Information sharing must be done differently to support the fight against COVID-19 and to protect citizens compared to ordinary times. Information may need to be shared more quickly and widely across organisations than normal, or different types of information may need to be collected and used.

We know from dialogue with the public, conducted by our organisation and others in the past, that there is strong support for the use of health and care data where there is a clear public benefit. People are generally altruistic about the use of their data and want it to be used to help others as long as there are appropriate safeguards in place. I understand that doing things differently can usher in uncertainty about what is and isn’t appropriate from a data sharing perspective; the worry may be that people will share too much or too little. So, we must make sure that we have the balance right to protect that admirable altruism.

What has become apparent is how well our information governance framework is able to flex in a time of public health emergency to serve as an enabler to the rapid sharing of information while maintaining proportionate safeguards.

The COVID-19 response has proven just how effective our confidentiality safeguards are, and how quickly laws and clauses supporting the sharing of confidential patient data in a time of crisis can be activated. This includes the formal notifications published by the Department of Health and Social Care, which notifies healthcare organisations, GPs, local authorities and arm’s length bodies about how they should share confidential patient information to support efforts against coronavirus. This is limited to Covid-19 purposes, for a time-limited period (initially to 30 September, with scope to extend) and requires organisations to keep records of all data processed.

The National Data-Opt Out has an exemption built in which means that it does not apply when there is an overriding public interest in the use of data, such as there is now. The GDPR has provisions to allow personal data to be used appropriately and lawfully at such a time. The Information Commissioner has clearly announced that data protection concerns should not stand in the way of appropriate information sharing; a statement which I fully endorsed.

With so much going on behind the scenes with people’s data, it is important that patients and service users are fully informed about these changes. We must make efforts to tell citizens what’s happening with their data; the need for transparency and good communication with patients still remains. Even in times such as these, protecting trust in confidential health and care matters. The guidance and notices issued to allow data sharing to combat the outbreak still contain appropriate safeguards: limiting the purposes for which data can be used, who can use it and the amount of time for this to occur. These are important protections that patients may be glad to hear about.

It is with gratitude that in the thick of everything I have still heard colleagues cite the importance of protecting confidentiality. Practical steps are also being taken to ensure that trust is not undermined. For example, my panel and I have been pleased this week to support NHSX with the drafting of a template privacy notice, which will be sent out to NHS organisations next week to support them to tell patients and service users about what might be different in the handling of their health and care data during the outbreak. It is heartening to note that even at this unprecedented crisis, trust and confidentiality still matter.

My panel and I will continue to monitor the response to COVID-19 and stand ready to support our colleagues across health and care however we can.