NHS England - Transformation Directorate

IG question time

Take a look at our bitesize advice, short videos and answers to common information governance queries.

Question about COPI notices

Non-urgent advice: How long will COPI notices be in place?

The COPI notices expired on 30 June 2022.

You can still use data for COVID-19 purposes where there is a legal basis.

We have published guidance to support organisations to prepare for the end of the COPI notices.

Questions about amending a patient’s name on their health and care record

Why might individuals ask for a name change on their health record in order to travel overseas?

The government has advised that the first name and surname on an individual’s NHS COVID Pass must match the names on their passport for international travel, which may mean an increase in name change requests GPs have to respond to. You should explain to individuals that name change requests should only be made when absolutely necessary, and suggest a time frame which gives you sufficient opportunity to respond to the request whilst dealing with your other duties.

How should individuals request a name change?

Individuals are free to change their name on their health record at any time they choose. They must provide you with a written request which is signed and dated. You may choose to provide a specific form patients can use for requesting a change of name.

What documentation must individuals provide when requesting a name change?

It is recommended by Primary Care Support England (PCSE) that individuals provide documentation displaying their correct name, so that their GP practice can assure themselves of the identity of the requester. It is up to you to determine what information you might reasonably request to verify a person’s identity. This could be a passport, marriage certificate or deed poll.

How do you change a person’s name on their health and care record?

Whichever IT system you use, you will be able to change a person’s name directly on your system. If you are unsure how to do this, you can contact the helpdesk of your system provider who will be able to explain the process step-by-step.

When you amend the name of a patient on your clinical system, a message is sent through GP links to the database maintained by PCSE and National Health Application and Infrastructure Services (NHAIS). If there are signs of a data quality issue, PCSE will seek assurances from you about the name change. Therefore, it is best practice for you to attach a supporting note in the first instance when amending name details on the system. You should explain the reason for the change and which documentation, if any, has been provided by the patient.

Questions on protecting confidentiality and privacy on the telephone

What steps should I take to ensure people’s privacy on all telephone calls?

We encourage the use of telephone communications with patients and service users to support the delivery of care. When making or receiving telephone calls, for example, to set up an appointment, you need to follow simple safety precautions to ensure the privacy of the person you are calling. You should:

  • Double check the number before dialling.
  • Check your location: make sure that your telephone conversation cannot be overheard, and that the person you are calling cannot overhear other confidential matters in the background.
  • Verify the person’s identity: check the identity of the person you are speaking to by asking for two or three details such as their date of birth, postcode, and the first line of their address.
  • Once you have verified their identity: let the person know the service you are calling from and the purpose of the call.
  • In case the call goes to voicemail: before calling, check your organisation's local policy regarding voicemails and the person’s care record to see if they have opted into receiving voicemails. Even if the policy and care record allow you to leave a voicemail, make sure it doesn’t contain any confidential information.
How can I protect a person’s privacy when calling a landline number?
  • When your call is answered: give your full name and the name of the organisation you are calling from, without specifics about the service or purpose of the call. Ask to speak to the relevant person by their full name.
  • When the relevant person answers or comes to the phone: use the simple verification process described above to check their identity. Once you are satisfied you are speaking to the right person, tell them the service you are calling from and the purpose of the call.
  • When someone else answers the phone: give your full name and the name of the organisation you are calling from, but not the service or purpose of the call. Ask if there is a better time to speak with the person and end the call, even if the recipient applies pressure to extend it. Try calling again, at the suggested time if possible. Set a limit on the number of attempts made to call at different days and times and record them, before you consider sending a letter.
How can I protect a person’s privacy when calling a mobile number?
  • Don’t assume that mobile devices are more secure than landline telephones.
  • Verify the person’s identity using the simple verification process described above, before offering any details about the service you are calling from or purpose of the call.
  • Check if you have called at an appropriate time and consider adjusting your questioning style to maintain privacy.
What if the person I am calling asks for proof of identity?

If the person you are calling on the telephone challenges you and asks for proof of your identity: advise them to hang up, call your organisation switchboard, and ask for your extension number. You can then perform the simple identity verification checks described above. However, if you are calling from a potentially confidential or sensitive service, or have cause to be suspicious of the person’s identity, consider using an alternative form of communication.

Series of short videos

In these videos, Andrew Hughes, Director of Health and Wellbeing System Improvement at the Local Government Association, answers some of the key questions on managing and sharing information in social care.

Has the pandemic impacted on how information is shared in social care?

Andrew explains how the COVID-19 pandemic has affected how information is shared in social care

Why is there a barrier sharing information between health and care?

Andrew talks about the barriers sharing information between health and care

In terms of managing information, what change would make the biggest difference for social care?

