A Collection is a selection of features, articles, comments and opinions on any given theme or topic. It allows you to stay up‑to‑date with what interests you most.
Login here to access your saved articles and followed authors.
We have sent you an email so you can reset your password.
Sorry, we had a problem.
Information sharing is crucial to facilitating integrated care across health and social care organisations, not only in the delivery of care and enabling better outcomes for individual patients, but also by providing analytics which afford commissioners and providers the ability to better evaluate and manage integrated care. In some circumstances there is also a positive duty for health and social care organisations to share information.
While greater clarity on how patient data can be used and shared in accordance with patient expectations has the potential to unlock barriers to better information sharing, ensuring the safety and security of that data has never been so challenging. It is a particularly tumultuous time for organisations handling patient data, with the General Data Protection Regulation ("GDPR") and the Data Protection Act 2018 heralding a new legislative regime, plus the development of national policy on the use of consent when dealing with patient data. Organisations handling patient data need to ensure compliance or face the possibility of greatly increased penalties and sanctions for getting it wrong.
Commissioners and providers need to review the practicalities of their data sharing arrangements, including the apportionment of liability and responsibilities. They should also ensure that information governance is embedded within an integrated model at the outset, and consider the impact on the privacy and confidentiality of the patients and other stakeholders. A good starting point is to undertake a Data Protection Impact Assessment ("DPIA"). A DPIA assesses the privacy risks and helps ensure any integrated care model is designed with appropriate information governance systems in place – it is also a requirement under the GDPR where processing activities present a "high risk" to the rights and freedom of individuals. In carrying out a DPIA, organisations should be mindful of the following key questions:
This should also be supported by a good communication strategy, ensuring that stakeholders are engaged from the outset and given an opportunity to input into the service design.