Skip to main content

Medical Records: Data Protection

Question for Department of Health and Social Care

UIN HL6452, tabled on 6 July 2020

To ask Her Majesty's Government whether the Data Protection Impact Assessment for the NHS COVID-19 Data Store published on 5 June covers the release of patient identifiable information to local public health teams; and if so, which (1) legal, or (2) policy, provisions prevent local directors of public health from receiving such information.

Answered on

17 July 2020

The COVID-19 Data Store does not hold patient identifiable data, as all data is de-identified (pseudonymised) in line with Information Commissioner’s Office (ICO) guidance and best practice, prior to being imported to the database. Therefore, the release of patient identifiable information to local public health teams, via the COVID-19 Data Store, is not possible.

NHS England is the data controller for all data held within the COVID-19 data store and ensures (via contractual arrangements) that data storage and processes are fully compliant with legislation and best practice.

Answered by

Department of Health and Social Care