic patients)
    • Thyroid test results
    • Renal function results

    No other data at all is available to the pharmacy from the GP record.

    This scheme is an opt-in one. Patients must give full, explicit and written consent in order for their pharmacy to access their information in this way. Without your prior consent, i.e. your sign-up, pharmacies cannot view your data. You can withdraw your consent at any time.

    This is how the consent form looks.

    Pharmacy Access is a primary use of the data within your GP medical record.

    Patients need to "nominate" a pharmacy for Electronic Prescription Services (EPS), as many have already done, before they can opt-in to the Pharmacy Access service.

    However, the EPS is quite distinct from Pharmacy Access. You can nominate an EPS Pharmacy, and use that facility accordingly, without opting in to Pharmacy Access.

    If you opt-out of one of the local data streaming schemes, as mentioned above, then you cannot sign up to Pharmacy Access, as there is a shared data controlling mechanism at your GP surgery for both these schemes.

    Pharmacy Access has absolutely nothing to do with the NHS Databases.

    Opting out of the Summary Care Record, the Hampshire Health Record, or secondary uses of your data will not prohibit you from signing up to Pharmacy Access at your nominated pharmacy.

    Community pharmacies (across England) will soon have access to data from your GP record via the Summary Care Record (unless you have opted out), but Pharmacy Access is completely unrelated to that.

    You can opt-out, or remain opted out, of the Summary Care Record but still allow your data to be viewable via the GPRV component of Pharmacy Access (and then only by your nominated pharmacy), once you decide to give your explicit consent.

    Signing up to Pharmacy Access will in no way affect any existing opt-outs that you may have in force for any or all of the NHS Databases. They will remain in force whether you sign up or not.

    You can find out if your local pharmacy and GP surgery are able to work together in this way by asking at the pharmacy. The consent form is filled in at the pharmacy.

    More information about Pharmacy Access can be found in this factsheet (for GP surgeries).


    Back to index



    Anonymised and aggregate information

    All GP surgeries routinely produce information that cannot identify patients, so-called anonymised or (more usually) aggregate datasets, for a variety of reasons including monitoring, clinical audit, healthcare planning, and in order to get paid by the NHS.

    Aggregate data is simply numbers, for example the number of patients registered with the surgery that have been diagnosed with high blood pressure.

    This data format is sometimes called open data.

    Click to drop down/close more information about anonymised and aggregate information from your GP record

    Aggregate data is regularly uploaded from GP systems as part of the Quality and Outcomes Framework (QoF), required for GP surgeries to get paid.

    For example, aggregate data via QoF is used to monitor the quality of care, and adherence to NICE guidance, for patients with diabetes, with the ultimate aim of preventing complications (such as amputations and visual loss) and deaths (from cardiovascular disease). Examples of such care would include assessment of the risk of foot complications, digital retinopathy screening, and control of blood pressure and cholesterol levels.

    Many practices contribute information to QSurveillance, a real time clinical surveillance system based on data from 3,400 EMIS general practices spread throughout the UK. QSurveillance collects, analyses and reports of rates of infectious diseases and vaccine uptake (flu, pneumococcal, DTaP/IPV/Hib, MMR, shingles and rotavirus), but crucially only extracts summary data which is aggregated (just like QoF).

    Practices are also required to submit regular data extracts in order to get paid for certain procedures, for example contraceptive services. In this case, anonymised information about individuals that have had procedures performed are supplied to the local authority (public health). Such information would include the age of the patient, first part of the postcode, ethnicity (if recorded), and the procedure that had been performed. However, GP surgeries do not publish, or put into the public domain, this type of record-level information.

    GP surgeries are sometimes compelled to provide certain information to NHS Digital, when NHS Digital uses its statutory power under Section 259 of the Health and Social Care Act 2012. For example, GP surgeries must provide information relating to dementia diagnoses, learning disabilities, and GP appointment availability.

    Because, in these cases, all of the information that leaves the GP surgery cannot (easily) identify individuals, sometimes referred to as "effectively anonymised", there is (usually) no opt-out for the dissemination of anonymised or aggregate data.

    Hospitals also disclose anonymised data for secondary purposes. Two such examples are the disclosure of data anonmyised prior to disclosure by Milton Keynes University Hospital and The Royal Wolverhampton NHS Trust, both to Sensyne Health.

    These are all secondary uses of data.


    Back to index



    GP referrals

    Whenever your GP refers you to a clinic, hospital, specialist service or community service, or has reason to admit you to hospital in an emergency, then information is passed to the relevant healthcare team. This can be by telephone, letter, fax, email, online or e-referral.

    Appropriate information from your medical record will be necessarily included in those referral details, including your past medical history, medication, allergies, and sometimes other relevant letters from your medical record.

    Click to drop down/close more information about GP referrals and your GP record

    This is a primary use of your GP medical record.

    This type of information sharing is of course necessary as, for the purposes of direct medical care, relevant personal confidential data should be shared among the registered and regulated health and social care professionals who have a legitimate relationship with the you, the patient.

    You can discuss with your GP what information is being sent for that referral, should you wish (and if you are in a position to). You have the right to express any objection that you might have to specific information being included, particularly if that information is of no obvious relevance to your current medical situation.


    Back to index



    NHS Digital, formerly The Health and Social Care Information Centre (HSCIC)

    NHS Digital receives, holds, and processes information that it obtains from across the NHS, including GP surgeries and hospital trusts, and makes that information available in a variety of ways, both to the public and to other organisations. Sometimes it charges for the information that it provides (i.e. it sells information), and the information is given to organisations both within and outside of the NHS (such as commercial organisations).

    There are three ways to control how NHS Digital disseminates and sells information about you.

    Click to drop down/close more information about controlling the information that NHS Digital holds about you

    You can express a Type 1 opt-out to secondary uses of your information, to your GP surgery, as detailed above and included on the universal opt-out form on this site. That objection then prevents your GP surgery from extracting and uploading information from your GP record to NHS Digital, including certain extracts even though completely anonymised.

    You can set your National Data Opt Out status to do not share. See National Data Opt Out.

    Finally, consider contacting your local hospital trust, mental health provider, or social care organisation (local council) that you use (or have used) and express “the right to object” to the dissemination of confidential information about you for secondary purposes (including to NHS Digital), where it is not legally mandated.

    For example, you have the right to object where your data might be processed in this way and the organisation concerned is relying on Article 6(1)(e) - Official Authority - as the legal basis under the GDPR.

    You can limit how much information NHS Digital gathers about you from healthcare organisations, by maximally limiting the secondary uses of your medical records, as described above.


    Back to index



    Feel free to send me constructive comments about this site.

    Neil.Bhatia@nhs.net

    PGP public key: 9651 BDC9 46B5 7768 3B3F AF79 8FE1 DACC FEFA 344F


    Last updated: 28.03.2021


    Privacy Policy

    This website is hosted by 1&1 IONOS Ltd.

    This website does not accept or host any advertising.

    This is a non-commercial website and receives no external source of funding from any organisation.

    This website does not use first-party cookies, third-party cookies, or ad-trackers..

    This website does not collect or process personal data.

    This website does not use Google Analytics or Facebook Pixel.

    All links from this website are provided for information and convenience only.

    This is a personal website and in no way affiliated with any GP surgery or Clinical Commissioning Group.

    Back to index