Skip to navigation

Fact sheet

Information and data sharing

Information/data sharing - the legal position

It is perfectly acceptable to share information between agencies and between the carer and cared for person, so long as there are consents and protocols in place.

Using the Caldicot principles should allow sensible practice.

Principle 1: Justify the purpose(s)
Every proposed use or transfer of personally identifiable information within or from an organisation should be clearly defined and scrutinised, with continuing uses regularly reviewed by the appropriate guardian.

Principle 2: Do not use personally identifiable information unless it is absolutely necessary.
Personally identifiable information items should not be used unless there is no alternative.

Principle 3: Use the minimum personally identifiable information.
Where the use of personally identifiable information is considered to be essential, each individual item of information should be justified with the aim of reducing identifiably.

Principle 4: Access to personally identifiable information should be on a strict need to know basis.
Only those individuals who need access to personally identifiable information should have access to it.

Principle 5: Everyone should be aware of their responsibilities.
Action should be taken to ensure that those handling personally identifiable information are aware of their responsibilities and obligations to respect patient/client confidentiality.

Principle 6: Understand and comply with the law.
Every use of personally identifiable information must be lawful. Someone in each organisation should be responsible for ensuring that the organisation complies with legal requirements.

It is sensible to gain consent from the cared-for person, for information to be shared with the carer.