UK Healthcare Recording Legal and Professional Position
This page synthesises the current UK legal, professional, and NHS operating position on recording healthcare information and healthcare delivery. It is an evidence and architecture page, not legal advice.
Use it to decide what a Health Connect, HealthShare, DMICP, DSIC, shared-care-record, clinical-viewer, portal, analytics, or AI workflow must prove before the wiki treats record handling as safe or compliant.
Executive Position
The UK position is layered. A healthcare record is not just an administrative artefact; it is part of clinical care, continuity, accountability, patient rights, professional practice, information governance, safety, and interoperability.
The controlling model is:
- Healthcare information is personal data and, where it concerns health, special category data under UK GDPR and Data Protection Act 2018.
- Confidential patient information is also subject to the common law duty of confidentiality, Caldicott governance, and sometimes section 251 support for non-consented medical purposes.
- Clinical professionals must make clear, accurate, timely, attributable, secure records of their work, decisions, consent, risk, information shared, and care delivered.
- Providers must maintain secure, accurate, complete, contemporaneous records of care, treatment, decisions, incidents, candour communications, governance arrangements, and service delivery.
- Records-management, retention, disposal, archive/public-records obligations, and access routes vary by UK nation, record type, and local provider policy.
- Digital delivery adds standards, terminology, provenance, audit, access-control, clinical-safety, information-standard, and supplier-role requirements.
- PECR is a separate electronic-communications and storage/access layer for portals, apps, cookies, reminders, surveys, messaging, and direct-marketing boundaries; it is not the general law for clinical record keeping.
Legal Alignment For Healthcare Records Creation And Maintenance
Use this section as the general legal-alignment model for creating and maintaining healthcare records. It is deliberately broader than DSIC, DMICP, HealthShare, Health Connect, or any single UK nation. The question is whether the actual workflow can lawfully and professionally create, update, preserve, share, correct, retrieve, audit, and dispose of healthcare records.
| Record lifecycle area | Alignment question | Evidence needed before relying on a deployment |
|---|---|---|
| Record creation | Does the workflow support clear, accurate, prompt, attributable records of clinical findings, decisions, treatment, consent, risk, information shared, and next actions? | Configured forms/templates, mandatory/structured fields where clinically justified, author/time/source capture, professional workflow mapping, local policy, clinical safety case, and user training evidence. |
| Record maintenance and amendment | Can the record be updated, corrected, annotated, versioned, and audited without destroying the historical clinical account? | Amendment/correction workflow, audit trail, version history, dispute/annotation process, data-quality controls, export/search procedure, and role permissions. |
| Confidentiality and direct-care sharing | Is confidential patient information shared through consent, implied direct-care sharing, anonymisation, statutory support, public-interest route, or section 251 where needed? | Confidentiality assessment, Caldicott review, consent or implied-consent rationale, section 251 support where applicable, data-sharing agreement, access model, break-glass policy, and audit evidence. |
| Data protection and privacy | Are UK GDPR and Data Protection Act 2018 duties satisfied for the actual processing purpose, controller/processor model, special-category condition, transparency, rights handling, retention, and security? | Lawful basis, Article 9 condition, controller/processor matrix, DPIA, privacy notice, subject-rights procedure, retention/disposal schedule, security controls, processor terms, and complaint handling. |
| Electronic communications and patient-facing access | Does the service use portals, apps, cookies, local storage, tracking, reminders, surveys, or electronic messages that trigger PECR controls? | Storage/access technology assessment, cookie or app telemetry classification, consent/preference controls where needed, messaging purpose split, opt-out handling, processor role, and communications audit. |
| Provider governance and candour | Can the provider keep secure, accurate, complete, contemporaneous care records and record candour notifications, apologies, written follow-up, correspondence, and learning where incidents occur? | Provider policy, incident and duty-of-candour workflow, correspondence record, complaint/incident audit, governance reporting, and nation-specific candour alignment. |
| Records management | Does the deployment align retention, disposal, archive, legal hold, migration, and access routes to the relevant UK nation and record type? | England, Scotland, Wales, or Northern Ireland records-management code mapping; local retention schedule; archive/export/destruction process; migration and exit plan; and legal-hold procedure. |
| Digital standards and provenance | Are record content, terminology, provenance, audit, interoperability, clinical safety, and information-standard obligations handled by named standards rather than generic product claims? | Named standard applicability, PRSB/SNOMED/FHIR/GP Connect/MESH/ITK3/UK Core mapping where applicable, DCB0129/DCB0160, provenance model, endpoint/onboarding evidence, and supplier responsibility matrix. |
This alignment model does not prove that a named product or supplier is compliant. It defines the evidence a deployment must produce before the wiki treats healthcare-record creation and maintenance as legally and professionally supportable.
