IRRV Alert - week ending 12th February 2021
News
Circulars
Consultations
Reports
Coronavirus (COVID-19): notification to organisations to share information (10 February 2021)
Decision
Coronavirus (COVID-19): notification to organisations to share information
Notification to healthcare organisations, GPs, local authorities and arm's length bodies that they should share information to support efforts against coronavirus (COVID-19).
Published 1 April 2020
Last updated 10 February 2021 — see all updates
From:
Department of Health and Social Care and The Rt Hon Matt Hancock MP
Documents
Coronavirus (COVID-19): notice under regulation 3(4) of the Health Service (Control of Patient Information) Regulations 2002 – general
HTML
Coronavirus (COVID-19): notice under regulation 3(4) of the Health Service (Control of Patient Information) Regulations 2002 – NHSE, NHSI
HTML
Coronavirus (COVID-19): notice under regulation 3(4) of the Health Service (Control of Patient Information) Regulations 2002 – Biobank
HTML
Coronavirus (COVID-19): notice under regulation 3(4) of the Health Service (Control of Patient Information) Regulations 2002 – NHS Digital
HTML
Details
The Secretary of State has issued 4 notices under the Health Service Control of Patient Information Regulations 2002 requiring the following organisations to process information:
- NHS Digital
- NHS England and Improvement
- health organisations
- arm’s length bodies
- local authorities
- GPs
There is also a specific requirement related to the UK Biobank project. These notices require that data is shared for purposes of coronavirus (COVID-19), and give health organisations and local authorities the security and confidence to share the data they need to respond to coronavirus (COVID-19).
For patients, this means that their data may be shared with organisations involved in the response to coronavirus (COVID-19), for example, enabling notification to members of the public most at risk and advising them to self-isolate.
These notices may be extended by further notice in writing. If no further notice is sent, they will expire on 30 September 2021.
The health and care system is facing an unprecedented challenge and we want to ensure that health organisations, arm’s length bodies and local authorities are able to process and share the data they need to respond to coronavirus (COVID-19), for example by treating and caring for patients and those at risk, managing the service and identifying patterns and risks.
Compliance with data protection standards
Data controllers are still required to comply with relevant and appropriate data protection standards and to ensure within reason that they operate within statutory and regulatory boundaries.
The UK General Data Protection Regulations (UK GDPR) allow health data to be used as long as one or more of the conditions under articles 6 and 9 are met. There are conditions under both articles that can be relied on for the sharing of health and care data, including ‘the care and treatment of patients’ and ‘public health’.
We would expect any organisation to share information within legal requirements set out under UK GDPR.
Published 1 April 2020
Last updated 10 February 2021 + show all updates