The Information Commissioner’s Office (ICO) has produced draft guidance on transparency in the health and social care sector. The draft transparency in health and social care guidance has been developed to help health and social care organisations understand the ICO's expectations about transparency.

The draft guidance builds on legal obligations which already exist, which require you to make sure:

• that your use of health and care information is necessary and proportionate; and
• you introduce safeguards to protect the information (privacy by design).

The guidance then goes on to outline what the ICO considers organisations must, should, and could do to ensure personal data is processed lawfully, fairly and in a transparent manner in relation to data subjects. 

The draft guidance explains that a tick-box approach to compliance can still negatively impact levels of trust between providers and individuals, particularly when it comes to the use of health and social care information in planning and research. Although most organisations understand and are able to protect against the risks arising from data protection breaches, the draft guidance asks them to go further. 

Of particular interest is the warning around ‘transparency harms’. Organisations will be expected to identify, prevent or reduce potential harms that can arise when individuals do not fully understand how organisations are using their personal information. Such harms can include fear, anxiety and embarrassment, a loss of control and, could lead to people stopping using services or reducing their use. 

Whilst it may well be lawful to use innovative technologies and to carry out research using aggregated data or de-identified health information, people’s support for using their information for secondary care purposes will likely depend on how much they understand the proposed use. As a result, ensuring that people understand what is happening to their information is an important factor in maintaining trust and support in health and social care systems overall.

A lack of transparency around how you use personal information, not only runs the risk of failing to comply with Data Protection Act 2018 (DPA 2018) and UK GDPR, but presents a very real risk of harm which can negatively impact health and care outcomes for individuals, demographic groups and the general public. 

The draft guidance addresses effective ways of communicating with your audience generally and explains how to avoid information overload at an organisational level. The draft guidance does not relate to disclosing or withholding information in response to a data subject access request, nor does it discuss extremely sensitive cases where information might need to be withheld from individuals due to safeguarding concerns.

The draft guidance is a timely reminder for those providers that have moved away from paper-based records or continue to work towards the March 2024 deadline, to ensure they are using digital record-keeping software that can interoperate with a local shared care record.

The consultation will run to 7 January 2024. You can respond to the consultation in the following ways:

• Complete the Smart Survey
• Download the Word document and either email your response to PolicyProjects@ico.org.uk, putting ‘consultation response’ in the email subject, or print off the documents and post to:
  Policy Projects team, Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.