Keeping your personal data safe is central to the GM Care Record

Each health and care organisation in Greater Manchester collects information about you and keeps records about the care and services they have provided. The GM Care record pulls together the information from different health and social care records and displays it in one combined record to fronline workers.

How is your personal information kept safe and secure in the GM Care Record?

We ensure the information we hold is kept in secure locations, restrict access to information to authorised personnel only and protect personal and confidential information.

Appropriate technical and security measures in place to protect the GM Care Record include:

  • complying with Data Protection Legislation;
  • encrypting Personal Data transmitted between partners;
  • implementing and maintaining business continuity, disaster recovery and other relevant policies and procedures
  • a requirement for organisations to complete the Data Security and Protection (DSP) Toolkit introduced in the National Data Guardian review of data security, consent and objections, and adhere to robust information governance management and accountability arrangements;
  • use of ‘user access authentication’ mechanisms to ensure that all instances of access to any Personal Data under the GM Care Record are auditable against an individual accessing the GM Care Record;
  • ensuring that all employees and contractors who are involved in the processing of Personal Data are suitably trained in maintaining the privacy and security of the Personal Data and are under contractual or statutory obligations of confidentiality concerning the Personal Data.

The NHS Digital Code of Practice on Confidential Information applies to all NHS and care staff, and they are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. All staff with access to Personal Data are trained to ensure information is kept confidential.

Whilst you are automatically enrolled into the GM Care Record as a GM citizen, you have the option to object to your information being shared for individual care and to opt out of your data being used for research and planning. More information about this is available below:

Your Questions Answered

How can I opt out of my data being shared via the GM Care Record?

The GM Care Record joins together our regions’ different NHS and care organisations to help hospitals and other care services access patient health and care records quickly and securely.

The GM Care Record enables health and care staff to see up-to-date, limited information regarding an individual’s health and care. It includes vital information such as allergies, medication, test results, and any interventions they may be receiving or have had in the past.

Everyone registered with a Greater Manchester GP is automatically opted-in to the GM Care Record unless they have previously opted out of sharing their GP records.

How can you opt out of the GM Care Record?

You can contact your GP who can discuss the option with you and apply a code to your GP record to prevent a shared care record being created. You can opt back in at any time by informing your GP.

We want anyone who does opt-out to understand that it could negatively impact the care the NHS and social care services can provide. If health and care staff can’t access medical record:

  • It might mean that tests or investigations are repeated because results from other organisations can’t be accessed.
  • You may need to repeat the same information to different staff.
  • The staff treating you won’t be able to see what has happened to you in different parts of the NHS. Staff will only be able to see your record in that specific organisation such as that particular hospital or GP practice.
  • Staff might not know what medication you are taking.
  • It may delay treatment.
  • It will not stop health and care staff contacting one another to ask questions about your history.
  • You may not be conscious or able to share details about your medical history if you arrive at hospital.

GM Secure Data Environment (SDE) for population health research:

NHS Greater Manchester have also designed a secure data environment where, working with technical staff at NHS England, they create a de-identified copy of that data by removing identifiers e.g. name, address, date of birth etc. This de-identified data can then be linked through a pseudonymisation process with other national and or local data sets. This data is then further anonymised and used to support important research and the planning of health and care services (non-research). Examples could include the development of new drugs and treatments.

Whilst you are automatically enrolled into the GM Care Record, you have the option to object to your information being shared for individual care as described above and to opt-out of your data being used for research and planning.

How you can opt out of your data being used for planning and research:

You can still have a shared care record to support your treatment and care, but you can opt out of your data being used for planning and research in 3 ways:

  1. Stopping a GP practice from sharing your data for research and planning

    This is called a Type 1 Opt-Out.

    • To do this you need to fill in an opt-out form and return it to your GP practice. You need to either download a Type 1 opt-out form, or contact your GP surgery who may be able to assist you to complete the form on the telephone or may be able to provide you with a printed copy.

    • Only your GP surgery can process your opt-out form. The GP surgery will be able to tell you if, and when, you have been opted out.

    If you choose a Type 1 Opt-out, your GP will not share your data for research and planning but your data will still be used to support your direct care.

    Find out more about Type 1 Opt-out from NHS Digital’s transparency notice.

    Once the Type 1 Opt-Out has been applied by your General Practice the GM Care Record system will acknowledge this Opt-Out and automatically remove your record from further processing for planning and research purposes.

  2. Stopping NHS Digital and other health and care organisations from sharing your data for planning and research

    This is called a National Data Opt-Out.

    To opt out online or find out more, you can visit Make your choice or contact the NHS Digital Contact Centre by ringing 0300 303 5678.

    If you choose this opt-out, NHS Digital and other health and care organisations will not be able to share any of your personal data with other organisations for research and planning, except in certain situations. For example, when required by law.

    If you want to check if you have opted out, you can enter your details againat Make your choice or check your settings in the NHS App. You can opt out, or opt back in again, at any time.
  1. Stopping your de-identified data being used for planning and research within Greater Manchester

    We apply the Type 1 opt out implemented via the GP practice and the National Data Opt out already via the secure analytics platform.

