You & I Care: GP Connect Transparency Notice
At You & I Care LTD, we are committed to protecting your personal information and respecting your confidentiality. Providing safe, high-quality care often requires professionals to have access to accurate and up-to-date information about your health.
As part of this, we use a secure NHS system called GP Connect. This transparency notice explains what GP Connect is, how we use it, what information may be accessed, and your rights.
What is GP Connect?
GP Connect is a national digital service provided by NHS England. It allows authorised health and social care organisations to securely access relevant parts of your GP record when needed for your care.
In the past, information sharing often relied on phone calls, letters, or fax, which could be slow and sometimes less secure. GP Connect replaces these methods with a controlled, secure system that allows professionals to access important information more quickly and reliably.
This helps ensure that decisions about your care are based on the most accurate and up-to-date information available.
Why We Use GP Connect (Purpose of Processing)
We use GP Connect only for direct care purposes. This means activities that are directly related to your individual care, such as supporting your health, wellbeing, and safety.
In practice, this means our staff may access GP information to better understand your needs and provide appropriate care. For example:
- When completing a clinical risk assessment, we may need to understand your existing health conditions.
- When supporting you with medication, we may check prescriptions to ensure the correct dosage and avoid errors.
- If you have allergies or sensitivities, we may confirm these to prevent harm.
- After a hospital stay, we may review updates from your GP to ensure your care plan reflects any changes.
- In urgent situations, having access to accurate medical information can help us respond quickly and safely.
- We may also use GP Connect for the Medical Examiners Use Case, providing medical records to medical examiners for the purpose of reviewing a death pursuant to the Coroners and Justice Act 2009.
We do not use GP Connect for any purpose unrelated to your care, such as research, marketing, or general administration.
We do not have unrestricted access to your full GP record. Access is limited to specific data categories requested through GP Connect APIs.
Who Can Access Your Information?
Access to your GP information is strictly controlled and limited to staff who are directly involved in your care.
This is known as having a “legitimate relationship”, meaning the person accessing your information must be involved in providing care or support to you.
Within You & I Care LTD, this includes roles such as:
- Registered Managers
- Care Managers
- Senior Carers
- Care Leads responsible for planning and reviewing your care
Not all staff can access GP Connect. Access is restricted based on job role, and staff only see the information they need.
All staff are required to complete training in data protection and confidentiality and are expected to handle your information responsibly at all times.
What Information We Can Access
It is important to understand that we do not have full access to your entire GP record.
GP Connect only allows access to specific types of information that are relevant to your care. This may include:
| Data Category | Details Accessed |
| Summary Record | Active problems, diagnoses, and current health status |
| Medication | Acute and repeat prescriptions, dosage, and frequency |
| Allergies | Drug and non-drug allergies, severity, and reaction types |
| Encounters | Dates and summaries of recent GP consultations or home visits |
| Observations | Vital signs relevant to care (e.g., blood pressure, BMI) |
| Immunisations | Vaccination history (e.g., Influenza, COVID-19, Pneumococcal) |
| Administrative | NHS number, registered GP details, emergency contacts |
We only access information when it is needed and only the minimum necessary to support your care.
Who Else May Access Your Information?
Your GP record is not only accessed by You & I Care LTD. Other organisations involved in your care may also use GP Connect.
This may include:
- NHS services such as hospitals or community health teams
- Other health or social care providers involved in your treatment
These organisations can only access your information if:
- They are involved in your care
- They have a legitimate relationship with you
- They are authorised to use GP Connect
All organisations using GP Connect must follow the same national rules under the National Data Sharing Arrangement (NDSA) and are required to protect your confidentiality.
How Your Information is Accessed and Used:
Your information is accessed securely through a national NHS system called the Spine. This allows information to be viewed in real time rather than copied or transferred in bulk.
You & I Care LTD acts as an independent Controller for the Shared Personal Data it receives and incorporates into its own record systems.
We do not download or keep a separate copy of your GP record through GP Connect. However, where necessary, relevant information may be recorded in your care records to support the care we provide to you.
Any information we record is handled in line with our data protection and record-keeping obligations.
We will only keep information for as long as necessary to provide care and meet legal requirements.
If we become aware that any Shared Personal Data is inaccurate or incomplete, we will inform the Provider (your GP) in a timely manner.
Audit and Monitoring:
Every time your GP record is accessed through GP Connect, a record is created. This includes:
- Who accessed the information.
- When it was accessed.
- What type of information was viewed.
These audit logs are an important safeguard. They are stored securely and reviewed regularly to ensure that access is appropriate and lawful.
Both You & I Care LTD and your GP practice maintain audit records.
You have the right to request information about access to your records.
Role of NHS England:
NHS England is responsible for providing and operating GP Connect.
While NHS England manages the system and ensures it is secure, it does not routinely access or view your clinical information.
However, it does process technical and audit information (for example, system activity logs) as an independent Controller to:
- Maintain the service.
- Monitor performance.
- Ensure security.
This helps ensure that GP Connect remains safe and reliable for all users.
Legal Basis for Using Your Information:
We are required by law to explain the legal basis for using your information.
Under UK data protection law, we process your data because:
- It is necessary to provide care and support (Article 6(1)(e) – public task)
- It is necessary for health and social care purposes (Article 9(2)(h))
We also follow the Common Law Duty of Confidentiality, which means your information is kept confidential and only shared when appropriate.
For direct care, we rely on implied consent. This means:
- Your information is shared to support your care.
- You are informed through this notice.
- You have the opportunity to object.
Your Rights:
You have important rights over your personal information.
Right of Access: You can ask us what information we have accessed about you and request a copy.
Right to Object: You can object to your information being accessed through GP Connect. If you do this:
- Your request will be considered carefully.
- A clinician may review whether access is still necessary to ensure your safety or provide appropriate care.
In some cases, limiting access may affect the speed or quality of care you receive.
Right to Rectification: If information in your GP record is incorrect, you should contact your GP practice, as they are responsible for maintaining your record.
Your Awareness:
We are required to inform you that your GP information may be accessed through GP Connect as part of your care.
This is to ensure that the professionals supporting you have the information they need to provide safe and effective care.
If you have any questions about this, we are happy to discuss it with you.
Upon the termination of this Arrangement, Shared Personal Data relating to you may be retained by You & I Care LTD or transferred to other organisations if shared for Direct Care purposes or the Medical Examiners Use Case.
How We Keep Your Information Safe:
We take the security of your information very seriously.
We:
- Comply with the Data Protection Act 2018 and UK GDPR.
- Meet NHS security standards, including the Data Security and Protection Toolkit (DSPT).
- Use secure systems and controlled access.
- Ensure staff are trained in data protection and confidentiality.
We regularly review our processes to make sure your information remains protected.
Contact Us:
If you would like more information or have any concerns, please contact our Data Protection Officer:
Email: [email protected]
Phone: 0808 178 0981
National Resources: