This site is intended for health professionals only


GPs told to share Covid-19 patient information with Government

EMIS QRisk

GPs have been asked to share confidential coronavirus (Covid-19) patient information with the Government, while ensuring they adhere to data protection regulations ‘within reason’.

In a notice sent to all GP practices last week, the Department of Health and Social Care (DHSC) said that practices will need to process and share confidential patient information to ‘support the secretary of state’s response’ to Covid-19.

A separate notice issued by the DHSC to all practices in England with IT systems supplied by TPP or EMIS asked them to share consenting patients’ data with the UK Biobank project.

GPs must keep a record of ‘all data processed’ under the notices, the DHSC added.

The DHSC said: ‘The health and care system is facing an unprecedented challenge and we want to ensure that health organisations, arm’s length bodies and local authorities are able to process and share the data they need to respond to coronavirus, for example by treating and caring for patients and those at risk, managing the service and identifying patterns and risks.’

GPs must still ensure that they adhere to legislation and regulations ‘within reason’ when sharing the data, the DHSC added.

It said: ‘Data controllers are still required to comply with relevant and appropriate data protection standards and to ensure within reason that they operate within statutory and regulatory boundaries.’

GPs must share information ‘within legal requirements’ set out under the General Data Protection Regulations (GDPR), which permit the use of health data under certain conditions such as ‘public health’ and ‘the care and treatment of patients’, the DHSC added.

Practices with IT systems supplied by TPP or EMIS must also instruct their supplier to release the data of patients who have consented to participate in the UK Biobank project to UK Biobank ‘for purposes related to the outbreak of Covid-19’, it said.

The notice said: ‘As the Covid-19 situation worsens it is likely that many presumed cases will not be tested (especially among the elderly) and many individuals will remain at home (even when their symptoms are severe).

‘Consequently, the ability of UK Biobank to be able also to incorporate primary care data into its resource is likely to be of enormous value to obtain a more complete assessment of the determinants of Covid-19 outcomes. This is something that we need to do now.’

The Information Commissioner’s Office (ICO) has ‘endorsed’ the validity of UK Biobank’s participant consent for the purpose of Covid-19 response and the request is ‘fully consistent’ with GDPR, the DHSC confirmed.

The notices said that GPs should only process the confidential information when it is needed ‘for a Covid-19 purpose’ and will be processed solely for that purpose.

‘Covid-19 purposes’ include:

  • the ‘monitoring and managing’ of the response to coronavirus by the Government and healthcare bodies, including ‘providing information to the public’
  • identifying those with or at risk of coronavirus, including ‘incidents of patient exposure’ and ‘locating, contacting, screening, flagging and monitoring such patients’
  • monitoring patient access to services and both need and capacity for ‘wider care’ of patients and vulnerable groups
  • understanding trends and risks to public health so as to ‘control and prevent’ the spread of coronavirus
  • delivering services such as fit notes, testing, recommendations to the most vulnerable to self-isolate and treatment
  • research and planning

The notices will be reviewed and may be extended beyond the initial expiry date of 30 September, the DHSC added.

Last week, the Oxford RCGP Research and Surveillance Centre contacted nearly 4,000 GP practices asking them to contribute patient data towards a study of the coronavirus pandemic.