Increasingly, patient medical data is shared e.g. between GP surgeries and District Nursing, in order to give clinicians access to the most up to date information when attending patients.

The systems we operate require that any sharing of medical information is consented to by patients beforehand. Patients must consent to sharing of the data held by a health provider out to other health providers and must also consent to which of the other providers can access their data.

e.g. it may be necessary to share data held in GP practices with district nurses but the local podiatry department would not need to see it to undertake their work. In this case, patients would allow the surgery to share their data, they would allow the district nurses to access it but they would not allow access by the podiatry department. In this way access to patient data is under patients' control and can be shared on a 'need to know' basis.

 Data Protection

There is a Central NHS Computer System called the Emergency Care Summary (ECS). The Emergency Care Summary is meant to help emergency doctors and nurses help you when you contact them when the surgery is closed. Initially, it will contain just your medications and allergies.

Later on as the central NHS computer system develops, (known as the ‘Emergency Care Summary'), other staff who work in the NHS will be able to access it along with information from hospitals, out of hours services, and specialists letters that may be added as well.

Your information will be extracted from practices such as ours and held on central NHS databases.   

As with all new systems there are pros and cons to think about. When you speak to an emergency doctor you might overlook something that is important and if they have access to your medical record it might avoid mistakes or problems, although even then, you should be asked to give your consent each time a member of NHS Staff wishes to access your record, unless you are medically unable to do so.

On the other hand, you may have strong views about sharing your personal information and wish to keep your information at the level of this practice. Connecting for Health (CfH), the government agency responsible for the Emergency Care Summary have agreed with doctors’ leaders that new patients registering with this practice should be able to decide whether or not their information is uploaded to the Central NHS Computer System.

For existing patients it is different in that it is assumed that you want your record uploaded to the Central NHS Computer System unless you actively opt out.

As of 16th August 2021, Baronscourt Surgery has withdrawn from the Dataloch Project.

No Baronscourt patient data will be shared from that date.

NHS Lothian takes patient confidentiality extremely seriously and has a well-deserved reputation for robust governance processes. We would never act to compromise patient data.

Every day, medical research and innovation is carried out by researchers across the UK using data that has been recorded during a patient’s treatment and is processed to ensure their identities are not revealed. This practice, which analyses symptoms, treatments and outcomes has allowed great strides and advances to be made in developing lifesaving treatments in many specialties, including cardiac care and also COVID-19. Without this research, breakthrough treatments and vaccines would be impossible.

DataLoch’s purpose is to enable these data-driven health and social care innovations to improve the health and lives of the region’s population. These activities are entirely in the public interest. Patient data is not being sold to private organisations, nor is it leaving the control of the NHS.

Access to extracts of data are provided to NHS service managers and medical researchers, approved by the NHS Lothian’s Caldicott Guardian and under strict controls. The data has identifying information removed and sits in a secure IT environment.

Where is the data held by DataLoch? And how is it kept secure?

DataLoch currently holds data from NHS Lothian only. All personal health data remains securely within NHS Lothian, and identifiable data is not accessible to researchers.

DataLoch builds on the existing model set up as the Lothian Regional Safe Haven. In line with data protection legislation, DataLoch has a Data Protection Impact Assessment. This is being continually reviewed and updated as any changes are made to how DataLoch operates, and as additional data partners join.

There is a robust governance model in place. Any projects applying to work with DataLoch have a full review, including members of the public, to ensure strict criteria are met.

DataLoch have a Public Reference Group, open to new members, who help to guide and inform the team’s approach and processes.

What is the DataLoch project?

DataLoch is a collaboration between NHS Lothian and The University of Edinburgh. In future, Local Authorities and NHS health boards in South East Scotland will be invited to participate and that will help generate insights and innovation in health and social care.

DataLoch will

• bring together health and social care data for the region

• work with experts in health and social care to understand and improve this data

• provide safe access to de-identified data for academics, clinicians and innovators to help them solve the challenges that really matter.

Who can you contact if you have concerns, want further information, or wish to be involved further?

Data Concerns NHS Lothian DPO - Loth.DPO@nhslothian.scot.nhs.uk