Data Sharing Agreement Pcn

Date Posted: April 8, 2021 by admin


Kathryn Heath is a senior partner in the IP, IT and Data Protection team. To discuss data protection, please email dataprotection@stephens-scown.co.uk. Helen Wallwork is a partner and director of our healthcare team. If you would like to discuss primary care networks, please email healthcare@stephens-scown.co.uk. You can also call us on 01872 265100. The IAP should clearly record the data that is shared between NCP member practices and (when the NCP is integrated) NCP member practices and the corporate vehicle. In recent months, our employment team and our specialized data protection team… Transparency is the key here, and it is important that patients know how their data is being processed, with whom it is shared and why. With a wider exchange of data across the network, the number of people with access to the data will inevitably increase, so it is important that this is recorded and managed properly in data allocation and IAP. One of the key challenges will be whether a practice will act as a data manager for other network practices or whether transfers between a processing manager and another processing manager will take place, which can be a complex area of data protection legislation.

When one practice is used as a data transformer for another, further action must be taken in accordance with the RGPD`s data processor appointment requirements. According to the RGPD, there must be a legal basis for the transmission of personal data. There is no single legal basis for the transmission of personal data and what is appropriate depends on the nature of the data, the purpose of the processing and whether the party is acting in the public or private interest. To enable effective operation and meet the objective of the NCP, the exchange of data by NCPs must go beyond the legal exchange of information about direct patient care. This information allows you to assess the need and proportionality of the processing activity. Where risks to the human rights concerned are identified, the data protection impact analysis should specify how these risks are addressed or reduced. Don`t forget to consider all third-party interest representatives with whom the NCP can interact. Also consider third-party practices that may have access to other practices` personal data if data sharing continues. For example, an IT support company may support a family doctor`s office in the primary care network, but not the others. Transferring personal data within the network means that the third party can have access to the personal data of other members of the network. NHS England will establish an agreement on the sharing of NCP models to ensure compliance with the RGPD.

Under the RGPD, you must conduct a data protection impact analysis before starting any type of processing that could pose a high risk to the rights and freedoms of individuals, which would be desirable if personal data is transmitted via a NCP.





Other Posts