Whilst data sharing contributes effectively to providing efficient services to both private and public sector users it is not appropriate for companies and public bodies to do this without due attention to the need of the public right to remain in control of who is using their information and for what purpose the information is being used. As a consequence of this public right and in order to help businesses and public bodies share people’s personal information the Information Commissioner’s Office (ICO) have provided a code of conduct that includes good practice on how best to achieve this.
Data sharing, in terms of the ICO’s code of conduct, refers to the disclosure of personal data between or within organisations. This should be carried out with due regard to the Data Protection Act and other considerations such as statutory prohibitions on sharing or a duty of confidence. In circumstances where a duty of confidence applies or is expected - for example medical or banking information - then legal advice will need to be taken. Examples of the sharing of personal data includes;
· a GP sending information about a patient to a local hospital
· a local authority disclosing personal information about its employees to an anti – fraud body
· a retailer providing customer details to a payment processing company
It is important to note that there are differences in the rules that apply to the sharing of data in public sector organisations – which have common law powers to share information – and private organisations which must comply fully with the data protection principles and any specific legal constraints. However, in genera,l these are found not to be too restrictive.
Regardless of whether the sharing of personal data is relevant to a public or private organisation it is important to have strong governance rules which are fully transparent and understood by all parties. A key governance control in achieving this is the data sharing agreement (some times referred to as a data sharing protocol). This sets out a common set of rules binding all the organisations involved in the data sharing agreement and should typically address issues such as :
· purpose of the data sharing initiative
· the organisations that will be involved in the data sharing
· the data items to be shared
· the basis of sharing
· information governance compliance
With the changes to the commissioning of health care provision and the increase in complexity and diversity of health care providers then the need to share personal data between and within the commissioning and provider communities will undoubtedly offer significant challenges. Essential to meeting these challenges is the existence of good information governance framework.
If you need support in achieving this then speak to one of the WWRL information governance experts today.