Act Labels And Scope
Do not collapse the statutory sources into one generic "NHS Act" label.
| Source | Current wiki meaning | Why it matters |
|---|---|---|
| UK GDPR | Core data-protection regime for personal data and special category health data. | Requires lawful basis, special-category condition, fairness, transparency, minimisation, accuracy, security, accountability, and individual-rights handling. |
| Data Protection Act 2018 | UK statute supplementing UK GDPR and setting health/social-care conditions, exemptions, enforcement, and offences. | Provides Schedule 1 health/social-care conditions and offences such as unlawful obtaining or disclosure. |
| Privacy and Electronic Communications Regulations 2003 (PECR) | Specific privacy regime for electronic communications, marketing, cookies, storage/access technologies, and communications-service privacy. | Relevant to portals, patient apps, tracking, cookies, electronic reminders, direct-care versus marketing communications, surveys, and messaging configuration. |
| National Health Service Act 2006 section 251 | Confidentiality gateway for specified confidential patient information uses where consent or anonymised data is not practicable. | Relevant to research, service planning, audits, surveys, and some non-direct-care uses; it does not remove UK GDPR/DPA duties. |
| Health and Social Care Act 2012 section 250 | Base power for health and adult social care information standards in England. | Information standards are the legal route for consistent capture, governance, sharing, and digital exchange. |
| Health and Social Care (National Data Guardian) Act 2018 | Statutory role for the National Data Guardian. | Supports Caldicott and health-data governance authority; not a product conformance test. |
| Health and Care Act 2022 | Amended the England information-standard regime. | Moves applicable standards from "have regard" towards mandatory compliance for specified persons and adds monitoring/enforcement context. |
| Data (Use and Access) Act 2025 | Further amends data law and England health/adult social care information-standard powers. | Extends the information-standard question to IT, IT services, and information-processing services used or intended for health/adult social care in or in relation to England. |
| Public Records Act 1958 / Public Records (Scotland) Act 2011 / Public Records Act (Northern Ireland) 1923 | Public-sector records preservation, records-management, selection, transfer, archival, and public-record-office governance. | Relevant to retention, disposal, archive, transfer, public-authority records management, and public-sector accountability; not a clinical content standard or a patient-access route by itself. |
| Access to Health Records Act 1990 / Access to Health Records (Northern Ireland) Order 1993 | Statutory access route for deceased-patient health records in Great Britain and Northern Ireland. | Must be kept separate from living-patient subject access under UK GDPR/DPA and from FOI requests. |
| Freedom of Information Act 2000 section 46 code / FOIA personal-information boundary | Public-authority records-management code and public-information access regime. | Supports good records-management and public-authority request handling, but personal health records remain subject to personal-data, confidentiality, and exemption analysis. |
| Access to Medical Reports Act 1988 | Specific access/consent route for medical reports supplied for employment or insurance purposes. | Adjacent to healthcare-record access, but not the general route for clinical records, subject access, deceased-record access, or DSIC assurance. |
For this topic, use the clarified statutory chain explicitly: National Health Service Act 2006 section 251 for confidential-patient-information support, Health and Social Care Act 2012 section 250 for the England information-standard base, Health and Care Act 2022 for mandatory information-standard amendments, and DUAA 2025 for the IT / IT-service supplier extension. Keep those separate from Data Protection Act 2018, PECR, and Health and Social Care (National Data Guardian) Act 2018 evidence.
