Transformation Directorate

This guidance has been reviewed by the Health and Care Information Governance Panel, including the Information Commissioner’s Office (ICO) and National Data Guardian (NDG).

The panel exists to simplify information governance guidance. Have we done a good job? Let us know at england.igpolicyteam@nhs.net.

Information sharing in Multidisciplinary Teams (MDTs)

power of data in a pandemic

Health and care services are increasingly being delivered in more joined up and integrated ways. This delivers care for patients and service users in a more efficient and effective way. 

A multidisciplinary team (MDT) is a group of health and care staff who are members of different organisations and professions (e.g. GPs, social workers, nurses), that work together to make decisions regarding the treatment of individual patients and service users. MDTs are used in both health and care settings.



Guidance for patients and service users

Your care may at times be provided by several health and care professionals from one or more organisations through an MDT in which they will come together to discuss how best to care for you. Information will need to be shared between them so that they have the information they need to provide you with the best care. There is a legal duty on organisations to share your information for your individual care where it is lawful to do so, unless you object. 

All organisations involved in the MDT have a duty to ensure your information is used and shared safely. These organisations must make information easily available to you (e.g. on their websites and in privacy notices) that explains how your information may be used, why this is lawful and what rights you have to object. If you are unsure  what information is being shared about you, or someone you are responsible for, you can ask health and care organisations to explain this. 


Guidance for healthcare workers

All health and care professionals have a duty of care to their patients or service users. This includes sharing information to support patient and service user care. If you are working within an MDT which is providing individual care to a patient or service user, then you must share this information with the MDT. You must only share information that is relevant and necessary for the patient or service user’s care.

If you are in doubt about sharing or accessing information within the MDT or if a patient or service user objects, then you should seek advice. This advice could be sought from the Caldicott Guardian of your organisation, IG or senior staff (e.g. in the case of a small care home where there may not be a Caldicott Guardian). If challenged at a later date you must be prepared to justify why you did, or did not, share information with the MDT.


Guidance for IG professionals

MDTs are an integral part of the delivery of integrated health and care services and there are some important IG considerations.

Patients and service users must be provided with information about how their health and care information is used by the MDT through privacy notices. Health and care professionals should be made aware that it is important there are no surprises to patients/service users about how their information is used. All organisations involved in a person’s care in an MDT must have transparency materials prepared (e.g. in privacy notice/information on the website), in case the patient or service user asks how a constituent MDT organisation will handle their information. 

It is essential that health and care professionals working within the MDT understand IG requirements so that sharing is lawful and not excessive but is not restricted when it is appropriate to share.  

Health and care professionals have a duty of care to their patients or service users, which includes sharing information to support patient and service user care. This is required by the Safety and Quality Act 2015. Organisations involved in an MDT are also governed by legislation such as the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This means they must comply with legal requirements about how information is used and shared. Additionally, there may be specific statutes which prevent information being shared for example Sexually Transmitted Diseases Regulation 2000, or the Gender Recognition Act 2004. You must be aware of these legal restrictions on sharing. IG leads should also check that standards have been met by the respective MDT organisations e.g. Data Security and Protection Toolkit has been completed to support sharing. 

power of data in a pandemic