Information governance (IG) - nhsconnect/gpc-consumer-support GitHub Wiki
In order to meet the specification for Access Record: HTML, Access Record: Structured and Appointment Management, you must provide the organisation in the JWT header which is reflective of the organisation or service from which the request originates. For example, you may send:
a) the physical location where the user is logged in
b) the service whom the user is working on behalf of (these may not always have static physical locations)
c) a combination of a and b where the consumer system is being developed on behalf of (for example) a shared care record or trust
This information is vital for audit purposes and is in line with GDPR Legislation, Article 5 (Art. 5 GDPR – Principles relating to processing of personal data | General Data Protection Regulation (GDPR) (gdpr-info.eu)).
NHS England is a Joint Data Controller for the GP Connect products. This granularity of access is required to determine 'Purpose of Access' where multiple services are being offered by larger organisations. If only the highest level of ODS Code is used, this may lead to ambiguity in relation to why the patient data has been accessed. The requirement allows us in our Joint Data Controller relationship with the GP practice to comply with the following stipulations under Article 5 of the GDPR Legislation:
Personal Data shall be:
a. processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
b. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
Below is a fictional worked example, to aid understanding.
Springfield Care Record is accessed at the following organisations:
| Code | Organisation |
|---|---|
| ABC1 | Holby City Hospital |
| AB2 | Seattle Grace Teaching Hospital |
| AB3 | Mercy Hospital |
| ABC4 | Shady Acres Mental Hospital |
| ABD1 | Shady Pines Retirement Home |
| ABF2 | Community General Hospital LA |
Users may work across these services, but when working on behalf of one service the Springfield Care Record populates the ODS Code of the organisation the user is working on behalf of and/or located at in the JWT header to fully comply with the audit requirements of GP Connect, and in turn comply with the GDPR legislation.
Newly agreed position (November 2021), agreed with NHS England IG, NHSD Caldicott Guardian and Shared Care Record Team:
To meet the specification for Access Record: HTML, Access Record: Structured and Appointment Management, you must provide the organisation in the JWT header which is reflective of the organisation or service from which the request originates. For example, you may send:
- The legal entity responsible for employing the user at the time they use GP Connect products (cannot be ‘Shared Care Record X’)
- The legal entity above must not cause surprise or alarm to patient or GP if seen in an audit train (for example, where the council are providing social care services, the council would likely cause surprise and so a child code for social care should be sent)
Important: Shared Care teams that have achieved the former model should not change, and consumers who can meet the more detailed model should continue to do so.
DPIA - Data Protection Impact Assessment
This Data Protection Impact Assessment has been undertaken during the development of the GP Connect service to enable NHS England to systematically identify and minimise the privacy and data protection risks of the introduction of this new service. Organisations that use GP Connect and consumers who have developed a system that incorporates GP Connect capabilities should use this document to understand NHS England's and their responsibilities as a controller or processor as part of GP Connect.
The Direction is the legal basis for an NHS England service as an instruction from the Department of Health and fits with budget. The Direction is a short letter referencing the details contained within a Direction Specification. This Specification is changed to reflect developments as long as these changes are within the permissive envelope established by the Direction. The DPIA is an ICO requirement. It captures the service, data flows, legal basis risks and mitigations among other confidentiality obligations identified by the ICO. The DPIA changes over time as the service develops and context and understanding change. A Direction is fixed until it is replaced. A Direction Specification changes as the service is developed and the DPIA also reflects these developments.
Medical examiners use case
The medical examiners use case is the use of GP Connect to enable healthcare providers to comply with their obligations under the Access to Health Records Act 1990, which requires them to provide medical examiners with medical records relating to deceased individuals for the purposes of reviewing a death pursuant to the Coroners and Justice Act 2009.