0370 270 6000

already registered?

Please sign in with your existing account details.

need to register?

Register to access exclusive content, sign up to receive our updates and personalise your experience on brownejacobson.com.

Privacy statement - Terms and conditions

direction from the Secretary of State regarding information sharing

9 April 2020

Please note: the information contained in our legal updates are correct as of the original date of publication

Following the 2013 Caldicott Review, and in light of the Health and Social Care (Safety and Quality) Act 2015, all health and adult social care organisations must, by law, share information with each other about patients they are caring for directly, to improve the care provided. However, the Covid-19 pandemic requires even greater sharing of confidential patient information between health bodies for the purposes of research, protecting public health, providing healthcare services to the public and monitoring and managing the outbreak and incidents of exposure.

To this end, the Secretary of State for Health and Social Care has published four notices on sharing patient information to help deal with the Covid-19 pandemic. Each was made under reg 3(4) of the Health Service (Control of Patient Information) Regulations 2002 (COPI). The notices refer to persons and organisations authorised to process information by reg 3(3) of COPI (Authorised Organisations)* and identifies the purposes for which the information may be processed (Covid-19 Purposes)**. Below we have summarised the content of each notice:

  1. General – Directed at organisations providing health services, general practices, local authorities and arm’s length bodies of the department of health and social care. This notice requires the processing of confidential patient information for the Covid-19 Purposes and the disseminating of the information to Authorised Organisations. A record must be kept of any such processing.

  2. NHSE, & NHSI – Directed at NHS England and Improvement. It requires the processing of confidential patient information for Covid-19 purposes only where requested by the Secretary of State or an Authorised Organisation. A record must be kept of any such processing.

  3. Biobank – Directed at all GP practices in England whose IT systems are supplied by TPP or EMIS. It instructs those GP practices to release only primary care data to UK Biobank for purposes related to the outbreak of Covid-19. Biobank will process the information with the aim of researching the determinants of Covid-19. This processing is consent based, the notice identifying that consent has been given by UK Biobank’s 500,000 participants and that the ICO has reviewed and endorsed these consents. Data released by Biobank to researchers will be de-identified to maintain confidentiality.

  4. NHS Digital – Directed at NHS Digital. It instructs NHS Digital to disseminate confidential patient information when requested to do so by the Secretary of State or an Authorised Organisation for the Covid-19 Purposes.

All notices are temporary and will expire on 30 September 2020 unless extended by further notice.

The General notice in particular should be used by NHS and Independent Sector bodies working in strategic partnerships at a local and national level to share confidential patient information wherever it will help fight the pandemic.

* Authorised Organisations include persons employed or engaged for the purposes of the health service; or other persons employed or engaged by a Government Department or other public authority in communicable disease surveillance.

**Covid-19 Purposes relate to understanding Covid-19 risks and trends and controlling them; locating, contacting screening, flagging and monitoring at-risk patients; understanding patient access to services; monitoring and managing the response to Covid-19 by health and social care bodies and the Government, including providing information to the public about Covid-19, capacity, medicines, equipment, supplies, services and workforce within the health services and adult social care services.

Coronavirus support

We are helping across business, health, education and government sectors:

focus on...

Legal updates

New Caldicott Principle and statutory guidance on Caldicott Guardians

The National Data Guardian for Health and Social Care (NDG), Dame Fiona Caldicott, has launched a public consultation about revising and expanding the existing seven Caldicott Principles and issuing guidance to organisations about the appointment of Caldicott Guardians.


Legal updates

Health and care newsletter - July 2020

This health newsletter talks about the spread of COVID-19 across the world snd how it has created an unprecedented modern day health pandemic.


Legal updates

Extreme urgency? The judicial spotlight is now trained on Regulation 32(2)(c)

The Good Law Project has brought judicial review proceedings against the Department for Health and Social Care in respect of its direct award of a £108m contract for PPE in April is putting the use of Regulation 32 of the Public Contracts Regulations 2015 (Regulations) under the spotlight.


Legal updates

Post covid-19 service reconfiguration for the health sector

A question which now arises for the health sector is how quickly is it possible to separate out the provision of clinical services for those suffering with COVID-19 from all other clinical services, so that the risk of infection can be reduced as far as possible.


The content on this page is provided for the purposes of general interest and information. It contains only brief summaries of aspects of the subject matter and does not provide comprehensive statements of the law. It does not constitute legal advice and does not provide a substitute for it.

mailing list sign up

Select which mailings you would like to receive from us.

Sign up