General Practice Information Governance

The legal framework governing the use of personal confidential data in health care is complex. It includes the NHS Act 2006, the Health and Social Care Act 2012, the Data Protection Act 2018, and the Human Rights Act 1998.

The Secretary of State for Health and Social Care (Secretary of State) or NHS England can ask us to collect information on specific topics so that they can improve patient care. They do this by issuing Directions.

When we receive such Directions to collect information from GPES, we need to obtain approval for the collection. The approval confirms that the Information Standard, Collection or Extraction has been through assessment and is demonstrated to meet the quality assurance criteria set by the Data Alliance Partnership Board. On the basis of the evidence seen, it has been evaluated as being fit for the use as specified in the assured and published documents, within health and care in England.

We also issue a Data Provision Notice to GP practices. The Data Provision Notice provides details of the data collection including the purpose, benefits, how we intend to collect the information, form, manner, frequency and from which organisations. We also include any information governance, legal basis or burden/costs considerations.