GP Connect transparency notice

GP Connect helps clinicians gain access to GP patient records during interactions away from a patient’s registered practice and makes their medical information available to appropriate health and social care professionals when and where they need it, to support the patient’s direct care.

It provides a suite of technical standards that system suppliers can develop and offer to their customers in their own familiar system.

From a privacy, confidentiality and data protection perspective, GP Connect provides a method of secure information transfer and reduces the need to use less secure or less efficient methods of transferring information, such as email or telephone.  

GP Connect products can help health and social care professionals share, view or act on information that could be required for a patient’s direct care, but they would otherwise have difficulty accessing easily (for example if they are using different IT systems).

Organisations can have access to relevant information in GP patient records to provide direct care to patients only.

To be granted access to GP patient records organisations must:

• comply with the terms, obligations and requirements of the NHS England Connection Agreement and/or End User Acceptable Use Policy 
• agree to the terms of the National Data Sharing Arrangement for GP Connect
• use an IT system which has been assured by NHS England for the use of GP Connect

*The use of GP Connect for indirect care or purposes beyond individual care is prohibited except in relation to the sharing of information for the medical examiners use case.  

Examples of organisations that may wish to use GP connect to view GP patient records include:

• GP surgeries that patients are not registered at - for example, if they need to see a doctor when they are away from home
• secondary care (hospitals) if they need to attend A&E or are having an operation
• GP hubs/primary care networks (PCNs)/integrated care systems (ICSs), partnerships between healthcare providers and local authorities
• local 'shared care' record systems
• ambulance trusts, so paramedics can view GP patient records in an emergency
• healthcare professionals such as community services
• acute and emergency care service providers
• NHS 111
• pharmacies
• optometrists
• dentistry
• mental health trusts
• hospices
• medical examiners for the statutory purpose of investigating death
• adult and children’s social care supported by assured solutions for digital social care record
• care and nursing homes

Details regarding how GP Connect can be used in various care settings can be found at NHS England’s GP Connect in your organisation pages.

All access to your GP patient record is stored within an audit trail at your GP practice and within the organisation that information has been shared with.

Appendix 1 shows details of the data held within the audit trail.

Appendix 2 shows what data is used for each GP Connect product.

We have developed a GP Connect Data Transparency Portal where further information on which health care settings use GP Connect and the reason why this organisation is using a particular product.

Any new GP Connect users will need to agree to the terms of the products they intend to start using, and will be listed on these web pages.

GP Connect can work in different ways, depending on how it has been set up in a particular area.

Organisations using GP Connect are described as 'providers' and 'consumers', depending on the capacity in which they are acting.

A provider is a GP practice that makes available GP patient records via the GP Connect service.

A consumer is an organisation providing health and social care, which accesses the GP patient record made available by Providers for the purpose of direct care.

The purpose of the processing of the shared personal data is the delivery of direct care, supported by:

• Article 6(1) (e) of the UK GDPR (“processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”)

and

• Article 9(2)(h) of the UK GDPR (“processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services”)

Medical examiners use case
Healthcare providers are legally obliged to provide medical examiners with medical records relating to deceased individuals for the purposes of reviewing a death. As these individuals are deceased, they are not covered by UK GDPR - however, there are still obligations under the Common Law Duty of Confidentiality. 

Medical examiners have a legal right to access the records of deceased patients and there is a legal obligation for healthcare providers to provide the records to medical examiners under the Access to Health Records Act 1990. As such, the duty of confidentiality is overridden.

Confidentiality and trust are essential to the relationship between GPs and their patients.

The information a patient provides to their GP is confidential, and they can expect that any information that is shared for their direct care will remain confidential.

GP Connect relies on 'implied consent'.

Explicit consent is not required when information is shared for a direct care purpose. If a patient does not want their information to be shared using GP Connect, they can opt out.

The NDSA and its terms and conditions stipulate that any information received or accessed about a patient for direct care purposes must remain confidential.

In addition to the NDSA, health and social care professionals are also subject to their own professional codes of confidentiality and are aware that any information received via GP Connect is provided in confidence, which must be respected.

Organisations using GP Connect are notified of their duty as 'controllers' to be fair and transparent about their processing of their patients’ information and to ensure that their transparency notices are fully updated with how they may be using GP Connect functionality.

NHS England helps support the mitigation of information sharing risks by ensuring that:

• NHS England audit data access is subject to two-factor authentication and role-based access controls - only certain assured users can have access to the full audit logs
• a completed Supplier Conformance Assessment List (SCAL) which covers service and capability specific compliance requirements and controls of the consumer system is in place

It is the responsibility of organisations using GP Connect to ensure that they comply with the NDSA, and their statutory and legal obligations regarding data protection and confidentiality.

Under the legal basis used for GP Connect, patients have the following rights:

The right to be informed - patients have the right to be informed of how their data is being processed. This should be reflected in the patient’s GP practice privacy notice.

The right to object - patients have the right to object to their data being used in this way. If patients do not wish for their data to be shared, they should contact their GP practice.

The right of access - in addition to the right for copies of their information, patients also have other rights, including the rights: 

• to be advised of the reasons why their data is being shared in this way
• to know what data is being shared
• to know who it has been shared with

The right to rectification - if patients find that the data that has been shared is factually incorrect, they have the right to request that this is corrected.

The right to restrict processing - Patients have the right to request processing is stopped, whilst either an objection is processed, or they are awaiting rectification of data.

More information regarding data rights available from an organisation that has shared or viewed a patient’s data can be found within that organisation’s privacy notice.

If patients do not wish their information to be shared using GP Connect, they can opt out by contacting their GP practice.

The National Data Opt-out is a service that allows patients to opt out of their confidential patient information being used for research and planning.

The National Data Opt-out only applies to any disclosure of data for purposes beyond direct care, so having National Data Opt-out will not prevent your GP patient record being shared via GP Connect.