    If you have either of these opt outs applied to your record your GMCR data will not flow into the secure platform for planning and research.

    If you do not want to apply a national opt out and just opt out of your data from the GM Care Record being used for planning or research within Greater Manchester you can contact us as follows:

    – Calling us on: 0161 947 0770
    – Emailing us at: contactus.caregateway@nhs.net
    – Or writing to us at:

    Information Governance Team
    NHS Greater Manchester
    4th Floor, 3 Piccadilly Place
    Manchester
    M1 3BN

    The Health Research Authority (HRA) and the Secretary of State for Health and Social Care has given Section 251 support for the activity following advice from the Confidentiality Advisory Group.

What is the lawful basis of sharing my information through the GM Care Record?

To process personal data or identifiable data lawfully we are required to have a purpose or reason for processing that data. Please click below for a breakdown of the common legal bases that are used for the GM Care Record and the relevant legislation:

Lawful Basis: GDPR (UK)

GDPR (UK):
The General Data Protection Regulations (UK) requires us to have a legal basis for processing information that can be used to identify an individual, including pseudonymised data, but not anonymised data. For further information please visit: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/

To process personal data, as defined by the GDPR (UK) the following lawful bases from Article 6 are used, and may be used for either data related to individual care or data related to secondary uses:

6.1(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

In certain circumstances the following may be used when sharing information is necessary to protect an individual from harm:

6.1(d) processing is necessary in order to protect the vital interests of the data subject or of another natural person

Additionally when more sensitive data is processed, we require a further legal basis as laid out by Article 9. Sensitive data is defined by GDPR (UK) as special categories of personal data requiring further protection, for example racial or ethnic origin and health data. The following lawful bases from Article 9 are typically used:

For the purposes of improving individual care the condition which lifts the prohibition on processing of the special category of data is:

9.2(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3.

If the data processed for the purposes of planning NHS Services, improving patient safety or evaluating government and NHS Policy is still considered to be personal data under GDPR the condition which lifts the prohibition on processing of the special category of data is:

9.2(i) processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy

If the data processed for the purposes of research (for example to understand more about disease, or develop new treatments) is still considered to be personal data under GDPR the condition which lifts the prohibition on processing of the special category of data is:

9.2(j) processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject

In certain circumstances the following may be used when sharing information is necessary to protect an individual from harm:

9.2(c) processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent

Lawful Basis: Data Protection Act 2018 (DPA)

Data Protection Act 2018 (DPA):
The DPA 2018 is legislation that further defines sections of the GDPR specifically for the UK.

Schedule 1, Part 1, condition(s) for processing:

(2) Health or social care                       

For health or social care:

(d) provision of health care or treatment

(e) provision of social care


Schedule 1, Part 1 makes further reference to the legal basis in the GDPR and whether or not the condition is met for the DPA.

In relation to Secondary Uses (Secondary Use Definition)
Schedule 1, Part 1, condition(s) for processing:

(2) Health or social care                       

(3) Public health

(4) Research

For health or social care:

(d) provision of health care or treatment

(e) provision of social care

(f) management of health care systems or services or social care systems or services

For the purpose of public health:

(b)(i) by or under responsibility of a health professional                

(b)(ii) by another person who in the circumstances owes a duty of confidentiality under an enactment or rule of law

For research purposes:

(a)  is necessary for archiving purposes, scientific or historical research purposes or statistical purposes

(b)  is carried out in accordance with Article 89(1) of the GDPR, and

(c)  is in the public interest

Lawful Basis: Common Law Duty of Confidentiality (CLDC)

Common Law Duty of Confidentiality (CLDC):
The Common Law Duty of Confidentiality is not a codified piece of legislation but is an amalgamation of case law that allows data to be processed via specific legal gateways.

For individual care purposes implied consent is used as a reasonable expectation for the use of health and care records.

For uses beyond health and care the following gateways may be used:

Explicit Consent – Requesting consent directly from the individual that the record refers to.

Overriding Public Interest – When sharing the information can be clearly evidenced to be of overwhelming interest to public safety.

Other Statutory or Legal Duty – In the cases of court orders for instance or required by routes such as those below:

Confidentiality Advisory Group for section 251 approval – Section 251 of the NHS Act 2006 allows the use of confidential patient information for audit or medical research when it is not possible to use anonymised information and when seeking consent is not practical. An application needs to be made for this approval.

In order to process data for secondary uses and research from the GMCR we have made an application to the NHS Health Research Authority’s Confidentiality Advisory Group (CAG) to allow our GMCR system supplier (Graphnet Health Ltd.) to remove identifiers e.g. name, address, date of birth etc.  This will enable us to then use that de-identified data to support our planning and research without the ability to identify any individual patients.  You can find out more about how we use data for research and planning by clicking on this link

The CAG approval reference is as follows:

  • 22/CAG/0169 – Non research
  • 22/CAG/0170 – Research

Lawful Basis: Further Related Legislation

Further Related Legislation:
The Health and Social Care (Safety and Quality) Act 2015 inserted a legal Duty to Share Information In Part 9 of the Health and Social Care Act 2012.

