Rules for sharing information
Rules for sharing information
Find out more about the various rules on the use and sharing of confidential information in the Guide to Confidentiality in Health and Social Care.
For information used for purposes beyond your direct care, unless there are very special reasons not to we take out details that could identify you before we make any information available.
When can we share something that is confidential?
These are the rules:
- When the patient has clearly said that we can do it (i.e. when a patient has given their consent).
- Where we have to do it by law (for example, in a public health emergency like an epidemic).
- Where the recipient has approval to receive it under Regulation 5 of the Health Service (Control of Patient Information) Regulations 2002 (often referred to as 'section 251 support'). This allows the Secretary of State for Health or the Health Reserach Authority to set aside the common law duty of confidentiality in special circumstances. This has to be to improve patient care or in the 'public interest', such as for important medical research. This can only happen when it is not possible or far too expensive and technically difficult to get consent from every patient.
The Confidentiality Advisory Group (CAG) meets to consider applications for support under Regulation 5 of the Health Service (Control of Patient Information) Regulations 2002 and makes recommendations to the Health Research Authority for research applications and to the Secretary of State for Health for all others. Visit the CAG Register to find out more about applications that have been approved by the Secretary of State or the Health Research Authority.
We sometimes provide information under strict controls where key 'identifiers' (like name, address, NHS number, and postcode etc.) are removed, but there is still a very slight risk that patients might be identified, for example if a patient was the only person in an area who had a rare disease then someone may work out that it was this person even though no identifiers were included. As a result, there are strict controls about how we release this information. For example, we would only ever release this type of information to approved organisations for approved purposes, and there must be a legal contract in place with penalties for any misuse of the information. Anyone who comes to us wanting this information has to go through an application process and sign an agreement to restrict what they can do with this data so that patient confidentiality is protected.
Patient control of information
You may want to prevent confidential information about you from being shared or used for any purpose other than providing your care.
If you do not want information that identifies you to be shared outside your GP practice, please ask a member of staff at your practice to make a note of this in your medical record. This note will prevent your confidential information from being used other than in special circumstances required by law, such as a public health emergency.
Information from other places where you receive care, such as hospitals and community services is collected nationally by the Health and Social Care Information Centre. The Health and Social Care Information Centre only releases this information in identifiable form where there is legal approval for doing so, such as for medical research.
If you object, this type of information will not leave the Health and Social Care Information Centre. The only exceptions are very rare circumstances such as a civil emergency or a public health emergency. Please inform your GP practice if you want to object.
If you have questions about this, check our frequently asked questions, speak to staff at your GP practice to register your objection, or call our dedicated patient information line on 0300 456 3531.
Independent review of information sharing
Following a request from the Secretary of State for Health, Dame Fiona Caldicott carried out an independent review of information sharing to make sure that there is a balance between the protection of patient information and the use and sharing of information to improve patient care.
The Data Protection Act gives you the right to see information about you that we hold. You can send us a 'subject access request' and we must tell you what information we hold about you. You can also ask us to provide you with a copy of that information.
A guide to data protection is also available from the Information Commissioner's Office.