Information sharing explained - Ripple OSI

As we move Health and Social Care into the 21st Century, the need to improve care underpinned by better information sharing is paramount. For many health and social care professionals, efforts around “information sharing” have become a real challenge. Central to this has been the growing confusion about good practice in information governance, particularly when it comes to information sharing. Our experience is that even the language has become so overly complicated that is has become a barrier to progress in its own right.

We wanted to delve deep into what is at issue here, looking for some patterns to make this area a whole lot simpler, in essence a Plain English guide to Information Sharing. We first published an article on this back in May and through feedback and further collaboration, matured the guide as detailed below.

To explain our Plain English guide to Information Sharing, we wanted to try a Who, Where, What, Why, When and How approach. Please click on the boxes to explore this further.

We have also developed a diagram to explain information sharing in a visual form. We have made this diagram more relevant by emboldening the terms and phrases it contains where they appear in the explaining text.


Following on from this work we have developed a series of information governance templates and additional material which can be found on our documentation pages.

WHO is involved in the information sharing

  • An individual person who, in times of need seeks help from a health or social care professional.
  • Health and social care professionals – usually begins with a one-to-one doctor/patient consultation and extends to include care professionals from different services or organisations who form a team responsible for co-ordinating care and treatment depending on what that patient needs. For example:
  • GP’s and other clinical support staff
  • specialist doctors such as a hospital consultant
  • nurses and midwives
  • physio and other therapists
  • radiology and laboratory staff processing test results
  • pharmacists
  • social care staff

Who” can also include:

  • staff involved in the management of health and social care services including administrative staff who book appointments, make sure paper records or other relevant information is available at the point of care, write letters, greet people at clinics, receive telephone calls and other supporting tasks.
  • The academic sector who conduct research studies in pursuit of new or improved remedies and treatment.
  • Public Health England or more local public health services that protect the public from infectious diseases and other hazards to health and also undertake other activities to improve the public’s health and wellbeing.
  • Health screening services offered by NHS England which are designed to detect health problems early.
  • Organisations such as NHS Commissioning Support Units who provide support and information to ensure that Clinical Commissioning Groups and local authorities are able to buy, contract and monitor services effectively.

Whoever is using information about a person, they are bound by laws, contracts and professional codes of conduct to use it responsibly and keep it confidential.

WHY is information shared

  • to support the direct care of the patient (e.g. a patient attending their GP or local Emergency Department, or are being cared for by a team of district nurses or a wider team of various health and social care professionals). This is called the primary use of information.


  • to assess the quality and safety of care being provided or for management purposes, for example to identify growing needs across an area or analyse the cost of services or ways in which they can be improved. This happens after the information has been anonymised. This is the secondary or indirect care use of that information. The information is also used to inform commissioning decisions – decisions based upon facts and statistics which are used to determine where services need to be delivered and who they need to be delivered to. This ensures that resources are focussed in the right areas and helps health and social care deliver more efficient and effective services.

WHEN is information shared

  • Information about a person is shared when health and social care professionals need it to provide safe care of the highest quality.
  • By law GPs have to share information with Public Health England when a patient with a “notifiable disease” is identified. This helps to control the spread of infection and protects the public.
  • Information is also shared when it is necessary to protect a child or vulnerable adult from harm.
  • Information is only shared when it is fair and lawful to do so. There are legal and ethical rules of confidentiality and privacy which mean that an individual’s rights have to be respected.

HOW is information shared

All health and social care organisations must use personal confidential data within the legal framework. These organisations are responsible for ensuring that they have good information governance practices in place and have trained their staff so that information is appropriately managed and individual’s rights are respected.

These organisations operate with “fair processing” principles. This is where the health and care organisations involved communicate as widely as they reasonably can to tell people that their personal information will be shared between professionals when it is “fair and lawful” to do so.

To support the joining up of services, information needs to be shared more widely to improve care, therefore in the majority of cases, consent to information sharing is simply implied so people can do their jobs as effectively as possible.

Sometimes people have concerns about what information is being shared and who with and and may want to limit or stop it from being shared.

If concerns are raised, patients will be made aware of who to contact to discuss information sharing and how they can opt in or opt out. Patient choices will be respected and all efforts will be undertaken to respect these wishes. Unless informed otherwise, the general stance is that people are happy for their information to be shared.

Confidential information that can identify a person is not usually shared with others who are not members of the health and care team providing care. De-identified information is used instead. Sometimes, in limited circumstances, it may be necessary to share identifiable information for purposes other than direct care. In these cases the individual will be asked for their permission to share their personal data.

