Shared Care Privacy Statement

Depending on your care pathway, we may share the following categories of information with other authorised care providers when required for your direct care:

• Identity details (e.g., name, date of birth, NHS number).
• Relevant medical history and clinical assessments.
• Diagnostic reports and clinical letters.
• Medication plans, prescribing information, and monitoring results.
• Risk information where needed for your safety (e.g., safeguarding or serious‑risk indicators).
• Information relating to handover, referrals, or continuity‑of‑care needs.

We only share what is necessary, relevant, and proportionate for the receiving clinician or service to safely carry out their role.

This approach aligns with the legal duties on providers to share information for safe care.

We share personal information with other care providers for:

• Direct care: assessment, diagnosis, prescribing, treatment, and follow‑up.
• Continuity of care: ensuring your GP or receiving specialist is informed of material clinical information.
• Patient safety: acting where there is a serious risk of harm to you or others.
• Medication safety: ensuring prescribing decisions are safe and consistent.

Sharing is never for marketing or non‑care purposes.

We do not share patient identifiable data for “indirect care” (e.g., service planning or research) unless legally permitted and clearly explained.

We rely on the following provisions when sharing information for direct care:

• UK GDPR Article 6(1)(e) – Public task (where the care is NHS‑funded).
• UK GDPR Article 6(1)(b) – Contract (for private/self‑funded care).
• UK GDPR Article 9(2)(h) – Provision of health or social care.
• UK GDPR Article 9(2)(c) – Vital interests, where a serious and imminent risk to life or safety exists.

Consent is not required for sharing needed for direct care, but we are committed to transparency. Where sharing is optional (e.g., sending a report to your GP at your request), we will ask for your explicit agreement.

We may share information with:

• NHS GP practices.
• NHS Trusts and ICB‑commissioned mental health services.
• Pharmacists and e‑prescribing partners involved in your treatment.
• External clinicians or specialists involved in your pathway.
• Emergency services, where required for your safety.

Some partners act as independent controllers (e.g., GPs), while others act as processors on our behalf (e.g., digital systems such as CLEO EPS used for prescribing workflows). Shared care is distinct from a processor arrangement.

We use a combination of administrative, technical, and physical safeguards including:

• Secure clinical systems with strict access controls.
• Encryption of data in transit and at rest.
• Role‑based access for clinicians and authorised staff.
• Audit logs of access and sharing events.
• Secure transfer tools such as NHSmail, GP Connect, and other accredited NHS digital channels.

All partners receiving information must meet applicable data protection and clinical safety requirements.

Under data protection law, you have rights including:

• Right to be informed about how your information is used.
• Right of access to your records.
• Right to rectification of inaccurate information.
• Right to restriction, objection, or erasure (where applicable—note that these rights may be limited for clinical records).
• Right to complain to the Information Commissioner’s Office (ICO).

These rights also apply to shared care; however, each provider is responsible for the information they hold.

You will be informed about information‑sharing through:

• Our main Privacy Notice
• Patient‑facing communications (e.g., consultation invitations, reports, registration forms).
• Responses to queries through our IG or clinical teams.

If you have questions about how your information is shared with another provider, our Information Governance team can explain the arrangement.

Data Protection Officer / Information Governance Team
[email protected]