Adult Social Care Glossary, v 0.6

Currently, each health and social care organisation holds its own set of records about you. These records may already be shared, through paper records or phone, when requested.

A shared care record is a safe and secure way of bringing all your separate records from different health and care organisations together digitally in one place.

It joins up information based on the individual rather than one organisation.

Controls are put in place to make sure only authorised users can access the shared care records for direct care purposes only. Any other use of this data must have a clear and lawful basis.

Your shared care record may include:

Address and contact numbers
Prescribed medications
Allergies
Test results
Care plans, outpatient appointments, inpatient stays, discharge letters, personal preferences/decisions and clinical contacts

Why shared care records matter

Every health and social care organisation that you have contact with has their own set of records. To provide you with the best care it is important that authorised health and social care staff have the most up to date information available to them. Shared care records assist staff to make the best decisions by having a more joined-up picture of your information. This is important in providing safe, personalised, and connected care.

A ShCR is a grouping of health and care organisations within a geographical boundary.

Information Governance Framework for Integrated Health and Care: Shared Care Records
Published 7 September 2021

Executive summary
The aim of Shared Care Records (ShCR) is to help local organisations move from today's position, where each health and care organisation holds separate records for the individuals they care for, to one where an individual’s record is shared across the health and care system. This will help health and care professionals to use information safely and securely as the people they care for move between different parts of the NHS and social care. It will also enable patients and service users to access their record irrespective of where they receive care.

ShCR was formerly known as the Local Health and Care Record (LHCR) programme. For the ShCR (LHCR programme), exemplar areas were identified. Other ShCR geographies are being onboarded to ensure full national coverage. The exemplar areas are:

OneLondon
Yorkshire and Humber
Thames Valley and Surrey
Greater Manchester
Wessex

The Information Governance (IG) Framework is intended for IG professionals. It has been developed to provide a structured approach to ensure ShCRs meet their legal obligations. This includes when they are planning, preparing and delivering data sharing.

It is based on a model where controllership continues to remain local. Local agreements will be in place to set out what data is shared and who can access it in a safe, secure and appropriate manner. This approach recognises the variance in how data is captured and represented in local systems.

ShCRs will initially focus on individual care. This is covered in two journeys:

Journey 1: Sharing personal or confidential patient information (CPI) between health and social care bodies within a ShCR for the individual care of patients or service users.

Journey 2: Sharing personal or CPI between health and social care bodies across geographical boundaries for the individual care of patients or service users.

The following requirements are essential for IG compliance and good practice and need to be considered for both journeys.

Each ShCR should:

- have a consistent approach to IG policies, processes and systems to ensure good practice
- identify the flows of data, and at each point in the process to determine who the controllers and/or processors are
- identify and understand the legal basis for processing data for every function including ensuring transparency about purpose and process, supporting good practice, and promoting public engagement
- manage access controls and records management
- consider patient and service user objections to processing
- adhere to current published guidance on cyber security for health and care
- ensure that any relevant due diligence checks are carried out where processors or sub-processors are involved
- document the decision-making process to demonstrate accountability

Each requirement has a set of checkpoints. Every ShCR will need to gain satisfactory assurance on each checkpoint before proceeding with data sharing across the ShCR member organisations. Where a ShCR already has a shared local health and care record in place, they should use the checkpoints to assure themselves. Also have an independent assurance panel to ensure that they are compliant.

ShCRs must meet the requirements set out in this IG Framework. Other areas, that are delivering integrated care, are not presently mandated to use the IG Framework. They are however encouraged to do so to help adopt good practice and comply with the law.

Thank you to colleagues from the ShCR (LHCR) IG Steering Group, ShCR (LHCR) IG Leads, critical friends and stakeholders who have helped in the development of this document.