If a health or social care professional makes a verbal or written request for information sharing (often known as explicit consent) then the person they are asking can either agree to supply that information (which is by far the most common response) or deny the information sharing request (which happens only rarely, but is technically explained as a denial or objection to share information).

Sometimes, if a professional thinks it is in the person’s best interest, they can override asking for permission to access the information, for example where a patient has impaired mental capacity. Such action is monitored carefully and is known as “breaking the glass”.

There are also times when a professional can override a person’s choice to deny a request to share information. This can only be done when the law says information must be shared, such as notification of infectious diseases to Public Health England or when safeguarding issues are identified.

How information will be supplied depends on what information is required, what technology is available in the care settings and how systems are able to integrate.

In fairly simple technical terms information is shared by either a push (e.g. GP letter to the Hospital Diabetic team) or pull mechanism (e.g. Emergency Department seeks your GP summary information in an Emergency), though in practice a mix of approaches is often used.

WHAT type of information is being shared

People cannot be treated or cared for safely if health and social care professionals do not have access to information about them.

Information is always involved when a patient seeks help from a health or social care professional. Now, particularly as care is provided by larger teams spread across organisations and different areas, the need to share information becomes essential.

The amount of personal information that needs to be shared to support care can be a whole care record (e.g. if patients are moving from one GP to another), but more usually it involves relevant information about current care needs contained in a single document, multiple documents or a computer record, which is shared between different parts of the care team.

Some information might be particularly personal sensitive information (e.g. HIV status, sexual health) and may not be suitable to share routinely. Sharing any confidential information is strictly controlled. Any sharing of this type of information is very restricted and only anonymous service providers – those few who are providing care and treatment for that condition – can see it after permission has been given.

In certain circumstances information may be pseudonymised. This process replaces personal details with a computer generated code so that identity is not apparent to those using the information. Information can also be fully anonymised, where all the identifiable information is removed, leaving information that cannot be linked back to an individual. This is added to other anonymised information to become statistics, which are shared and analysed locally so that organisations can measure how services are being used and how they are performing. This also helps with planning future service delivery.

This anonymised information is also shared with other organisations e.g. the total number of Diabetic patients in a given area is shared with the Department of Health so that funding can be allocated according to need.

WHERE information is shared

By where, we mean the location where the person sees a health or social care professional. For example:

Providers of care

  • Primary care – e.g GPs, practice staff and some community services
  • Community Care – e.g. at home, a community hospital, care home or hospice
  • Secondary Care – e.g. hospital appointment or admission, or Emergency Department
  • Tertiary care – also known as specialist care and can sometimes be provided in a hospital that is not in your local area
  • Mental health service provider.
  • Some voluntary or community support settings which are also known as the third sector

Commissioners of care

Commissioning is the process of specifying, contracting and monitoring services to meet people’s needs

  • GP led Clinical Commissioning Groups (CCGs) who are responsible for organising and managing local health services
  • Commissioning Support Units (CSUs) who can assist CCGs with their commissioning objectives
  • regional branches of the Health and Social Care Information Centre (HSCIC) who are known as Data Services for Commissioners Regional Offices (DSCRO) who provide operational support to the CGGs
  • Local Authorities who are responsible for social care and Public Health.


Research is the studying and and investigation of information to establish facts and reach new conclusions

  • Research into illnesses such as cancer and dementia mean that information is sometimes shared with the academic sector to explore new treatments and approaches to conditions.

The information sharing model set out in the diagram below maps out the who, what, where, when, how and why of information sharing and looks at the settings and the uses of information in health and social care. To view the diagram in more detail and zoom in and out, simply right hand click anywhere on the graphic.

In summary

The safe, secure and legitimate handling of patient information is at the very core of health and social care. Access to information at the right time, the right place and with the right health and social care setting means that patients are treated more safely and effectively. Without information being shared this would not be possible. It is the responsibility of organisations to handle confidential information according to legislation and to be able to explain to individuals how their information is being used. These individuals have the right to opt out of sharing their information should they wish to do so. There are rare occasions, such as the wider public safety or individual safeguarding issues where this opting out can be overridden but at all times and on all occasions, this has to be explained to the individual concerned.

Information sharing is everyone’s business but the information that is shared is not!

We would like to thank the following people for collaborating on this work and we hope this helps towards demystifying information sharing.

Joseph Waller – Director, XML Solutions

Phil Barrett – Programme Manager, Ripple Programme

Dr. Tony Shannon – Director, Ripple Programme

Deborah Terry – Information Governance Specialist, Information Governance Solutions

Graham Prestwich – Lay Member- Patient and Public Involvement, NHS Leeds North Clinical Commissioning Group

Sue Watson – Patient Representative

This is a companion discussion topic for the original entry at