What Must Be Recorded
The evidence converges on a practical record of healthcare delivery. The record needs to show what was known, what was done, why it was done, who did it, who agreed it, what risk remained, and what should happen next.
| Recording area | What the record should evidence | Main source layer | Legal / statutory source layer |
|---|---|---|---|
| Clinical findings and assessment | Relevant history, examination, investigations, observations, diagnosis, problem list, risk, context, and clinical reasoning. | GMC, NMC, HCPC, provider governance. | UK GDPR / DPA accuracy and security; CQC Regulation 17 or equivalent provider-governance duty; records-management code for the relevant nation. |
| Treatment and medicines | Drugs, investigations, treatments proposed, provided, prescribed, declined, changed, stopped, or reviewed. | Professional standards and medicines safety context. | UK GDPR / DPA accuracy; provider governance; clinical-safety and terminology standards where treatment data is captured or exchanged electronically. |
| Decisions and actions | Decisions made, actions taken, no-action decisions, responsible person, review timing, referrals, delegation, and handover. | GMC consent/decision guidance, NMC Code, HCPC expectations. | UK GDPR / DPA accuracy and accountability; provider governance; confidentiality/Caldicott where decisions involve sharing confidential patient information. |
| Consent and shared decision making | Information offered, risks/benefits/alternatives discussed, patient questions, preferences, concerns, capacity/support, decision, and agreement or refusal. | GMC consent guidance, NICE shared decision making, GPhC consent/prescribing guidance. | Common law confidentiality, Caldicott, UK GDPR transparency, DPA conditions, and section 251 only where non-consented confidential-patient-information use needs statutory support. |
| Patient voice and accessibility | Patient concerns, preferences, reasonable adjustments, communication needs, and information provided in a suitable form. | GMC record guidance, NHS standards and patient-record quality context. | UK GDPR transparency and rights handling; provider governance; records-management and information-standard duties where patient preferences or communication needs become part of the record. |
| Continuity and coordination | Referrals, transfer-of-care information, care plans, shared-record content, provenance, and onward responsibilities. | PRSB, NHS information standards, professional duties. | Confidentiality/Caldicott, UK GDPR / DPA sharing basis, data-sharing agreements, and England information-standard powers where named standards apply. |
| Incidents and candour | Notifiable safety incidents, explanation, apology, written follow-up, correspondence, review, action plan, and learning. | CQC, Welsh and Scottish candour law/guidance, GMC/NMC professional candour. | CQC Regulation 20 in England; Welsh and Scottish candour legislation/guidance; Northern Ireland being-open/local HSC policy boundary; UK GDPR / DPA for incident-record processing. |
| Amendments and corrections | Original entry preservation where appropriate, correction or annotation, audit trail, reason for change, and dispute handling. | UK GDPR/DPA accuracy and rectification guidance, NHS amendment practice. | UK GDPR / DPA accuracy and rectification; records-management codes; access-to-records route for deceased-patient records where applicable. |
| Provenance and audit | Author, time/date, source system, source organisation, user role, access history, change history, data lineage, and system audit. | Professional record duties, PRSB provenance, GP Connect audit/provenance context, NHS digital standards. | UK GDPR accountability and security; DCB0129/DCB0160 clinical-safety duties; information standards and supplier-role analysis where digital standards apply. |
| Retention and disposal | Record type, retention schedule, legal hold, deletion/destruction process, archive, export, migration, transfer, and disposal authority. | England, Scotland, Wales, and Northern Ireland records-management codes; public-records / archival governance where the organisation and record type are in scope. | UK GDPR storage limitation and rights handling; national records-management codes; Public Records Acts / archival governance; Access to Health Records Act route for deceased-patient access where applicable; FOIA section 46 records-management code where public-authority record management is relevant. |
Legal And Data-Protection Layer
UK GDPR and the Data Protection Act 2018 are the baseline for living-patient personal data and special category health data. A deployment must be able to show the Article 6 lawful basis, Article 9 special-category condition, controller/processor roles, transparency, security, retention, data-subject-rights handling, and accountability evidence.
For healthcare records, three points matter:
- Data protection law does not itself authorise a breach of confidentiality. Common law confidentiality must also be satisfied.
- Individual rights such as subject access, accuracy, and rectification need clinical-record nuance. A past accurate record may remain as a historical fact while corrected information, annotation, or dispute statements are added.
- Deceased-patient access is not a standard subject access request. It follows Access to Health Records Act 1990 or the Northern Ireland Order route as applicable.
DUAA does not replace UK GDPR, DPA 2018, or PECR. It amends the data-protection/privacy framework and, separately, strengthens the England health/adult social care information-standard regime for IT and IT-service suppliers.
