Keeping your personal data safe is central to the GM Care Record

Each health and care organisation in Greater Manchester collects information about you and keeps records about the care and services they have provided. The GM Care record pulls together the information from these different health and social care records and displays it in one combined record.

How is your personal information kept safe and secure in the GM Care Record?

We ensure the information we hold is kept in secure locations, restrict access to information to authorised personnel only and protect personal and confidential information.

Appropriate technical and security measures in place to protect the GM Care Record include:

  • complying with Data Protection Legislation;
  • encrypting Personal Data transmitted between partners;
  • implementing and maintaining business continuity, disaster recovery and other relevant policies and procedures
  • a requirement for organisations to complete the Data Security and Protection (DSP) Toolkit introduced in the National Data Guardian review of data security, consent and objections, and adhere to robust information governance management and accountability arrangements;
  • use of ‘user access authentication’ mechanisms to ensure that all instances of access to any Personal Data under the GM Care Record are auditable against an individual accessing the GM Care Record;
  • ensuring that all employees and contractors who are involved in the processing of Personal Data are suitably trained in maintaining the privacy and security of the Personal Data and are under contractual or statutory obligations of confidentiality concerning the Personal Data.

The NHS Digital Code of Practice on Confidential Information applies to all NHS and care staff, and they are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. All staff with access to Personal Data are trained to ensure information is kept confidential.

Whilst you are automatically enrolled into the GM Care Record as a GM citizen, you have the option to object to your information being shared for individual care and to opt out of your data being used for research and planning. More information about this is available below:

Your Questions Answered

How can I object or opt out of my data being shared via the GM Care Record?

The purpose of the GM Care Record is to improve the care that you receive, however, if you don’t want your information to be shared, you have a legal right to object to your data being shared through the GM Care Record. Your objection will be considered on a case by case basis. When considering your objection, we will consider whether you can still be provided with safe individual care. Please contact your health and care provider to discuss this further. This could be your GP practice or the health or social care staff that provided or are currently providing your treatment and care.

We ask you to think carefully before making this decision. Sharing your health and social care information will make it easier for services to provide the best treatment and care for you when you most need it.

Health and social care staff use your confidential patient information to help with your treatment and care. For example, when you visit a hospital your consultant may need to know the medicines you take.

Your health or social care provider can advise you of how you can opt out of having a GM Care Record. Please note this is separate to your Summary Care record for which you will need to opt out of separately if required. Find out more about the Summary Care record and opting out here.

Opt out of your deidentified information being used for research and planning:
The national data opt out is a service that allows patients to opt out of their deidentified patient information being used for research and planning. Visit this page to find out more information and to opt out.

What types of personal information are shared in the GM Care Record?

Personal information (or Personal Data) means any information about an individual from which that person can be identified. The Personal Data that is shared includes:

Identifying Data:
Forename, Surname, Address, Date of Birth, Gender, Age, Postal Address, Postcode, Telephone Number and NHS Number.

Other categories of Personal Data:
This includes:

  • A list of diagnosed conditions – to make sure your clinical and care staff have an accurate record of your care
  • Medication – so everyone treating you can see what medicines you have been prescribed
  • Allergies – to make sure you’re not prescribed or given any medicines you can have an adverse reaction to
  • Test results – to speed up treatment and care and to ensure tests are not repeated
  • Referrals, clinical letters and discharge information – to make sure the people caring for you have all the information they need about other care and treatment you are having elsewhere
  • Care plans (where available) – for health and care workers involved in your care to view a joined-up plan of care and the wishes you’ve asked for in relation to your care
  • Relevant information about people that care for you and know you well.
  • Basic details about associated people e.g. children, partners, carers, relatives etc.

What is the lawful basis for the sharing of information?

To process personal data or identifiable data lawfully we are required to have a purpose or reason for processing that data. Below is a breakdown of the common legal bases that are used for the GM Care Record and the relevant legislation.

