This notice describes how we may use your information to protect you and others during the (coronavirus) COVID-19 outbreak. It supplements our main privacy notice (PDF 160Kb).
The health and social care system is facing significant pressures due to the COVID-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.
Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law, the Secretary of State has required NHS Digital, NHS England and Improvement, arm's length Bodies (such as Public Health England), local authorities, health organisations and GPs to share confidential patient information to respond to the COVID-19 outbreak. Any information used or shared during the COVID-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data. Further information is available on the gov.uk website and some frequently asked questions on this law are available on the NHSX website.
During this period of emergency, opt-outs will not generally apply to the data used to support the COVID-19 outbreak, due to the public interest in sharing information. This includes national data opt-outs. Find out about National data opt-outs on the NHS website. However, in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply. It may also take us longer to respond to subject access requests, freedom of information requests and new opt-out requests whilst we focus our efforts on responding to the outbreak.
In order to look after your health and care needs we may share your confidential patient information including health and care records with clinical and non-clinical staff in other health and care providers, for example neighbouring GP practices, hospitals, private healthcare providers and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text or email.
During this period of emergency we may offer you a consultation via telephone or video-conferencing when this is clinically appropriate. By accepting the invitation and entering the consultation you are consenting to this. Your personal and confidential patient information will be safeguarded in the same way it would with any other consultation.
We will also be required to share personal and confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak. Visit the NHSX website for further information about the variety of ways that health and care data is being used and shared by other NHS and social care organisations to support the COVID-19 response.
NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the COVID-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and emergency department (A&E) capacity data as well as data provided by patients themselves on the NHS coronavirus status checker. All the data held in the platform is subject to strict controls that meet requirements of data protection legislation.
For purposes beyond individual care, your information relating to COVID-19 may be shared with other health care providers, with private health care organisations, universities conducting research into COVID-19 and private sector organisations.
If you tell us you're experiencing COVID-19 symptoms, we may need to collect specific health data about you. If we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.