Confidentiality, Caldicott, And Section 251
Confidential patient information is governed by more than data protection law. NHS England and HRA material describe a common law duty of confidentiality: information shared in confidence generally cannot be disclosed without consent, a statutory/legal requirement, statutory power, public-interest justification, or another valid legal basis.
For direct care, implied consent may support sharing relevant information between care professionals with a legitimate relationship to the patient. For purposes beyond individual care, the deployment normally needs explicit consent, anonymisation, another legal gateway, or section 251 support where the legal tests are met.
Caldicott Principles provide health and care information-governance framing: justify the purpose, do not use patient-identifiable information unless necessary, use the minimum necessary, apply need-to-know access, ensure everyone understands responsibilities, comply with law, share where appropriate for care, and consider patient/public expectations.
PECR Layer
Privacy and Electronic Communications Regulations 2003 (PECR) sit alongside UK GDPR and DPA 2018. They are not the main clinical-record statute. They become important when the healthcare-delivery pathway uses electronic communications, patient-facing apps, portals, cookies, storage/access technologies, tracking, messaging, surveys, or direct marketing.
| PECR surface | Healthcare relevance | Evidence needed |
|---|---|---|
| Cookies and similar technologies | Patient portals, Personal Community-style apps, triage sites, analytics tags, local storage, device identifiers, pixels, scripts, and app telemetry. | Cookie/storage classification, strictly-necessary rationale or consent journey, privacy notice, preference controls, vendor list, and audit of storage/access technologies. |
| Electronic mail and text messages | Appointment reminders, care messages, service updates, surveys, campaigns, newsletters, and pharmacy/portal messages. | Direct-care versus marketing purpose split, consent or applicable exception, opt-out handling, message template, processor role, and communication audit. |
| Public electronic communications services | Where a supplier provides or operates communication services to the public. | Security and breach-notification responsibilities, service model, supplier role, and contract allocation. |
| Traffic, location, directory, and customer privacy data | Usually adjacent unless a service handles location, telephony, call records, communication metadata, or directory listings. | Data-flow map, purpose, lawful basis, retention, and whether PECR-specific rules apply. |
For HealthShare and Health Connect, PECR will usually be a patient-facing or messaging-channel question, not a HealthShare clinical-record-core question. It becomes material for patient portals, notifications, surveys, campaign messaging, website/app analytics, tracking, and any electronic-communications service operated for patients or users.
Professional Duties
The professional position is consistent across the major regulators: records must be clear, accurate, prompt or contemporaneous, attributable, secure, and sufficient to support safe care and accountability.
| Regulator | Current record-keeping position | Evidence boundary |
|---|---|---|
| GMC | Doctors must make formal records, including patient records, clear, accurate, contemporaneous, and legible. Records usually include clinical findings, medicines/investigations/treatment, information given, patient concerns/preferences, reasonable adjustments, decisions, actions, review timing, and author/time details. Consent and candour guidance add decision, information-sharing, apology, and incident-recording requirements. | Applies to medical professional duties; local policy and specialty rules may add detail. |
| NMC | Nurses, midwives, and nursing associates must keep clear and accurate records relevant to practice, complete them at the time or as soon as possible, identify risks/problems and steps taken, avoid falsification, and ensure entries are attributable, dated, timed, and secure. | Applies to NMC registrants and must be mapped to local electronic-record workflows. |
| HCPC | Registrants must keep full, clear, accurate, prompt, safe records for everyone they care for, treat, or provide services to, in line with legislation, protocols, and guidelines. | Applies across HCPC professions; content depends on profession and setting. |
| GPhC | Pharmacy professionals must provide person-centred care, communicate, get consent, work with others, make and use records of care, and maintain confidentiality. | Important for community-pharmacy services, GP Connect Update Record, prescribing, and pharmacy clinical-service workflows. |
The practical implication is that a digital system cannot be assessed only on whether it stores data. It must support timely entry, attribution, amendment handling, review, sharing, audit, access control, and retrieval in the workflow where care is actually delivered.
Provider Governance And Candour
In England, CQC Regulation 17 requires secure, accurate, complete, contemporaneous records of care, treatment, and decisions, and records needed for regulated-service governance. Regulation 20 duty of candour adds notification, apology, written records, written follow-up, and correspondence handling where a notifiable safety incident occurs.
