Keeping your personal data safe is central to the GM Care Record

Each health and care organisation in Greater Manchester collects information about you and keeps records about the care and services they have provided. The GM Care record pulls together the information from these different health and social care records and displays it in one combined record.

How is your personal information kept safe and secure in the GM Care Record?

We ensure the information we hold is kept in secure locations, restrict access to information to authorised personnel only and protect personal and confidential information.

Appropriate technical and security measures in place to protect the GM Care Record include:

  • complying with Data Protection Legislation;
  • encrypting Personal Data transmitted between partners;
  • implementing and maintaining business continuity, disaster recovery and other relevant policies and procedures
  • a requirement for organisations to complete the Data Security and Protection (DSP) Toolkit introduced in the National Data Guardian review of data security, consent and objections, and adhere to robust information governance management and accountability arrangements;
  • use of ‘user access authentication’ mechanisms to ensure that all instances of access to any Personal Data under the GM Care Record are auditable against an individual accessing the GM Care Record;
  • ensuring that all employees and contractors who are involved in the processing of Personal Data are suitably trained in maintaining the privacy and security of the Personal Data and are under contractual or statutory obligations of confidentiality concerning the Personal Data.

The NHS Digital Code of Practice on Confidential Information applies to all NHS and care staff, and they are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. All staff with access to Personal Data are trained to ensure information is kept confidential.

Whilst you are automatically enrolled into the GM Care Record as a GM citizen, you have the option to object to your information being shared for individual care and to opt out of your data being used for research and planning. More information about this is available below:

Your Questions Answered

How can I opt out of my data being shared via the GM Care Record?

THIS INFORMATION ON OPTING OUT OF THE GM CARE RECORD CAN ALSO BE DOWNLOADED AT THIS LINK.

The Greater Manchester Care Record (GMCR) is used by health and care professionals to make sure you receive the best possible treatment and care.

An anonymised view of the data is also used to support important research and the planning of health and care services.

The information below explains how you can opt out of your information being included in the GMCR to support your care and treatment, or how you can opt out of your anonymised data being using for planning and research.

Benefits of sharing your care records

The Greater Manchester Care Record allows health and care staff to see more up to date limited information regarding your health and care history. It includes vital information such as allergies, medication, test results, and any interventions you may be receiving, or have had in the past.

When staff are more informed, it helps them to make the right decisions quickly, providing better, safer care. This is especially important during emergency situations or out of normal working hours.  Only staff involved in your care, and who have a legitimate reason are allowed to view your records.

It is your choice to be part of the Greater Manchester Care Record. Everyone registered with a Greater Manchester GP is automatically opted-in to limited information from their health and care records being accessible via the Greater Manchester Care Record unless they have previously opted out of sharing their GP records.

If you are happy for your records to be available, you don’t need to take any action.

The implication of not having a GM Care Record

You have the right to opt out of having a shared care record.  However, we want anyone who does opt out, to understand that it could negatively impact the care the NHS and social care services can provide. If health and care staff can’t access your medical record:

  • It might mean that tests or investigations are repeated because results from other organisations can’t be accessed.
  • You may need to repeat the same information to different staff.
  • The staff treating you won’t be able to see what has happened to you in different parts of the NHS. They will only be able to see the record in their organisation such as that particular hospital or GP practice.
  • They might not know what medication you are taking.
  • It may delay treatment.
  • It will not stop health and care staff contacting one another to ask questions about your history.
  • You may not be conscious or able to share details about your medical history if you arrive at hospital.

How to opt out of your data being included within the GM Care Record

Contact your GP who can discuss the option with you and can apply a code to your GP record to prevent a shared care record being created for you.  You can opt back in at any time by informing your GP.

How to opt out of your data being used for planning and research

The GM Care Record has been created to ensure you receive tailored, individual care and treatment but we also create an anonymised view of your data to allow us to plan health and care services and carry out vital research to improve patient care through the development of new drugs and treatments.

You can still have a shared care record to support your treatment and care, but you can opt out of your data being used for planning and research in 2 ways:

1. Stop your GP practice from sharing your data for planning and research

This is called a Type 1 Opt-Out.

  • To do this you need to fill in an opt-out form and return it to your GP practice. Either Download a Type 1 Opt-out form, or contact your GP surgery who may be able to assist you to complete the form on the telephone or may be able to provide you with a printed copy.
  • Only your GP surgery can process your opt-out form. They will be able to tell you if, and when, you have been opted out.

If you choose a Type 1 Opt-out, your GP will not share your data for research and planning but your data will still be used to support your direct care.

Find out more about Type 1 Opt-out from NHS Digital’s transparency notice

Once the Type 1 Opt-Out has been applied by your General Practice the GM Care Record system will acknowledge this Opt-Out and automatically remove your record from further processing for planning and research purposes.

2. Stop NHS Digital and other health and care organisations from sharing your data for planning and research

This is called a National Data Opt-Out.

To opt out online or find out more, visit Make your choice or contact the NHS Digital Contact Centre by ringing 0300 303 5678.

