Coronavirus (COVID-19): notification to organisations to share information
Notification to GPs and NHS England that they should share information to support efforts against COVID-19.
Documents
Details
The Secretary of State has issued a notice under the Health Service Control of Patient Information Regulations 2002 requiring the following organisations to process information:
- GPs
- NHS England
This notice requires that data is shared for purposes of COVID-19. Effective compliance with the notice will be demonstrated by use of the OpenSAFELY data analytics platform.
For patients, this means that their data may be shared with these organisations in relation to the response to COVID-19.
If no further notice is sent, it will expire on 31 October 2022.
Compliance with data protection standards
Data controllers are still required to comply with relevant and appropriate data protection standards and to ensure within reason that they operate within statutory and regulatory boundaries.
The UK General Data Protection Regulations (UK GDPR) allow health data to be used as long as one or more of the conditions under articles 6 and 9 are met. There are conditions under both articles that can be relied on for the sharing of health and care data, including ‘the care and treatment of patients’ and ‘public health’.
We would expect any organisation to share information within legal requirements set out under UK GDPR.
Updates to this page
Published 1 July 2022Last updated 18 October 2022 + show all updates
-
Updated the notice to remove NHS Digital from the list of organisations required to process information under Regulation 3(4) of the Health Service (Control of Patient Information) Regulations 2002.
-
First published.