Candour varies by nation:
| Nation | Position | Evidence handling |
|---|---|---|
| England | CQC Regulation 20 statutory duty of candour applies to registered providers, alongside professional candour duties. | Keep provider and professional responsibilities distinct. |
| Wales | Health and Social Care (Quality and Engagement) (Wales) Act 2020 came into force on 1 April 2023 and includes duty-of-candour provisions for NHS bodies. | Use Wales-specific statutory guidance and local NHS body policy for deployment proof. |
| Scotland | Health (Tobacco, Nicotine etc. and Care) (Scotland) Act 2016 and Duty of Candour Procedure (Scotland) Regulations 2018 establish organisational duty of candour, with revised 2025 guidance. | Use Scottish Government guidance and annual-report/incident procedure evidence. |
| Northern Ireland | Current source pass found consultation / Being Open framework direction rather than a confirmed enacted statutory duty equivalent. | Do not infer England/Wales/Scotland statutory status; use local HSC policy and any later legislation if found. |
Records Management By Nation
The UK does not operate one single operational records-management code.
| Nation | Current records-management source | Practical meaning |
|---|---|---|
| England | NHS England Records Management Code of Practice, last edited 1 June 2026, plus NHS England record-quality and DSPT guidance. | Use for NHS England and organisations working within, under contract to, or commissioned for NHS/adult social care/public-health functions in England. |
| Scotland | Scottish Government Records Management Code of Practice for Health and Social Care, published 16 August 2024 and effective 30 August 2024. | Applies to data, information, and records in any format or processing stage for those working within or under contract to NHS organisations in Scotland. |
| Wales | Welsh Government Managing Health and Social Care Records: Code of Practice 2022 and WHC/2022/008. | Use for Welsh health and social care organisations and local retention/disposal policy. |
| Northern Ireland | Department of Health Northern Ireland Good Management, Good Records and disposal schedule. | Use for HSC organisations and those working under contract to HSC. |
Retention and disposal evidence must be record-type and jurisdiction specific. A generic statement that a product supports retention is not enough for deployment assurance.
Public Records And Health-Record Access Routes
Public-records law and health-record access law should be treated as adjacent but distinct layers. Public-records regimes are primarily about public-sector record creation, preservation, management, selection, transfer, archival custody, and public-accountability infrastructure. They do not define the clinical content of a healthcare record, do not by themselves authorise disclosure of confidential patient information, and do not prove DSIC, HealthShare, Health Connect, DMICP, or devolved-connectivity compliance.
For healthcare delivery, the practical separation is:
- Living-patient access normally sits in UK GDPR / Data Protection Act 2018 subject-access and rights-handling procedures, with clinical-record amendment nuance for accurate historical entries, professional opinion, annotations, and supplementary statements.
- Deceased-patient access is not a normal subject access request. Great Britain uses the Access to Health Records Act 1990 route; Northern Ireland has the Access to Health Records (Northern Ireland) Order 1993 route. The request, requester entitlement, disclosure scope, exemptions, third-party/confidentiality limits, and local procedure must be handled separately from living-person subject access.
- Freedom of Information Act 2000 and Environmental Information Regulations requests are public-authority information-access routes. They are not back-door access routes to personal health records, which remain governed by personal-data, confidentiality, and exemption analysis. FOIA section 46 is important here as a public-authority records-management code, not as clinical disclosure permission.
- The Access to Medical Reports Act 1988 is an adjacent consent/access regime for medical reports prepared for employment or insurance purposes. It should not be treated as the general route for clinical-record access, deceased-record access, shared-care-record access, or digital-health compliance.
