Patient personal data is held by national health service organisations under legal and ethical obligations of confidentiality and subject to the provisions of the Data Protection Act 1998. It may be passed to third parties when identifying details have been removed so the patient cannot be identified; or in accordance with statutory provisions or where required under court order; or where the public interest is such that obligations of confidentiality and the competing public interest in the provision of confidential health services need to be overridden, for example serious crime or child protection; or with the consent of the patient concerned.
Guidance to the NHS is provided in the Department's publication ‘Confidentiality: NHS Code of Practice’ published in November 2003 is available in the Library.