Andrew discusses the importance of sharing information between health and care

In a series of short videos, Dawn Monaghan, Head of Information Governance Policy, addresses some of the common questions people have about information governance.

Why is it important to be transparent?

Dawn explains why it is important for organisations to be transparent about how they use data.

What should I consider when sharing data?

Dawn talks about what health and care workers should consider when sharing data.

Why is information governance important?

Dawn talks about why information governance is important.

What are we doing to simplify information governance?

Dawn talks about what we are doing to simplify information governance.

General questions

What are the IG requirements when setting up Integrated Care Boards?

ICS implementation guidance: due diligence, transfer of people and property from CCGs to ICBs and CCG close down’ provides a due diligence checklist for CCGs and ICBs to consider as part of transition arrangements.

There is a tab on the checklist (tab 5) which covers IG requirements. Many of the requirements in this tab align with the DSPT, however, it is important organisations complete these during the transition phase as ICBs are being established.

The FutureNHS platform also has guidance for CCGs on website changes which must be implemented by 31 July 2022, including archiving web pages and redirecting people to the new ICB website.

Does the national data opt-out impact Summary Care Records?

No. The national data-opt out only applies to a person’s confidential patient information and its use for purposes other than individual care, such as planning and research.

The purpose of the Summary Care Record (SCR) is to provide basic health and care information to a health and care professional. It is used when the individual’s local detailed health and care record is not available. For example, to provide emergency treatment while a person is on holiday in another part of the country. As the SCR is needed to support the provision of individual care, the national data opt-out doesn't apply. A different opt-out process is available to those who do not want to have an SCR.

Is there an opt-out of Shared Care Records?

No. Local areas providing Shared Care Records (ShCR) do not need to offer an opt-out for information that is being used and shared for individual care. However, the UK GDPR gives individuals the right to object to the processing of their personal data in certain circumstances.

If an individual does not want their information shared through a ShCR for their individual care, they may raise an objection in accordance with their rights under UK GDPR. Each ShCR group should agree its own arrangements for managing objections and to communicate it to patients and service users.

The organisations holding their data have a duty to consider the objection. They should only override that objection if there is a compelling reason to do so. The impact of the objection should be discussed with the person and alternatives sought where possible.

Does the national data opt-out impact on Shared Care Records?

No. The national data opt-out does not impact on Shared Care Records when information is shared for individual care. However, if a local area decides to use confidential patient information for purposes beyond individual care, then the national data opt-out should be applied. Examples could include research, service design and planning.

Can data flow from the EU to the UK following EU Exit?

Yes.  The EU has formally recognised the UK's high data protection standards through an 'adequacy decision'. This means that data can continue to flow from the EU to the UK and there should be no interruption in the data received by health and care organisations from the EU.  The adequacy decision is in place for four years until June 2025. During this time it can be relied upon as a legal basis for transfers of personal data from the EU to the UK.

Can data flow from the UK to the EU following EU Exit?

Yes. There are currently no changes  to the way personal data is sent to the EU.

Is it still safe to use off-the-shelf messaging apps? I have heard that some changes to terms and conditions of service may mean that messages can be accessed, and information shared with other companies.

While we would advise against the use of off-the-shelf applications for the routine sharing of confidential patient information, it remains appropriate to use them when there is no practical alternative and the benefits outweigh the risks. For example, in emergency situations where an app on your phone is the only way of sharing patient data and a person might suffer serious harm if you fail to share information.

The important thing, as always, is to consider what type of information is being shared and with whom, and as much as possible limit the use of personal or confidential patient information. 

If your organisation is going to process personal or confidential patient information in ways not covered by an existing Data Protection Impact Assessment (DPIA), for example using WhatsApp, then a short high level DPIA should be carried out. The DPIA should set out:

  • the activity being proposed
  • the data protection risks
  • whether the proposed activity is necessary and proportionate
  • the mitigating actions that can be put in place
  • a plan or confirmation that mitigation has been put in place

With regards to recent reports about the changes to terms and conditions of certain apps, users have been assured that the content of messages will remain encrypted from end to end. This means that messages can only be viewed by the sender and the recipient. Changes to terms and conditions might result in the sharing of personal information about the users of its service with other companies, for example, profile information, device data and other metadata. However, the app suppliers have given assurances that the data sharing practices remain compliant with UK data protection legislation.

For further information see our guidance on mobile messaging.

Is it okay to use digital solutions which allow patients to control who has access to their GP record?

Yes. Relevant information can be shared for individual care on the basis of implied consent. Some digital solutions allow patients to be involved in these decisions, for example, they are sent a text message asking them if they are happy to share information from their GP record with someone else caring for them for a time limited period. There should be no barrier to using this type of solution from an IG perspective, however, the GP practice, as data controller, should check they are happy with what is proposed. If the GP practice is happy then, relevant information should be available to other health and care professionals who wish to use the solution.

