Patient confidentiality

We respect your right to privacy and keep all your health information confidential and secure. It is important that the NHS keeps accurate and up-to-date records about your health and treatment so that those treating you can give you the best possible care.

This information may be used for management and audit purposes. However, it is usually only available to, and used by, those involved in your care. You have the right to know what information we hold about you. If you would like to see your records please contact the Practice Manager.

Fair Processing and GDPR May 2018

Fair Processing Draft…

NHS Data Sharing in East London

In East London, we can improve the quality of care you receive by sharing the right information about you between our local NHS and social care organisations who are providing you with your direct care. We call this sharing of information Data Sharing and the people sharing this data your Direct Care Team who will be people you will at some point be involved directly in your care be it your GP, or the A&E team when you visit for an emergency, or the social care team looking after you in your home. The sharing of information has always happened (to a lesser degree) with paper processes but systems are allowing us to share more relevant information about you amongst your Direct Care Team helping them to be more efficient and support theirs and your decision making on your care.

This work is being led by your local clinicians who want to help support you receive the best quality care possible. They want to be as transparent as possible so that you can feel assured that data is being shared with your best interests at heart and they want you to be involved in this as best you see fit.

All of the people accessing and sharing your information (your Direct Care Team) will have some form of direct interaction with you otherwise they will not be accessing your information (in other words the A&E team would only ever access information if you had an emergency and actually attended A&E). The reason they want to access your information is that this can improve the quality of care that you receive from them. Imagine the information or data that is held about you are pieces of a jigsaw and these pieces are held on different systems by the providers of your care. If one of your Direct Care Team wants to make a decision on the best course of action for you, the more pieces of the jigsaw they have, the more they can know about you and your history of care and therefore they can make the most appropriate decision based on you and your needs.

The set of rules we use locally about sharing your information (or data) form our “Fair Processing” arrangements and this site will give you all the information you need to understand how this all works (or places you can go to find out more information).

Data Sharing and the law

The new General Data Protection Regulation (GDPR) is an application from 25 May 2018 and supersedes the UK Data Protection Act 1998 (DPA). With the onset of GDPR, the professionals involved in your individual care (or direct care) will be using implied consent from you to see your shared medical records. In order for the sharing of Personal Data to comply with Article 5 of the General Data Protection Regulation, it must be fair and lawful and one of the Article 6 conditions must be met. Article 9 conditions must also be met if Sensitive Personal Data or special category data is being shared. The following articles are the ones that apply for the sharing of data for the professionals involved in your care:

  • Article 6 condition – The sharing of Personal Data is permitted under Article 6 paragraph (c) (processing for legal obligation); paragraph (d) (processing for vital interests of data subject); and/or paragraph (e) (public interest or in the exercise of official authority).
  • Article 9 condition – The sharing of Sensitive Personal Data or Special Category Data is permitted under Article 9 (h) (processing for medical purposes); and/or paragraph (i) (public interest in the area of public health). For the vast majority of sharing, we will be relying on an article (h) with an implied consent model for direct individual care (more detail below where we talk about the Common Law Duty of Confidentiality). In certain instances, however, we may also rely on paragraph (a) (explicit consent) or paragraph (c) (vital interests) but these will be specified in any sharing agreements or data processing contracts related to those special case.

Common Law Duty of Confidentiality

Common law is not written out in one document like an Act of Parliament (like the Data Protection Act). It is a form of law based on previous court cases decided by judges; hence, it is also referred to as ‘judge-made’ or case law. The law is applied by reference to those previous cases, so common law is also said to be based on precedent. This duty of confidence means that professionals should not disclose a patient’s personal information to anyone outside the team providing care for them without the explicit consent of the patient. For those providing care for the patient, there is an implied consent in place. There are three circumstances where your information can be shared with someone outside of the team involved in your direct care. These are:

  1. where you have consented to have this information shared
  2. where disclosure is necessary to safeguard you, or others, or is in the public interest
  3. where there is a legal duty to do so, for example, a court order.

An audit, service evaluation and research

We do also use de-identified data to help us to audit our services, do a re-evaluation of their outcomes (to help continually improve your care) and for research purposes. This de-identifying process is also called pseudonymisation whereby your distinct personal details (name, date of birth) are either removed or scrambled in such a way as to stop you being identified. This data mainly falls outside of GDPR and the national opt out, as this only applies for identifiable data for secondary use.

Healthcare cannot stand still and we need to constantly strive to improve the services and care you receive and this can only be done by looking at the totality of data to look at outcomes and any trends in those outcomes.

The Organisations involved in your Direct Care Team

The local organisations involved in your Direct Care Team include:

  • Barts Health NHS Trust
  • Homerton University Hospital
  • Barking, Havering and Redbridge University Hospitals NHS Trust
  • East London Foundation Trust
  • North East London Foundation Trust
  • GP Provider Federations
  • General Practices
  • Community Health Services (on their own or through the organisations they are hosted in)
  • City of London Corporation
  • London Borough of Hackney
  • London Borough of Newham
  • London Borough of Tower Hamlets
  • London Borough of Waltham Forest
  • London Borough of Barking & Dagenham
  • London Borough of Havering
  • London Borough of Redbridge
  • St Joseph’s Hospice
  • City and Hackney Urgent Healthcare Social Enterprise
  • London Ambulance Service.

How it works

Data sharing securely connects different medical and care computer systems together. When a patient’s records are requested, it collects the information from the different system and shows the information to the requestor. None of the information it collects is stored and none of it can be changed. Because it collects the information only when it is needed, the information is always accurate and as up to date as possible.

