A response from Joining Up Your Information; and my reply

Four days ago, I got a letter about Gloucestershire NHS’s Joining Up Your Information scheme, which I was not really happy about.


I sent them a query about some questionable wording. And yesterday, I got this response:

Dear Dr Taylor

Thank you for your message and the points you raise.

It will always be impossible to predict how laws might be changed in future. All we can say for now is that information will not be passed on or sold to any external organisations.

Under the Data Protection Act 1998 there is an exemption in relation to the disclosure of personal data where it is made for the purposes of crime prevention or taxation purposes. This would need to be considered on a case by case basis, and only allows the disclosure, rather than requiring it.

There would need to be clear evidence, rather than simply a suspicion, before any details were passed on to appropriate organisations for any further investigations.

If this does not address your concerns, please supply your unique reference number and NHS number and the massage “do not share” and you will be opted out.


Marcus Duffield | Communications, Joining Up Your Information – Gloucestershire’s Shared Health and Social Care Information Project | IM&T Planning & Programmes | NHS South, Central and West Commissioning Support Unit

I’m actually pretty happy with what this email says about the privacy policy. The problem is that it’s not the same thing as the formal letter says. So I have sent this followup:

Dear Marcus Duffield,

Many thanks for getting back to me. I think that the policy and approach outlined in your email to me is very good, and I would unhesitatingly sign up for JUYI on the basis of that policy.

Unfortunately, it’s not at all what the actual letter says. I remind you the wording is “Personal health and social care information will only be available to authorised local health and social care professionals and will never be passed on to anyone else unless we have your consent or it is allowed by law“.

This means that you only need my consent to give my information to other parties if you are not allowed by law to do so! Surely this cannot be what was meant. The clause should read “unless we have your consent or it is required by law” (which would cover the “crime prevention or taxation purposes” that you mentioned.

But the wording of the letter as sent says that you are free to do anything at all with my data so long as it’s allowed by law; and since you would in any case not be permitted to do something that is not allowed by law, the clause effectively says nothing at all. It allows my data, and that of everyone else who doesn’t opt out, to be used for any non-illegal purpose. — for example, selling to health-insurance companies. I hope you will agree with me that this is not acceptable.

I would like to see a formal statement on the http://www.mylocalsharedcareinfo.org/ website clearly and prominently explaining that the wording in the letter is in error, and that the letter should have said “… unless we have your consent or it is required by law”. On that basis I would be delighted to join up; and I am sure many other Gloucestershire residents would be happier about the scheme.


— Mike.

Further bulletins as events warrant.


2 responses to “A response from Joining Up Your Information; and my reply

  1. Unfortunately, they can’t meet both their desires and your demands with the current wording of the law (as far as I can tell from the email). They want to be able (on a case by case basis) to disclose information without consent for crime prevention or tax purposes. According to the email, the law ALLOWS them to do that in those cases, but doesn’t REQUIRE them to do that. Because the law doesn’t require it, they can’t change the wording to “require” without losing the ability to disclose information without consent in those situations.

    In other words, this is not just a two-state situation: There are disclosures the law prohibits, there are disclosures the law allows (gives them discretion over), and there are disclosures (presumably?) that the law compels.

  2. That’s a good analysis, Jeshua. But I’d go further and split your middle category into two: discretionary disclosures that are acceptable (e.g. for crime prevention) and discretionary disclosures that are unacceptable (e.g. selling to health-insurance companies). The difficulty is coming up with a form of words that allows the former but not the latter.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.