GDPR (UK):
The General Data Protection Regulations (UK) requires us to have a legal basis for processing information that can be used to identify an individual, including pseudonymised data, but not anonymised data. For further information please visit: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/

To process personal data, as defined by the GDPR (UK) the following lawful bases from Article 6 are used, and may be used for either data related to individual care or data related to secondary uses:

6.1(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

In certain circumstances the following may be used when sharing information is necessary to protect an individual from harm:

6.1(d) processing is necessary in order to protect the vital interests of the data subject or of another natural person

Additionally when more sensitive data is processed, we require a further legal basis as laid out by Article 9. Sensitive data is defined by GDPR (UK) as special categories of personal data requiring further protection, for example racial or ethnic origin and health data. The following lawful bases from Article 9 are typically used:

For the purposes of improving individual care the condition which lifts the prohibition on processing of the special category of data is:

9.2(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3.

If the data processed for the purposes of planning NHS Services, improving patient safety or evaluating government and NHS Policy is still considered to be personal data under GDPR the condition which lifts the prohibition on processing of the special category of data is:

9.2(i) processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy

If the data processed for the purposes of research (for example to understand more about disease, or develop new treatments) is still considered to be personal data under GDPR the condition which lifts the prohibition on processing of the special category of data is:

9.2(j) processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject

In certain circumstances the following may be used when sharing information is necessary to protect an individual from harm:

9.2(c) processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent

Data Protection Act 2018 (DPA):
The DPA 2018 is legislation that further defines sections of the GDPR specifically for the UK.

Schedule 1, Part 1, condition(s) for processing:

(2) Health or social care                       

For health or social care:

(d) provision of health care or treatment

(e) provision of social care


Schedule 1, Part 1 makes further reference to the legal basis in the GDPR and whether or not the condition is met for the DPA.

In relation to Secondary Uses (Secondary Use Definition)

Schedule 1, Part 1, condition(s) for processing:

(2) Health or social care                       

(3) Public health

(4) Research

For health or social care:

(d) provision of health care or treatment

(e) provision of social care

(f) management of health care systems or services or social care systems or services

For the purpose of public health:

(b)(i) by or under responsibility of a health professional                

(b)(ii) by another person who in the circumstances owes a duty of confidentiality under an enactment or rule of law

For research purposes:

(a)  is necessary for archiving purposes, scientific or historical research purposes or statistical purposes

(b)  is carried out in accordance with Article 89(1) of the GDPR, and

(c)  is in the public interest


Common Law Duty of Confidentiality (CLDC):
The Common Law Duty of Confidentiality is not a codified piece of legislation but is an amalgamation of case law that allows data to be processed via specific legal gateways.

For individual care purposes implied consent is used as a reasonable expectation for the use of health and care records.

For uses beyond health and care the following gateways may be used:

Explicit Consent – Requesting consent directly from the individual that the record refers to.

Overriding Public Interest – When sharing the information can be clearly evidenced to be of overwhelming interest to public safety.

Other Statutory or Legal Duty – In the cases of court orders for instance or required by routes such as those below:

Confidentiality Advisory Board for section 251 approval – Section 251 of the NHS Act 2006 allows the use of confidential patient information for audit or medical research when it is not possible to use anonymised information and when seeking consent is not practical. An application needs to be made for this approval.

Control of Patient Information Notice – A notice from the secretary of state for health that disclosure is required for the public benefit, as an example this was used during the Covid-19 Pandemic.

Further Related Legislation:
The Health and Social Care (Safety and Quality) Act 2015 inserted a legal Duty to Share Information In Part 9 of the Health and Social Care Act 2012.

Official authority:

GP PracticesNHS England’s powers to commission health services under the NHS Act 2006. Also, Article 6 (1) c for GPs when subject to statutory regulation
NHS TrustsNational Health Service and Community Care Act 1990
NHS Foundation TrustsHealth and Social Care (Community Health and Standards) Act 2003
Local AuthoritiesLocal Government Act 1974
Localism Act 2011
Children Act 1989
Children Act 2004
Care Act 2014

Which organisations can access your personal information through the GM Care Record?

