Department Of Health
Details
The Secretary of State has issued a notice under the Health Service Control of Patient Information Regulations 2002 requiring the following organisations to process information:
- GPs
- NHS England
This notice requires that data is shared for purposes of COVID-19. Effective compliance with the notice will be demonstrated by use of the OpenSAFELY data analytics platform.
For patients, this means that their data may be shared with these organisations in relation to the response to COVID-19.
If no further notice is sent, it will expire on 30 April 2023.
Compliance with data protection standards
Data controllers are still required to comply with relevant and appropriate data protection standards and to ensure within reason that they operate within statutory and regulatory boundaries.
The UK General Data Protection Regulations (UKGDPR) allow health data to be used as long as one or more of the conditions under articles 6 and 9 are met. There are conditions under both articles that can be relied on for the sharing of health and care data, including the care and treatment of patients and public health.
We would expect any organisation to share information within legal requirements set out under UKGDPR.