This site is intended for health professionals only

At the heart of general practice since 1960

pul jul aug2020 cover 80x101px
Read the latest issue online

Independents' Day

GPs to have new 'duty to share' confidential patient data

GPs have been told not to be overcautious about sharing personal confidential data from patients with other organisations and will be given a new ‘duty to share’, under plans revealed by the Government today.

The Department of Health said that healthcare professionals could rely on ‘implied consent’ to share personal confidential data for direct care with other health or care professionals who have a ‘legitimate relationship’ with the patient.

The department’s response to the Caldicott review of information governance says relevant personal confidential data should be shared among ‘registered and regulated health and social care professionals who have a legitimate relationship with the individual’ and even supports sharing of infromation with other members of the care team if there are ‘appropriate safeguards’ in place.

The response says: ‘The duty to share information can be as important as the duty to protect patient confidentiality. Health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by these principles. They should be supported by the policies of their employers, regulators and professional bodies.’

Health secretary Jeremy Hunt said: ‘In the past, information governance rules have prioritised systems over people. Too often they have been seen as an insurmountable obstacle and an excuse to avoid sharing information. We outline a new approach here.’

‘This new approach will mean that frontline staff will be confident about when to share information with other members of a person’s care team and how to do so safely.’

The response also casts doubt on whether the Government will implement the recommended ‘accredited safe havens’ that the Caldicott review recommended should be set up to ensure potentially identifiable patient information does not leak out.

It says: ‘If the decision is taken that accredited safe havens are a solution to the challenges, then the [recommendation] will be taken forward by the department and national partner organisations.’

But the document does reaffirm the Government’s commitment to allow patients to opt out of having their data shared in the NHS.

It says: ‘The Secretary of State has announced that any patient who does not want personal data held in their GP record to be shared with the Health and Social Care Information Centre will have their objection respected, unless there is legislation to support mandatory disclosure.’

But it says that GP practices with a high rate of objections from patients to their data being shared would be investigated.

It says: ‘Where there appears to be an abnormal number of objections, the BMA and NHS England will explore with practices why this might be occurring.’

Readers' comments (4)

  • It still leaves the problem of how you let your practice's population know that they have a right to opt out, the whole lot of them in an 8 week window? Very few will actually have surgery contact in this time, and with telephone triage and self checkins, may not even approach the desk.

    Pseudonymisation at source would do away with the need for opt outs, and can safely link difference databases without breaching confidentiality. Download the details on

    Unsuitable or offensive? Report this comment

  • It's an unfashionable view, and I'm not sure where I stand on this yet, but...

    People in the UK get most of their care free - or heavily subsidised at the point of delivery.

    In order to maintain the most efficient health care services, we need data about their usage. We also need to be able to link records for example to monitor the effects of an intervention.

    It is not impossible to get this with completely anonymised data - you need to see if the person who got intervention x went on to have complication y or positive outcome z.

    Part of the quid pro quo to the cheap/free medical care could, quite reasonably, consent to your pseudonymised data - used very carefully - in this way.

    Another issue was raised yesterday by the Department of Health media centre who tweeted:

    'DH Media Centre @DeptHealthPress
    "Medical notes should be available everywhere in the system whenever a patient consents - care home, hospital, GP surgery and 111"'

    I have recently been involved in managing a serious untoward incident in which a patient died, partly at least because of a failure of communication between different health sector bodies - a failure that might not have occurred if rules on sharing information were relaxed. Requirements that block such sharing does cause deaths, and no doubt less serious adverse consequences.

    From an ethics point of view - how many deaths and serious adverse incidents need to be avoided to outweigh the very minor incursion into the perceived "rights" of many people that would arise if hospitals could routinely access their GP notes and vice versa?

    Unsuitable or offensive? Report this comment

  • Peter English, you are a public health consultant and therefore have a different view on things than we do at the coalface. You are in no danger of breaching the DPA; we are. There is no cost to you (time; postage; etc.) of informing all our patients so they can opt out which in my view is contrary to the spirit of the DPA in which people should consent to opt in. If Government feel that because NHS care is free at the point of contact that any data that comes out of a contact should be available to researchers etc, then Government should be honest with the public about what this means. People could then choose not to use the NHS if they felt that was relevant to them. In our practice, we are very concerned about confidentiality and thus are seeking to allow our patients the right to opt in as the default with fully informed consent, which is not the position NHS England appears to want to take.

    Unsuitable or offensive? Report this comment

  • Perhaps GPs would like to start by sharing data with the patients themselves, as legally obliged to under the DPA? It is unacceptable for a patient to have to go to the ICO to get this enforced.

    Unsuitable or offensive? Report this comment

Have your say