Official authority:

GP PracticesNHS England’s powers to commission health services under the NHS Act 2006. Also, Article 6 (1) c for GPs when subject to statutory regulation
NHS TrustsNational Health Service and Community Care Act 1990
NHS Foundation TrustsHealth and Social Care (Community Health and Standards) Act 2003
Local AuthoritiesLocal Government Act 1974
Localism Act 2011
Children Act 1989
Children Act 2004
Care Act 2014

Which organisations can access your personal information through the GM Care Record?

Personal Data will only be shared between the health and social care organisations that are signed up to the GM Care Record Data Protection Impact Assessment (DPIA). These include:

  • Primary care (e.g. your GP practice)
  • Community services
  • Mental health services
  • Local authority social care departments
  • Secondary care (e.g. hospitals)
  • Specialist services (e.g. ambulances)

The GM Care Record makes your patient information easily accessible for the purposes of your care and treatment.

How is information in the GM Care Record held?

A record of care is held on each organisation’s secure electronic system (local record) e.g. a GP practice will have their own system for recording patient information. Graphnet, a supplier of healthcare systems, has designed a secure system that integrates data from those multiple electronic health and social care systems to provide a live and read-only summary of that data to a health or social care worker when required for the purposes of your individual care.

How will the information be made available in the GM Care Record?

Data is presented as a read-only view; meaning that the Personal Data from an organisation’s local record is not changed. The data remains within each organisation’s database and staff using the GM care record are allowed a read-view access only. Access to your data depends on the professional having access in their own clinical/care systems – so professionals can only see information regarding patients that are being referred for treatment or have been treated by them.

How long will the data be held in the GM Care Record?

As the GM Care Record is an integrated digital care record that pulls together vital patient data from several health and social care providers, only data currently visible in each of the local systems will be visible in the GM Care Record. Each partner organisation feeding data into the GM Care Record has local retention rules set by the NHS Records Management Code of Practice for Health and Social Care.

Within the governance framework for the GM Care Record, the system supplier is also contractually obliged to comply with any requests by the partners to remove/delete data when instructed to do so.

What are your rights regarding information held in the GM Care Record?

Under the Data Protection Legislation, you have the right to:

  • be informed of our uses of your data (the purpose of this privacy notice)
  • request copies of your personal information, commonly referred to as a Subject Access Request (SAR)
  • have any factual inaccuracies corrected
  • request the restriction or suppression of your personal data. This is not an absolute right and only applies in certain circumstances
  • not be subject to automated decision making or profiling. There is no automated decision making or profiling in the GM Care Record
  • complain about the handling of your data to an organisations data protection officer or to the regulator
  • also have the right to object to processing of your personal data in certain circumstances.

Details of how to exercise your rights are shown below.

How can I access the information you hold about me in the GM Care Record?

You have a right to request information that is held about you. The Greater Manchester Care Record (GMCR) is a collection of information from organisations across the GM area that provide you with care services (please note it is not all the information held on you by each organisation that has cared for you, as each organisation involved in your care keeps their specific records locally).

To access records of your care, you must contact the organisation(s) that have been or are currently providing your care, as they will have the full record of the care they have provided to you. This is called a Subject Access Request (SAR). 

NHS Greater Manchester is the lead organisation for the GMCR. If you want to know which organisations are sharing data into the GM Care Record, contact the following email address gmhscp.icpsar@nhs.net and insert GMCR in the email subject heading.

Who is the data controller?

The organisations providing your care locally are the controllers of the data they hold about you and are working in partnership to ensure that relevant information is available to other health and care providers within the Greater Manchester Care Record when needed to benefit your care.  The organisations feeding the data they hold into the GM Care Record are Joint Data Controllers in accordance with the UK General Data Protection Regulation (UK GDPR 2018).

NHS Greater Manchester is the lead organisation for the GMCR and can be contacted via the following link: https://gmintegratedcare.org.uk/have-your-say/contact-us/.

Do I have a right to complain?

The Greater Manchester Care Record (GMCR) is a collection of information from organisations across the GM area that provide you with care services.

If you wish to make a complaint about the GM Care Record, please contact your direct care provider such as your GP, hospital consultant, social worker or speak to their PALS (Patients Advisors and Liaisons Services) / Complaints department. Patients also have the right to make a complaint to the Information Commissioner’s Office regarding breaches of confidentiality.

For independent advice about data protection, privacy, data sharing issues and your rights you can contact: 

  • Information Commissioner’s Office; Wycliffe House, Water Lane, Wilmslow Cheshire, SK9 5AF
  • Telephone: 0303 123 1113 (local rate) or 01625 545 745
  • Email: casework@ico.org.uk or visit the ICO website. https://ico.org.uk/

The NHS Constitution
The NHS Constitution establishes the principles and values of the NHS in England. It sets out the rights patients, the public and staff are entitled to. These rights cover how patients access health services, the quality of care you’ll receive, the treatments and programmes available to you, confidentiality, information and your right to complain if things go wrong.
https://www.gov.uk/government/publications/the-nhs-constitution-for-england


Download Appendix A
List of Data Protection Officers and Links to Privacy Notices Across GM Organisations

Image of a health care worker using a computer for research