Best practice for the health and care sector: good guidance is on the way for data sharing practice

It is more than a year now since the introduction of Europe’s new data privacy regime, the GDPR. There was a flurry of activity leading up to and following the launch date in May 2018. But then, the GDPR fell out of the headlines. Recent high profile penalty announcements running into the hundreds of millions have again highlighted the dangers of failure to comply. 

The ICO is now consulting on its updated draft data sharing code of practice following the 2018 Data Protection Act. The draft code covers changes to data protection legislation where these changes are relevant to data sharing, including transparency, lawful bases for processing, the new accountability principle and the requirement to record processing activities.

The new code

The draft code summed up, is a practical guide for organisations about how to share personal data in compliance with data protection legislation. It explains the law and provides good practice recommendations. Put simply, the new code is designed to give health and care professionals the confidence to share data appropriately and correctly.

The code highlights the benefits that sharing personal data can bring to patients and health and care professionals. Three examples are given from a local area setting up an integrated care record to share patient records between health and social care staff to the sharing of data between a hospital emergency department and local GPs who introduced a data sharing process to enable the hospital’s treating clinicians to have 24 hour secure access to the patient’s GP record.

There is also detailed support for those healthcare organisations looking at developing an information sharing framework. Annex D of the draft code includes a detailed case study involving healthcare partners wanting to develop an information sharing framework to standardise their sharing processes and encourage agencies to share personal data safely. In a key step, partners brought together information governance leads to oversee the changes needed to develop the framework.

This is not a comprehensive review of the draft code. We have teased out a few of the guidance points relevant to the health and care sector.

Have your say

The updated draft code is now out for public consultation and will remain open until Monday 9 September 2019. You can respond by completing the online survey or email: [email protected].

Our content explained

Every piece of content we create is correct on the date it’s published but please don’t rely on it as legal advice. If you’d like to speak to us about your own legal requirements, please contact one of our expert lawyers.

Posted by


Mills & Reeve Sites navigation
A tabbed collection of Mills & Reeve sites.
My Mills & Reeve navigation
Subscribe to, or manage your My Mills & Reeve account.
My M&R


Register for My M&R to stay up-to-date with legal news and events, create brochures and bookmark pages.

Existing clients

Log in to your client extranet for free matter information, know-how and documents.


Mills & Reeve system for employees.