Before any information is collected or displayed to a care professional, they must be involved in your individual or direct care. Not everyone can see your shared data, nor should they. It will only be accessed by the people involved in looking after you directly. The Fair Processing Programme uses the secure NHS network to retrieve the information that has been approved to be shared with that care setting and displays a read-only view for the care professional to use to support the delivery of care at that specific point in time.

No information is stored or saved within the or the care setting from where it is accessed so there is no need to worry about what could happen to your information without your knowledge or permission. There are two major ways that Data Sharing is taking place in East London.

  1. The Summary Care Record – The Summary Care Record contains information about your allergies, medications and reactions you have to medications so that in an emergency or when your GP practice is closed this information is available so that you can be cared for. This is a national programme for sharing your information. For more information please go to –
  2. East London Patient Record (eLPR)– This is a local programme which shares more information about you than the Summary Care Record to better support your Direct Care Team and your care. Currently, this is sharing between the following organisations:
  • Barts Health NHS Trust
  • Homerton University Hospital
  • East London Foundation Trust
  • All General Practices in City & Hackney CCG, Newham CCG, Tower Hamlets CCG, Waltham Forest CCG, Barking CCG, Havering CCG and Redbridge CCG
  • St Joseph’s Hospice
  • North East London Foundation Trust
  • GP Provider Federations
  • Community Health Services (on their own or through the organisations they are hosted in)
  • London Borough of Hackney
  • London Borough of Newham
  • City and Hackney Urgent Healthcare Social Enterprise
  • London Ambulance Service.
  • The East London Patient Record (eLPR) will be adding more organisations and this site will be updated with those details in due course.

What does it mean to you?

Joined up safer care + More time spent on your care + All of your information in one place = Safer and better care for you! The following sites contain some useful information and videos to help you understand data sharing better:

Discovery Data Service

The Discovery Data Service is a brand new service in development in east London. Primarily the aim of Discovery is to link up all of the local data held about you to improve direct patient care. The secondary aim to produce a de-identified (or pseudonymised) linked database for service evaluation, audit, and research.

This service will see all of the data come directly from the local providers (GP Practices, Barts and the Homerton and so on) and will mean that those providers are in control of that data and how it should be best used for your care and to improve the way we operate to deliver your care. There will be stringent Information Governance controls around the usage but these will be managed by us locally (including by you the patients who ultimately own the data) and will mean we can better use our data the ways we know will improve healthcare here locally in east London. This service has been shaped by these main aims:

  1. To improve direct care for patients by using the totality of their health record from all the local providers in real time
  2. To use the data to research and improve the quality of services we supply locally
  3. To support east London in other population health research.

This Service is under development so we hope to come back to you and update you when the service starts producing its first outputs.


Why do you need to share my information?
Data sharing will provide health and social care professionals directly involved in your care access to the most up-to-date information about you. This allows the professionals caring for you to more fully understand your needs. Information is already shared by phone and paper records, data sharing simply allows this to happen more efficiently. It does this by sharing appropriate information from the medical and care records between health and social care services involved in your care.

Can anybody see my records?
Definitely not. Only care professionals directly involved in your care will see your personal care information through data sharing.

How do I know my records are secure?
By law, everyone working in, or for, the NHS and adults’ and children’s social care must respect your privacy and keep your information safe. Your information is stored on secure computer systems connected to private health and social care network.

Can I access my records?
Yes. Under the GDPR you can request access to all information that organisations hold about you. Please contact the organisations directly to request the information.

Can I object to my records being shared?
You can object to your information being shared by talking to your providers of care. For direct care, the people viewing your records are the people directly looking after you and are doing so to give you the best quality care they can. If you do however still want to object please contact the organisation who holds the records you do not want to be shared. It is worth noting that not sharing vital information about you with other organisations involved in your care could affect the quality of care that you receive and there may be circumstances where you objection may not be upheld.

For example:

  • If it is in the public interest for data to still be shared. For example, if there is a safeguarding issue, or in the case of a mental health patient who might be at risk from harming themselves or a member of the public
  • If clinical care cannot be provided. For example, in referring a patient to hospital and data needs to be shared for the hospital clinician to do their job properly. In this instance obviously, the patient can then choose not to have the treatment and therefore not have their data shared.
  • If systems are not well enough developed enough to not share the information. For example, GP Systems are relatively well developed and can handle objections a lot more easily than other providers but they still may be asked not to share something which the system cannot do. In this instance points, 1 and 2 above would apply.

What information will be shared?

Your shared record will contain a summary of your most up-to-date, relevant health information which includes things such as:

  • Your recent diagnosis and test results;
  • What allergies you have;
  • What medications and treatment you currently receive.
  • Any Current or Past (and significant) Illnesses
  • Encounters and Referrals

Can everybody see everything on my medical and care records?
No. We are working very carefully, supported by health and social care professionals, to make sure only relevant information is shared into specific care settings.

Can my records be accessed by health and social care professionals outside of my borough?
Yes, they can but only with other professionals who are caring for you directly. On top of the programmes mentioned above, there is also the Summary Care Record is a national programme and as such means that it is available to care organisations outside of these boroughs (but again only for direct care purposes). The Summary Care Record contains important health information such as:

  • Any prescription medication a patient is taking
  • Any allergies a patient may have
  • Any bad reaction to any medication a patient may have previously had

More information about the Summary Care Record can be found at –

If you have any queries or want to know more about data sharing or our fair processing please contact your local provider that holds the information you wish to discuss.

Date published: 10th October, 2014
Date last updated: 6th February, 2020