If you choose this opt-out, NHS Digital and other health and care organisations will not be able to share any of your personal data with other organisations for research and planning, except in certain situations. For example, when required by law.

If you want to check if you have opted out, you can enter your details again at Make your choice or check your settings in the NHS App.

You can opt out, or opt back in again, at any time.

Right to Object under data protection law
Under data protection law e.g., the UK GDPR you have the right to object to the use of your data in certain circumstances and to have your objection considered. More information can be found on the Information Commissioner’s website here.

What is the lawful basis of sharing my information through the GM Care Record?

To process personal data or identifiable data lawfully we are required to have a purpose or reason for processing that data. Please click below for a breakdown of the common legal bases that are used for the GM Care Record and the relevant legislation:

Lawful Basis: GDPR (UK)

GDPR (UK):
The General Data Protection Regulations (UK) requires us to have a legal basis for processing information that can be used to identify an individual, including pseudonymised data, but not anonymised data. For further information please visit: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/

To process personal data, as defined by the GDPR (UK) the following lawful bases from Article 6 are used, and may be used for either data related to individual care or data related to secondary uses:

6.1(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

In certain circumstances the following may be used when sharing information is necessary to protect an individual from harm:

6.1(d) processing is necessary in order to protect the vital interests of the data subject or of another natural person

Additionally when more sensitive data is processed, we require a further legal basis as laid out by Article 9. Sensitive data is defined by GDPR (UK) as special categories of personal data requiring further protection, for example racial or ethnic origin and health data. The following lawful bases from Article 9 are typically used:

For the purposes of improving individual care the condition which lifts the prohibition on processing of the special category of data is:

9.2(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3.

If the data processed for the purposes of planning NHS Services, improving patient safety or evaluating government and NHS Policy is still considered to be personal data under GDPR the condition which lifts the prohibition on processing of the special category of data is:

9.2(i) processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy

If the data processed for the purposes of research (for example to understand more about disease, or develop new treatments) is still considered to be personal data under GDPR the condition which lifts the prohibition on processing of the special category of data is:

9.2(j) processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject

In certain circumstances the following may be used when sharing information is necessary to protect an individual from harm:

9.2(c) processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent

Lawful Basis: Data Protection Act 2018 (DPA)

Data Protection Act 2018 (DPA):
The DPA 2018 is legislation that further defines sections of the GDPR specifically for the UK.

Schedule 1, Part 1, condition(s) for processing:

(2) Health or social care                       

For health or social care:

(d) provision of health care or treatment

(e) provision of social care


Schedule 1, Part 1 makes further reference to the legal basis in the GDPR and whether or not the condition is met for the DPA.

In relation to Secondary Uses (Secondary Use Definition)
Schedule 1, Part 1, condition(s) for processing:

(2) Health or social care                       

(3) Public health

(4) Research

For health or social care:

(d) provision of health care or treatment

(e) provision of social care

(f) management of health care systems or services or social care systems or services

For the purpose of public health:

(b)(i) by or under responsibility of a health professional                

(b)(ii) by another person who in the circumstances owes a duty of confidentiality under an enactment or rule of law

For research purposes:

(a)  is necessary for archiving purposes, scientific or historical research purposes or statistical purposes

(b)  is carried out in accordance with Article 89(1) of the GDPR, and

(c)  is in the public interest

Lawful Basis: Common Law Duty of Confidentiality (CLDC)

Common Law Duty of Confidentiality (CLDC):
The Common Law Duty of Confidentiality is not a codified piece of legislation but is an amalgamation of case law that allows data to be processed via specific legal gateways.

For individual care purposes implied consent is used as a reasonable expectation for the use of health and care records.

For uses beyond health and care the following gateways may be used:

Explicit Consent – Requesting consent directly from the individual that the record refers to.

Overriding Public Interest – When sharing the information can be clearly evidenced to be of overwhelming interest to public safety.

Other Statutory or Legal Duty – In the cases of court orders for instance or required by routes such as those below:

Confidentiality Advisory Board for section 251 approval – Section 251 of the NHS Act 2006 allows the use of confidential patient information for audit or medical research when it is not possible to use anonymised information and when seeking consent is not practical. An application needs to be made for this approval.

In order to process data for secondary uses and research from the GMCR we have made an application to the NHS Health Research Authority’s Confidentiality Advisory Group (CAG) to allow our GMCR system supplier (Graphnet Health Ltd.) to remove identifiers e.g. name, address, date of birth etc.  This will enable us to then use that de-identified data to support our planning and research without the ability to identify any individual patients.  You can find out more about how we use data for research and planning by clicking on this link

The CAG approval reference is as follows:

  • 22/CAG/0169 – Non research
  • 22/CAG/0170 – Research

Lawful Basis: Control of Patient Information Notice (COPI)

Control of Patient Information Notice:

A notice from the secretary of state for health that disclosure is required for the public benefit, as an example this was used during the Covid-19 Pandemic.

