In the current emergency it has become even more important to share health and care information across relevant organisations. NHS Digital has various legal powers to share data for purposes relating to the coronavirus response. It is also required to share information in certain circumstances under the COVID-19 Direction and to share confidential patient information to support the response under a legal notice issued to it by the Secretary of State under the Health Service (Control of Patient Information) Regulations 2002 (COPI Regulations).
Legal notices under the COPI Regulations have also been issued to other health and social care organisations requiring those organisations to process and share confidential patient information to respond to the coronavirus outbreak. Any information used or shared during the outbreak under these legal notices or the COPI Regulations will be limited to the period of the outbreak unless there is another legal basis for organisations to continue to use the information.
NHS Digital will securely and lawfully share this data with other appropriate organisations, including health and care organisations, bodies engaged in disease surveillance and research organisations for purposes relating to coronavirus only.
For example, we may share data for coronavirus planning purposes with the Department of Health and Social Care and other government departments involved in the coronavirus response, NHS England and Improvement, Public Health England, NHS Trusts and Clinical Commissioning Groups (CCGs). We may share information with research organisations, including universities, NHS Trusts and private research companies for the purposes of carrying out vital coronavirus research. Examples of current urgent public health nationally prioritised coronavirus research studies and the organisations carrying out that research are available on the National Institute of Health Research Portal.
Data which is shared by NHS Digital is subject to robust rules relating to privacy, security and confidentiality and only the minimum amount of data necessary to achieve the coronavirus related purpose will be shared.
All requests to access this data for coronavirus planning and research purposes will be assessed by NHS Digital’s Data Access Request Service, to make sure that organisations have a legal basis to use the data and that it will be used safely, securely and appropriately. Requests for access to record level patient data obtained through this data collection will also be subject to independent scrutiny and oversight by the Independent Group Advising on the Release of Data (IGARD). Organisations approved to use this data will be required to enter into a data sharing agreement with NHS Digital regulating the use of the data.
The application of the National Data Opt-Out to information shared by NHS Digital will be considered on a case by case basis and may or may not apply depending on the specific purposes for which the data is to be used. This is because during this period of emergency, the National Data Opt-Out will not generally apply where data is used to support the coronavirus outbreak, due to the public interest in and legal requirements to share information.
We will publish information about the data that we share, including who with and for what purpose in our data release register.
We may also publish information which we have obtained under this collection where we are allowed to do so under the legal direction. Any information that is published will be fully anonymised in accordance with the Information Commissioner’s Office Anonymisation Code of Practice (or any subsequent document on the same topic published by the Information Commissioner’s Office) and be in accordance with the Code of Practice for Statistics.