The Cramlington Hub Data Sharing Agreement
- This agreement covers sharing of sensitive data by GP Practices referring patients directly into The Cramlington HUB.
- Management of data shall occur in accordance with the Data Protection Act (DPA), GMC guidance on confidentiality and the Information Commissioner’s Office’s guidance on data anonymisation.
- In the best clinical interests of patients referred into The Cramlington Hub, and in line with the 7th Caldicott principle, consent for sharing of medical records between The Cramlington Hub and the referring GP Practice will be implied unless expressly dissented by the patient or referring GP Practice.
- Implied consent for sharing of records will be sufficiently advertised within the site of The Cramlington Hub as well as by the referring GP Practice.
Responsibilities of The Cramlington Hub
- The Cramlington Hub will ensure:
- it follows the relevant regulations and guidance set out by the ICO, GMC and NHS with regard to information governance
- it reviews its policies and procedures regularly, in particular with regard to new guidance or regulations
- this agreement is reviewed regularly, at a minimum, annually
- access to practice data will only be available to The Cramlington Hub staff with the appropriate training
- no personal or de-identified patient data is published to any other party without the express consent of the practice’s data controller, unless required to do so by law or a court order
- all personal and de-identified data is stored on computers, servers or memory devices that are approved and/or maintained by the North East Commissioning Support Unit, or its successor. Any paper records will be stored in a suitable secure environment
- that when personal or de-identified data is shared for secondary care purposes, data from patients who have opted out of sharing of data for secondary uses will not be shared in any event.