Lawful Basis: Further Related Legislation

Further Related Legislation:
The Health and Social Care (Safety and Quality) Act 2015 inserted a legal Duty to Share Information In Part 9 of the Health and Social Care Act 2012.

Official authority:

GP PracticesNHS England’s powers to commission health services under the NHS Act 2006. Also, Article 6 (1) c for GPs when subject to statutory regulation
NHS TrustsNational Health Service and Community Care Act 1990
NHS Foundation TrustsHealth and Social Care (Community Health and Standards) Act 2003
Local AuthoritiesLocal Government Act 1974
Localism Act 2011
Children Act 1989
Children Act 2004
Care Act 2014

Which organisations can access your personal information through the GM Care Record?

Personal Data will only be shared between the health and social care organisations that are signed up to the GM Care Record Data Protection Impact Assessment (DPIA). These include:

  • Primary care (e.g. your GP practice)
  • Community services
  • Mental health services
  • Local authority social care departments
  • Secondary care (e.g. hospitals)
  • Specialist services (e.g. ambulances)

The GM Care Record makes your patient information easily accessible for the purposes of your care and treatment.

How is information in the GM Care Record held?

A record of care is held on each organisation’s secure electronic system (local record) e.g. a GP practice will have their own system for recording patient information. Graphnet, a supplier of healthcare systems, has designed a secure system that integrates data from those multiple electronic health and social care systems to provide a live and read-only summary of that data to a health or social care worker when required for the purposes of your individual care.

How will the information be made available in the GM Care Record?

Data is presented as a read-only view; meaning that the Personal Data from an organisation’s local record is not changed. The data remains within each organisation’s database and staff using the GM care record are allowed a read-view access only. Access to your data depends on the professional having access in their own clinical/care systems – so professionals can only see information regarding patients that are being referred for treatment or have been treated by them.

How long will the data be held in the GM Care Record?

As the GM Care Record is an integrated digital care record that pulls together vital patient data from several health and social care providers, only data currently visible in each of the local systems will be visible in the GM Care Record. Each partner organisation feeding data into the GM Care Record has local retention rules set by the NHS Records Management Code of Practice for Health and Social Care.

Within the governance framework for the GM Care Record, the system supplier is also contractually obliged to comply with any requests by the partners to remove/delete data when instructed to do so.

What are your rights regarding information held in the GM Care Record?

Under the Data Protection Legislation, you have the right to:

  • be informed of our uses of your data (the purpose of this privacy notice)
  • request copies of your personal information, commonly referred to as a Subject Access Request (SAR)
  • have any factual inaccuracies corrected
  • request the restriction or suppression of your personal data. This is not an absolute right and only applies in certain circumstances
  • not be subject to automated decision making or profiling. There is no automated decision making or profiling in the GM Care Record
  • complain about the handling of your data to an organisations data protection officer or to the regulator
  • also have the right to object to processing of your personal data in certain circumstances.

Details of how to exercise your rights are shown below.

How can I access the information you keep about me?

To access your Personal Data, you should contact your local appropriate organisation (Appendix A at the end of this page) and their Data Protection Officer.

If this data contains errors, you can exercise your right to correct this information via the Data Protection Officer.

Who is the data controller?

The organisations providing your care locally are the controllers of the data they hold about you and are working in partnership to ensure that relevant information is available to other health and care providers within the Greater Manchester Care Record when needed to benefit your care.  The organisations feeding the data they hold into the GM Care Record are Joint Data Controllers in accordance with the General Data Protection Regulation (GDPR 2018).

Do I have a right to complain?

Please contact your local appropriate health or social care organisation (Appendix A at the end of this page) and their Data Protection Officer to raise a complaint.

You can get further advice or report a concern directly to:

Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113 (local rate) or 01625 545745 (national rate)
Online: https://ico.org.uk/concerns/handling/
Further information about the way in which the NHS uses personal information and your rights is published by NHS Digital:

The NHS Care Record Guarantee
The NHS Care Record Guarantee for England sets out the rules that govern how patient information is used in the NHS, what control the patient can have over this, the rights individuals have to request copies of their data and how data is protected under Data Protection Legislation.
http://systems.digital.nhs.uk/infogov/links/nhscrg.pdf

The NHS Constitution
The NHS Constitution establishes the principles and values of the NHS in England. It sets out the rights patients, the public and staff are entitled to. These rights cover how patients access health services, the quality of care you’ll receive, the treatments and programmes available to you, confidentiality, information and your right to complain if things go wrong.
https://www.gov.uk/government/publications/the-nhs-constitution-for-england

NHS Digital
NHS Digital collects health information from the records health and social care providers keep about the care and treatment they give, to promote health or support improvements in the delivery of care services in England.
http://content.digital.nhs.uk/article/4963/What-we-collect

National Data Opt-Out
The national data opt-out is a service that allows patients to opt out of their confidential patient information being used for research and planning. Visit the website below to find out more information or to opt-out of having your patient information being used for research and planning.
https://www.nhs.uk/your-nhs-data-matters/

Download Appendix A
List of Data Protection Officers and Links to Privacy Notices Across GM Organisations