Personal Data will only be shared between the health and social care organisations that are signed up to the GM Care Record Data Protection Impact Assessment (DPIA). These include:

  • Primary care (e.g. your GP practice)
  • Community services
  • Mental health services
  • Local authority social care departments
  • Secondary care (e.g. hospitals)
  • Specialist services (e.g. ambulances)

The GM Care Record makes your patient information easily accessible for the purposes of your care and treatment.

How is information in the GM Care Record held?

A record of care is held on each organisation’s secure electronic system (local record) e.g. a GP practice will have their own system for recording patient information. Graphnet, a supplier of healthcare systems, has designed a secure system that integrates data from those multiple electronic health and social care systems to provide a live and read-only summary of that data to a health or social care worker when required for the purposes of your individual care.

How will the information be made available in the GM Care Record?

Data is presented as a read-only view; meaning that the Personal Data from an organisation’s local record is not changed. The data remains within each organisation’s database and staff using the GM care record are allowed a read-view access only. Access to your data depends on the professional having access in their own clinical/care systems – so professionals can only see information regarding patients that are being referred for treatment or have been treated by them.

How long will the data be held in the GM Care Record?

As the GM Care Record is an integrated digital care record that pulls together vital patient data from several health and social care providers, only data currently visible in each of the local systems will be visible in the GM Care Record. Each partner organisation feeding data into the GM Care Record has local retention rules set by the NHS Records Management Code of Practice for Health and Social Care.

Within the governance framework for the GM Care Record, the system supplier is also contractually obliged to comply with any requests by the partners to remove/delete data when instructed to do so.

What are your rights regarding information held in the GM Care Record?

Under the Data Protection Legislation, you have the right to:

  • be informed of our uses of your data (the purpose of this privacy notice)
  • request copies of your personal information, commonly referred to as a Subject Access Request (SAR)
  • have any factual inaccuracies corrected
  • request the restriction or suppression of your personal data. This is not an absolute right and only applies in certain circumstances
  • not be subject to automated decision making or profiling. There is no automated decision making or profiling in the GM Care Record
  • complain about the handling of your data to an organisations data protection officer or to the regulator
  • also have the right to object to processing of your personal data in certain circumstances.

Details of how to exercise your rights are shown below.

How can I access the information you keep about me?

To access your Personal Data, you should contact your local appropriate organisation (Appendix A at the end of this page) and their Data Protection Officer.

If this data contains errors, you can exercise your right to correct this information via the Data Protection Officer.

Do I have a right to complain?

Please contact your local appropriate health or social care organisation (Appendix A at the end of this page) and their Data Protection Officer to raise a complaint.

You can get further advice or report a concern directly to:

Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113 (local rate) or 01625 545745 (national rate)
Online: https://ico.org.uk/concerns/handling/
Further information about the way in which the NHS uses personal information and your rights is published by NHS Digital:

The NHS Care Record Guarantee
The NHS Care Record Guarantee for England sets out the rules that govern how patient information is used in the NHS, what control the patient can have over this, the rights individuals have to request copies of their data and how data is protected under Data Protection Legislation.
http://systems.digital.nhs.uk/infogov/links/nhscrg.pdf

The NHS Constitution
The NHS Constitution establishes the principles and values of the NHS in England. It sets out the rights patients, the public and staff are entitled to. These rights cover how patients access health services, the quality of care you’ll receive, the treatments and programmes available to you, confidentiality, information and your right to complain if things go wrong.
https://www.gov.uk/government/publications/the-nhs-constitution-for-england

NHS Digital
NHS Digital collects health information from the records health and social care providers keep about the care and treatment they give, to promote health or support improvements in the delivery of care services in England.
http://content.digital.nhs.uk/article/4963/What-we-collect

National Data Opt-Out
The national data opt-out is a service that allows patients to opt out of their confidential patient information being used for research and planning. Visit the website below to find out more information or to opt-out of having your patient information being used for research and planning.
https://www.nhs.uk/your-nhs-data-matters/

Download Appendix A
List of Data Protection Officers and Links to Privacy Notices Across GM Organisations