Is the NHS number an identifier or not?

It depends on the context and situation it is used.

All patients have an NHS number which is unique to them. This is usually allocated when you register with a GP.

The number by itself does not identify the person it relates to as it is just a number, for example: 012 345 6789. However, if a person has access to the systems that can reveal the identity of the individual who the NHS number is assigned to, then it should be considered an identifier.

For example, the Personal Demographics Service (PDS) - the national electronic database of NHS patient details includes NHS numbers as well as names and addresses. It is used by many staff across the NHS to provide care and can be used to check the NHS number. Where access to PDS or a similar system is possible, the NHS number should be considered as an identifier. 

Very careful consideration therefore needs to be applied when using the NHS number as a way of pseudonymisation because to one recipient of the number, it may be classed as anonymous (as they do not have the means to identify the person from it), but a different recipient may have access to systems which they can use to find out who the number belongs to.

What is the Centre for Improving Data Collaboration (CIDC) and will it be producing IG guidance and advice?

The CIDC is a new business unit that has been created to support the health and care sector to enter into data sharing partnerships that benefit the NHS, patients, and the public. You can find out more about the CIDC or read this blog post by Matthew Gould.

The Health and Care Information Governance Panel is responsible for producing IG guidance and advice. Our IG team however, will work closely with the CIDC to provide support where any IG issues arise to ensure a consistent approach.

COVID-19 questions for health and care organisations

Can I work from home for example if I have to self-isolate?

To help underpin staff working from home, your organisation should have an agreed policy for you to refer to which covers this. If your organisation considers it is suitable for you to work at home, then this should be possible if you: 

  • use the IT equipment issued by your organisation wherever possible as this should have the appropriate security protection
  • use a secure network connection, for example home Wi-Fi that requires a password so information is not sent or received over a public Wi-Fi network
  • ensure any applications or software solutions you use have appropriate security, such as using strong passwords
  • ensure the security of any physical documents you take home, particularly those that contain personal or confidential patient information
  • lock print outs and devices away at the end of the working day if possible, to avoid loss or theft of personal or confidential patient information

If you are using your own device, you should contact your IT department and see if they can install programs on your own equipment or send you links to software to download to secure your own equipment. If that’s not possible you should keep your software up to date to make it more difficult for an attacker. You should also avoid mixing your organisation’s information with your own personal information to avoid accidentally keeping hold of information for longer than is necessary.

The Information Commissioner's Office (ICO) has published its own guidance on home working. See the question below regarding the additional precautions you should take when accessing or using confidential patient information (CPI) when working from home. 

Can I access or use confidential patient information (CPI) when working from home?

When accessing and using CPI at home you should protect it in the same way you would normally. You should follow the recommendations set out in the question above on homeworking and take the following additional precautions when accessing or using CPI:

  • If you need to share CPI with others then choose NHS Mail, a secure messaging app or online document sharing system.
  • If you do not have access to these and need to use an alternative email account, which may not be secure, consider password protecting documents and sharing the passwords via a different channel, like text.
  • Consider who else is in the household, and if they can access CPI accidentally or inappropriately, such as looking over your shoulder.
  • CPI should be used for the minimum time necessary for your purpose, and in a way that minimises disclosure.
  • Once the reason for accessing CPI at home has passed, then any CPI that is stored must either be returned to the organisation as soon as possible, or if it is duplicated then your copies must be destroyed.
What about if I’m overseas and I cannot return, can I still work?

This will depend on your role and your organisation agreeing it is appropriate. The requirements are the same as working from home (see above). However, in addition you should discuss it with your Data Protection Officer (DPO). 

Can I share information with a health and care professional based at another health and care organisation if they are supporting the individual care of a patient or service user?

Information should be shared to support individual care. For example, a radiologist in Birmingham could view and report on an image of a patient from Kettering because Kettering temporarily has a reduced number of radiologists. You should ensure that your DPO is aware so that they can update your organisation’s privacy notice as appropriate.

Can we carry out group sessions with patients and service users using video conferencing tools?

Using video conferencing tools may mean you can continue to provide group sessions for patients and service users safely during the COVID-19 period. For example antenatal classes or physiotherapy sessions.

You should ensure patients and service users understand that they are joining a group session and any information they share during the session will be seen or heard by others in the group. You should also consider setting out some terms of use for patients or service users. For example, do not take screenshots or record the session. The consent of the patient or service user, under common law, is then implied by them accepting the invite and entering the consultation. There should be no compulsion to sign up or use the service, but services need to make sure they have provided as much information as possible so patients and service users can make an informed choice.

You should use a video conferencing tool that has been approved by your organisation and follow any advice set out in your organisation's policy on video conferencing with patients and service users.