Patient Datastethoscope

Sharing your records with other providers of your care

Unless you tell us otherwise, other professional providers of your care will be able to view limited parts of your records BUT unless you are medically unable to respond at the time of treatment, you will ALWAYS be asked for your consent.

There are 3 types of sharing:

  1. Summary Care Record (SCR)
    A Summary Care Record is an automatically created real time electronic record which includes your medication including adverse reactions and allergies.
    Having this information stored in one place makes it easier for healthcare staff to treat you outside of your GP practice.
    You can change your mind at any time about whether or not you have a Summary Care Record, but you will need to tell us.
  2. Summary Care Record – SCR Additional Information
    This is an additional enhancement to the SCR service described above. You will need to explicitly request this.
    The additional information will include the following:

      • Significant problems (past and present)
      • Significant procedures (past and present)
      • Anticipatory care information and communication preferences
      • End of life care information
      • Immunisations

    Sensitive items related to IVF, STDs, terminations, gender re-assignment etc are automatically excluded so if you require these to be included you need to provide specific consent for these to be added.

  3. Sharing methods outside of GP services
    This is via the Medical Interoperability Gateway (MIG) and Enhanced Data Sharing (eDSM) – a different method of sharing information held on your records and is ONLY shared with appropriate professional services who have undergone security assessments (eg Ambulance and Out of Hours Services, Community Health; Social Care) and are working with you to provide support, so your information is available when it is needed most. Health and Social Care Professionals will still ask for your consent to view certain information when treating and supporting you, which means that you are always presented with an option to agree or disagree.

The only exception is ‘duty of care’, which means that confidentiality can be over-ridden, if, for instance, there are safeguarding concerns about someone’s welfare or in a medical emergency and consent cannot be obtained. Only authorised health and social care staff involved in your care would be able to access your information, and only specifically to be able to do their job.

Derbyshire Health and Social Care Website and animation to support the implementation of the Medical Interoperability Gateway (MIG) project can be accessed here:

Access to SCR and MIG is in a coded format across secure NHS networks and accessed by trained Health Professionals with Chip and Pin smartcard access with relevant access rights embedded in it.


There are a number of public misconceptions about how data will be used. These are mostly due to a confusion around the different types of data that will be released by the Health and Social Care Information Centre (HSCIC).

To make it easier the different types of data will be referred to as:

  • red (personal confidential data)
  • amber (pseudonymised data)
  • green (aggregated or anonymised data)

Each “colour” of data is protected by a different suite of privacy safeguards. For an explanation, see this blog by the Chief Data Officer.

For the avoidance of doubt:

  • Data will not be made available for the purposes of selling or administering any kind of insurance
  • Data will not be shared or used for marketing purposes (FAQ 23)
  • NHS England and the HSCIC will not profit from providing data to outside organisations (and certainly not your GP!)

Privacy Impact Assessment

For patients who wish to understand more about how their data is protected, a Privacy Impact Assessment has been published for the programme. This document provides details about the privacy implications of the programme (both negative and positive) and explains how each risk is being mitigated. In addition, the HSCIC has published a Privacy Impact Assessment 2013 for all the personal data it processes, which includes the data extracted for