Order for NHS to share confidential patient data extended to March 2021

Written by Sam Trendall on 7 September 2020 in News

All parts of the NHS instructed to share information as required to support coronavirus response


Credit: PublicDomainPictures.net

The order from health secretary Matt Hancock for NHS organisations to share confidential patient data in support of coronavirus response has been extended to 31 March 2021.

The instruction to bypass usual restrictions and share information under Control of Patient Information (COPI) regulations was first issued by Hancock in March of this year. At that time, a deadline of 30 September was set on the order, with the stipulation that it would expire unless explicit instructions were issued to the contrary by Hancock prior to that date. 

With little public fanfare, in late July the health secretary wrote to all organisations covered by the COPI notice – including all national and local NHS entities, arm’s-length bodies, and local authorities – to extend until 31 March 2021 the instruction to share data as directed to do so by the government. This includes what would otherwise have been confidential personal citizen data.

Four versions of the letter were sent, the first of which went out to all GP surgeries, local councils, and NHS arm’s-length bodies.

Related content

The letter said: “Action to be taken will require the processing and sharing of confidential patient information amongst health organisations and other bodies engaged in disease surveillance for the purposes of research, protecting public health, providing healthcare services to the public and monitoring and managing the Covid-19 outbreak and incidents of exposure.”

Hancock instructs recipients of the letters that they are only required to process such confidential information in cases where the “information to be processed is required for a Covid-19 purpose and will be processed solely for that Covid-19 purpose”.

These purposes could include conducting public-health research, delivering services, supporting the NHS Test and Trace programme, studying “incidents of patient exposure to Covid-19 and the management of patients with or at risk of Covid-19”, better understanding citizens’ access to health and social-care services, tracking public organisations’ response to the virus, and planning future activities.

The DHSC said: “For patients, this means that their data may be shared with organisations involved in the response to coronavirus, for example, enabling notification to members of the public most at risk and advising them to self-isolate.”

All sharing and processing must be recorded, and the Department of Health and Social Care said that “we would expect any organisation to share information within legal requirements set out under GDPR”.

In addition to the letter sent to GPs, councils and ALBs, three other missives were sent by Hancock. One went to the NHS England and NHS Improvement, and another to NHS Digital.

The fourth contained further instructions for GPs. Practices using one of the two main patient records systems, EMIS or TPP SystmOne, are asked by the DHSC to provide all relevant care data on consenting participants in the UK Biobank project.

First launched in 2006, Biobank is a long-term clinical study of about 500,000 adult volunteers around the country who are allowing researchers to track their health over many years in order to better understand a number of a serious illnesses.

As with the original notice, in the extension letters, which were published by the government last month, Hancock stipulates that the order to share confidential info will expire on 31 March 2021 unless further explicit instruction is issued before that date.

The DHSC said: “The health and care system is facing an unprecedented challenge and we want to ensure that health organisations, arm’s length bodies and local authorities are able to process and share the data they need to respond to coronavirus, for example by treating and caring for patients and those at risk, managing the service and identifying patterns and risks.”


About the author

Sam Trendall is editor of PublicTechnology

Share this page




Please login to post a comment or register for a free account.

Related Articles

Braverman floats criminalisation of ‘highly encrypted devices’
25 January 2023

Government consults on proposals to create new offences to clamp down on technologies it believes are enabling serious crime

Legislation finalising merger of NHS Digital aims to ‘ensure good practice continues’
23 January 2023

Duties are due to be formally transferred to NHS England in a week’s time

Government must earn public trust that AI is being used safely and responsibly
5 January 2023

Leaders from two of government’s core digital and data units – the CDDO and CDEI – introduce new guidelines intended to promote transparency in the public sector’s use of algorithms

PublicTechnology’s biggest stories of the year
29 December 2022

A reminder of the shocks, scandals and success stories that shaped the world of government technology in 2022