The NDSA actions are:
1. Ensure that transparency notices detailing this arrangement are made available to any potentially affected data subjects.
2. Engage in appropriate communications strategies to promote awareness of this sharing to your patients.
3. Ensure that patients are aware of their ability to dissent from this data sharing mechanism.
4. Ensure that you are able to provide data subjects with an audit trail of access to their records upon request.
5. Determine what personal data can be accessed and the manner and form in which a record can be shared.
6. Agree that you may be subject to audits from NHS England to ensure that organisations meet the obligations of the NDSA and Acceptable Use Policy, including the Data Security and Protection Toolkit (DSPT).
7. Have appropriate role-based controls in place to ensure staff members (or classes of staff members) can access data appropriately.
8. Ensure the personal data retained is limited only to that necessary for the agreed purposes.
9. Users should be aware that GP Connect may be only one of the interoperability solutions available locally and should take this into account when developing and reviewing transparency materials.