| Layer | Applies to | What it controls | What it does not prove |
|---|---|---|---|
| Public Records Act 1958 / The National Archives / Welsh public-records context | England and Wales public records, UK central-government records, and Welsh public-records context where applicable, read with Welsh health/social-care records-management code for operational healthcare records. | Record selection, preservation, transfer, archival arrangements, records-management discipline, and public-sector accountability. | Does not prove patient consent, lawful basis, confidentiality route, clinical record quality, DSIC compliance, or a named supplier deployment. |
| Public Records (Scotland) Act 2011 | Named Scottish public authorities and records-management-plan duties, read with the Scottish health and social care records-management code for operational deployment proof. | Records-management plan discipline, authority-level accountability, retention/disposal policy, and records governance. | Does not make a HealthShare / Health Connect deployment compliant, and does not replace Scottish health/social-care code, confidentiality, UK GDPR/DPA, or clinical-safety evidence. |
| Public Records Act (Northern Ireland) 1923 / PRONI | Northern Ireland public records and public-record-office custody, read with Department of Health Northern Ireland Good Management, Good Records for HSC records. | Public-record preservation, public-record office transfer/custody, and records-management expectations for NI public bodies. | Does not prove access to personal health records, HSC deployment assurance, encompass integration, or InterSystems involvement. |
| Access to Health Records Act 1990 / Access to Health Records (Northern Ireland) Order 1993 | Deceased-patient health-record access in Great Britain and Northern Ireland. | Who can request access to a deceased patient's health record and how that route differs from living-patient subject access. | Does not govern living-patient SARs, FOI requests, DSIC compliance, or general record creation duties. |
| FOIA / EIR / FOIA section 46 records code | Public authorities and public-sector information/records-management practice. | Public-information access process, exemptions, and public-authority records-management good practice. | Does not override personal-data protection, confidentiality, clinical professional duties, or deceased-record AHRA controls. |
| Access to Medical Reports Act 1988 | Medical reports prepared for employment or insurance purposes. | Consent/access process for those reports before or around disclosure to the commissioning employer/insurer context. | Does not cover ordinary clinical-record access, shared-care-record disclosure, public-record transfer, or digital-health standards compliance. |
The implementation implication is that retention, archive, export, migration, subject access, deceased-record access, FOI, medical-report disclosure, and shared-care-record viewing must be designed as separate operational workflows. A single "records access" feature is not enough unless it proves the correct legal route, requester entitlement, role authority, redaction/exemption handling, audit, correspondence record, and local policy for each route.
Digital Standards And Interoperability
Digital recording of healthcare delivery requires more than a repository:
- Record content and interoperability standards: PRSB, transfer-of-care standards, Core Information Standard, GP Connect, FHIR/UK Core, MESH, ITK3, and related NHS Standards Directory entries where applicable.
- Terminology: SNOMED CT is mandatory for clinical terms in electronic patient records for NHS providers in England; devolved nations run their own programmes.
- Clinical safety: DCB0129 and DCB0160 separate manufacturer and deployment/use clinical-risk responsibilities for health IT in England.
- Provenance and audit: records need source, author, organisation, role, time, and change/access history sufficient for clinical safety, accountability, and sharing.
- Information standards: section 250 of the Health and Social Care Act 2012 is the base, Health and Care Act 2022 moves applicable standards toward mandatory compliance, and DUAA 2025 extends the supplier/IT-service question.
For this wiki, the strongest England standards-governance chain is:
Health and Social Care Act 2012 section 250 -> Health and Care Act 2022 mandatory compliance amendments -> DUAA 2025 section 121 / Schedule 15 supplier and IT-service extension -> NHS Standards Directory / DAPB / DAB / named standards -> deployment artefacts.
Applying The Legal Alignment Model To Digital Health Workflows
Digital-health tooling can support parts of the record-handling problem, but compliance is an implemented operating model, not a product label. Use the rows below as examples of how to translate the general healthcare-record alignment model into a specific deployment.
