Sharing your information

Each time that you use or visit an NHS or social care service they record information about your health, care or treatment. These records are normally held electronically.

These records are held by GP surgeries, hospitals, local authority social care services and other health and care services including pharmacies, opticians, dentists and care homes. Each NHS or social care service that you use keeps its own record about you.

NHS and social care services share information from your records with each other to provide you with care and treatment. Only health and care staff who are providing this care can see the confidential information in your records.

They may also share information, called data, from people’s health and care records to help plan and improve health and care services, find new ways to prevent people becoming ill, and develop new cures and treatments. This data does not normally contain information that you can be identified from.

NHS and social care services have a legal basis to share information from your health and care records for these purposes. This is set out in the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (GDPR). You have the right to object to your records being shared.

We take respecting your privacy and keeping your information and data safe and secure very seriously. Strict rules and processes are followed to protect your information and data which is shared using secure IT systems and protected from cybersecurity threats.

Health and care organisations in Dorset can sign the Dorset Pledge in which they commit to upholding data protection standards and helping ensure that the residents of Dorset can have complete trust in the accuracy, consistency, and security of their personal data.

If you have any questions, please take a look at these FAQs or contact dataprotection.requests@nhsdorset.nhs.uk

An Easy Read guide on how the NHS uses personal health and care information is also available. This has been produced by Understanding Patient Data in partnership with Thinklusive.

Your health and care records contain information such as:

  • basic personal details and contact information
  • health conditions
  • treatments and medicines
  • summaries of your stays in hospital
  • allergies and past reactions to medicines
  • tests, scans and X-ray results
  • information about your care
  • lifestyle information, such as whether you smoke or drink
  • future appointments

Your health and care records are confidential and only staff who need to can see the confidential information in your records.

You have the right to see your health and care records. You should contact the NHS or social care service who holds the record to find out how to do this. You can also provide written consent for other people to access your record.

You can see the information in your GP record via the NHS app or NHS website, by using online services provided by your GP or by contacting your GP surgery.

If you find the information in your health and care record difficult to understand, including specialist terms or abbreviations, the NHS or social care service that holds the record should be able to explain it to you.

If you think that any information in your health and care record is missing or incorrect you should contact the NHS or social care service that holds the record. You can also contact them to update any personal information in your records (such as your address or next of kin details).

You can only see someone else’s records if you’re authorised to do so. To access someone else’s records, you must:

A request for someone’s health and care records should be made directly to the NHS or social care service that holds the record. This is known as a Subject Access Request (SAR). Many NHS and social care services have Subject Access Request forms that you can complete and return to them by email or by post. These can normally be found on the organisation’s website.

NHS and social care services share information from health and care records with each other to provide you with care and treatment. This means that they have the latest information about you, which helps them understand your needs and make the best decisions about your care. It also means that you do not have to provide the same information to each person that you see, or remember details, such as your medications.

Health and care staff who are directly involved in your care and treatment use these shared care records to carry out their roles.

In Dorset and Hampshire/Isle of Wight, health and care services are working together to enable records to be shared between services in these areas to help give people the best possible care and treatment.

Find out how records can be shared to provide care and treatment

A summary of the information from your GP record is kept in a national Summary Care Record (SCR). This means that in an emergency, if you are taken to hospital, or are unable to visit your own GP, the people who are treating you can see this important information about you. You have the right to object to your Summary Care Record being shared by contacting your GP surgery.

NHS and social care services may also share data from people’s records, to:

  • plan and improve services
  • prevent illness and diseases
  • develop new medicines, vaccines, treatments or medical tools
  • find new ways of preventing people becoming ill
  • help understand the needs of the population to get the best out of resources and plan for the future
  • understand the needs of people living in a particular area to help provide the right healthcare services

This data may also be shared with approved organisations who are carrying out research or developing new cures and treatments.

The data is in a coded format and does not normally contain information that you can be identified from (such as your name, date of birth of postcode). This is called anonymised data. Strict rules and process are in place to keep your data confidential and secure.

You can see how data is used to improve people’s health and care in these two animations:

How sharing your data helps keep people well

How sharing your data improves care for everyone

We know that people can be concerned about information from their health and care records being shared, in particular about:

NHS and social care services take respecting your privacy and keeping your information and data safe and secure very seriously.

Data protection legislation

The way information from your health and care records is shared is controlled by two main pieces of legislation. These are the Data Protection Act 2018 (DPA) and UK General Data Protection Regulation (GDPR). Together these laws:

  • control how personal information can be used
  • your rights to ask for information about yourself
  • set out the rules to ensure that your information is used fairly, lawfully and transparently

NHS and social care services also follow the national Caldicott Principles to ensure people’s information is kept confidentially and used appropriately.

Everyone within a health and care organisation is responsible for managing information appropriately. Each organisation will have a Caldicott Guardian, who is a senior person responsible for protecting the confidentiality of people’s health and care information and making sure it is used properly.

The organisation also has to assess and report on how it is complying with data security and protection annually, you can find the most recent assessment online.

NHS and social care services are liable to sanctions, including very heavy fines, from the Information Commissioners’ Office (ICO) for any loss or misuse of data.

Protecting your information

Strict rules and processes are followed to protect your information and data. Legal agreements must be in place before any information or data is shared or accessed by another organisation.

Information and data is shared using secure IT systems which follow industry security standards and are kept up to date against the latest cybersecurity threats.

There are clear rules on who can access your information and data and regular checks are carried out. Anyone accessing or sharing information or data must be approved by their organisation and have completed the right training on how to do this.

Where data from health and care records is used for planning or improving services or for research into new cures and treatments it is normally anonymised and does not contain details which people can be identified from. Only the minimum amount of data that is required will be shared.

In a small number of cases where patient data is shared, some identifiable information needs to be used. This is strictly controlled, and you can object to your data being shared for this particular purpose.

Find out how your information is kept safe and secure 

NHS and social care services have a legal basis to share your information for your care or treatment or to share data from medical records for planning or research. They do not have to ask for your permission to do this, but where your data is used in this way, it will not normally contain information that you can be identified from.

However, you have the right to object to your information being shared.

  • If you do not want your information shared by health and care services who are giving you care and treatment you should contact the NHS or social care service that holds your record.

Sharing your information can help make it quicker and easier to make sure that you get the right treatment at the right time.

There are no direct consequences to you of objecting to your data being shared for planning or research but sharing it can help find new ways of preventing other people becoming unwell or to develop new medicines, cures or treatments.

You cannot choose which information is shared. You can change your mind about objecting to your information being shared at any time.