| Workflow layer | What tooling can support | What still needs proof |
|---|---|---|
| DMICP to CORTISONE mediation | Health Connect can plausibly mediate source feeds, transform HL7/FHIR/CDA/SDA-style payloads, route messages, monitor interfaces, and support operational integration patterns. | DMICP interface catalogue, source data model, extract/API route, mapping rules, data-quality controls, clinical-safety case, and operational runbook. |
| Shared-care record | HealthShare UCR, Clinical Viewer, EMPI, and Provider Directory can support longitudinal record, presentation, identity matching, and provider-directory patterns. | Component/version scope, licensed/configured modules, RBAC/SSO/audit, provenance, source-system authority, matching/stewardship, correction workflow, DSA/DPIA, and clinical safety artefacts. |
| England DSIC / NHS standards application | Health Connect and HealthShare can be relevant to GP Connect consumption, MESH/ITK3-style messaging, PDS/ODS/SDS dependencies, shared-care viewing, and integration. | Named DSIC/Buying Catalogue or supplier role, standard applicability, GP Connect onboarding, NDSA/DSA/DPIA, DCB0129/DCB0160, endpoint/certificate/monitoring evidence, and supplier RACI. |
| Four-nation extension | Common Health Connect / HealthShare architecture can be reused as an adapter model. | Wales, Scotland, and Northern Ireland need nation-specific identifiers, portals, shared-record routes, message/API routes, governance, retention, candour, onboarding, and approval artefacts. DSIC and DUAA section 121 are England labels unless a future official source says otherwise. |
| Patient-facing services | HealthShare Personal Community-style portals and related apps can expose records and communications. | UK GDPR/DPA transparency and rights, PECR cookies/storage and messaging controls, proxy access, consent/opt-out, child/accessibility design, security, audit, and local policy evidence. |
| Analytics, research, and AI | HealthShare Health Insight, OMOP, FHIR export, AI Assistant, and Health Connect routing may support secondary-use workflows. | Lawful basis, special-category condition, common-law confidentiality gateway, section 251 or consent/anonymisation where needed, research approval, minimisation, pseudonymisation, model governance, human review, and clinical-safety evidence. |
The decision boundary is therefore: Health Connect and HealthShare may be suitable tooling for recording, mediating, sharing, presenting, and auditing healthcare delivery information, but the deployment must prove legal basis, confidentiality route, professional workflow support, provider governance, national records-management alignment, PECR controls where applicable, information-standard applicability, clinical safety, and local assurance.
What This Proves And Does Not Prove
What this page proves:
- UK healthcare recording is a layered legal, professional, provider-governance, records-management, and digital-standards problem.
- UK GDPR, DPA 2018, confidentiality, Caldicott, section 251, PECR, records-management codes, professional duties, candour duties, and information standards must be kept separate.
- The England information-standard path has materially strengthened: section 250 HSCA 2012, Health and Care Act 2022 mandatory-standard amendments, and DUAA 2025 supplier/IT-service extension all matter to digital-health tooling.
- Public-records law adds preservation, records-management, transfer, and archival/public-accountability obligations; Access to Health Records legislation adds a deceased-record access route; neither should be confused with living-patient SARs, FOI access, clinical-record content, or DSIC/product compliance.
- InterSystems product relevance cannot be converted into compliance without deployment-specific artefacts.
What this page does not prove:
- It does not prove any specific HealthShare, Health Connect, IRIS for Health, TrakCare, FHIR Services, or partner deployment is compliant.
- It does not replace legal advice, DPIA, DSA, clinical-safety case, local policy, professional judgement, or Caldicott review.
- It does not prove DSIC compliance, GP Connect onboarding, MESH/ITK3 assurance, or devolved-nation connectivity approval.
- It does not mean PECR applies to every clinical record; PECR applies where electronic communications, cookies, storage/access technologies, or related communications-service privacy rules are engaged.
- It does not mean public-records law, FOI, AHRA, or AMRA can be used interchangeably. Each route has a different purpose, requester model, disclosure test, and evidence requirement.
Open Validation
| Gap | Why it remains open | Holding route |
|---|---|---|
| Record-type retention | Retention is record-type, nation, and local-policy specific. | Use England, Scotland, Wales, and Northern Ireland records-management codes and local policy artefacts. |
| Public-record status and transfer route | Whether a body, record set, archive route, place of deposit, or public-record-office transfer duty applies can be organisation-specific. | Use the relevant public-records law, national records-management code, local records-management policy, and archive/transfer procedure before asserting deployment compliance. |
| Access route separation | A deployment may support search/export but still need separate procedures for living SARs, deceased-record access, FOI/EIR, medical reports, redaction, exemptions, and correspondence records. | Prove each route through local policy, controller process, access-control model, audit trail, request-handling records, and redaction/exemption workflow. |
| Northern Ireland candour | Current pass supports consultation / Being Open direction, not confirmed enacted statutory duty equivalent. | Recheck only if NI candour status becomes decision-blocking. |
| Local implementation | National law and professional duties do not prove a named supplier deployment. | Use DSIC HealthShare Compliance Map, Evidence Validation Queue, DPIA/DSA, DCB0129/DCB0160, supplier RACI, and customer artefacts. |