Privacy Notice


Integrated Doncaster Care Record (iDCR)

Privacy Notice

What is a privacy notice?

A ‘privacy notice’ is a statement issued by an organisation, or jointly by organisations, which explains how personal and confidential information about patients, service users, staff and visitors is collected, used and shared. This may also be called a privacy statement, fair processing statement/notice or privacy policy. This privacy notice is issued by the iDCR Partnership.

By issuing this privacy notice, we demonstrate our commitment to openness and transparency. We recognise the importance of protecting personal confidential information in all that we do and take care to meet our legal requirements.

Why we need your information and how it will be used by health and social care providers for your direct healthcare in Doncaster

The health and social care professionals who work with you to provide your care will keep records about the treatment and support you receive. Having this information available in one record will enable these professionals to work together and share vital information about your health and wellbeing needs. Health and social care professionals will be able to use the information to assess your needs and decide the most appropriate treatment or support for you.

Who will be controlling your information?

The Integrated Doncaster Care Record (iDCR) is a partnership supported by NHS Doncaster Clinical Commissioning Group, GPs within the Doncaster Community, Rotherham Doncaster and South Humber NHS Foundation Trust, Doncaster and Bassetlaw Teaching Hospital Trust, Doncaster Metropolitan Borough Council and Fylde Coast Medical Services (a not for profit Urgent Care Service).

All partners are signatories to the Doncaster Care Record Sharing Agreement which provides partner agencies with a robust foundation for the lawful, secure and confidential sharing of personal information between themselves and other public, private or voluntary sector organisations that they work with.

Each partner has a legal duty to protect your personal information and will remain sole data controller of its own data. We all take confidentiality very seriously and are committed to ensuring all personal information within the iDCR is managed in accordance with the relevant legalisation to ensure your information is safe, secure and confidential.

The data we are sharing

It is important that the iDCR has up to date and accurate information about your health and care to ensure you receive the best quality care possible.

Your care record within the iDCR contains key information like:

  • Personal details, such as your name, address, date of birth and next of kin
  • Names of the health and care professionals looking after you
  • Any medications you are taking
  • Any allergies you have
  • Any health concerns about you
  • Previous referrals to services
  • Dates and reasons for any occasions you have been admitted to hospital
  • Appointments
  • Any assessments you have had
  • Care plans and care packages you have
  • Emergency contact details

None of your Sexual Health records (GUM/TriHealth Services) will be shared in to the iDCR, however we cannot guarantee that if you have discussed any sexual health issues you have with any Health and Social Care professionals from other services which share in to the iDCR that this information is not pulled through in to your shared record.

What is the lawful basis for sharing your information?

The following outlines the legal basis that will be used to allow us to share your information within the iDCR

  • Data Protection Act 1998
  • Principle 1 (Fair and Lawful Processing)
    • Schedule 2 – The processing is necessary for the exercise of any other functions of a public nature exercised in the public interest by any person.
    • Schedule 3 -The processing is necessary for medical purposes and is undertaken by –
  • A health professional, or
  • A person who in the circumstances owes a duty of confidentiality which is equivalent to that which would arise if that person were a health professional.
  • NB “medical purposes” includes the purposes of preventative medicine, medical diagnosis, medical research, the provision of care and treatment and the management of healthcare services.
  • General Data Protection Regulation/Data Protection Act 2018 (Draft Bill)
    • Article 9 (h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3.
  • Health and Social Care Act 2012
  • Health and Social Care (Safety and Quality) Act 2015
  • Duty to share information (Part 9 of the Health and Social Care Act 2012)
  • This section applies to information about an individual that is held by a relevant health or adult social care commissioner or provider known as the relevant person.
  • This relevant person must ensure that the information is disclosed to –
    • Persons working for the relevant person, and
    • Any other relevant health or adult social care commissioner or provider with whom the relevant person communicates about the individual How will your information be used and accessed? Personal information contained in the iDCR will only ever be used for your direct care and support.Only health and social care professionals directly involved in your care are allowed to access personal information within the iDCR and all access activity is recorded and monitored. All partner organisations have ‘Privacy Officers’ these individuals have the ability to audit all access to the iDCR to make sure the access to records is by individuals who are authorised to do so.    
    • Only organisations signed up to the Information Sharing Agreement will be sharing your information held in the iDCR. These organisations are listed below;

Who will see and share your information?

Dependent on your Health and Social Care Provider records about you are required under the law to be retained for specific periods of time dependent on the record. Details of these retention periods can be sourced by contacting the Health and Social Care organisation.

How long do we keep your information

The information within your iDCR is used to provide you with the most appropriate care and support that you need. The information within the iDCR helps professionals to make better decisions about your care and ensure it is safe and effective.

  • Doncaster and Bassetlaw Teaching Hospitals Foundation Trust
  • Rotherham Doncaster and South Humber NHS Foundation Trust
  • Doncaster Metropolitan Borough Council
  • Fylde Coast Medical Services (Urgent Care Centre)
  • Doncaster General Practitioners Health and social care professionals directly involved in your care will be able to access your record. Health and social care professionals include GPs, doctors, psychiatrists and psychologists, nurses, social workers, and the administrative staff who support them. These staff only see the information necessary for your specific needs and relevant to their job role.Your information will not be shared with anyone who is not providing you with direct care or supporting these services and will never be made available to any third party, unless:
  • Where you the individual to whom the information relates has consented
  • Where disclosure is necessary to safeguard you the individual, or others, or is in the public interest
  • Where there is a legal duty to do so, for example a court order.  

Consent to share your information

All iDCR patient records will have a consent status of “opted-in”; this will make your information available within the system, but not viewable by health and social care professionals.

To allow health and social care professionals who are treating you to have access to your information you will be required to give explicit consent (give permission) for your information to be made available. Your consent is recorded within the system.

You can give your consent for a professional to see your record every time you come into contact with care services or you can give on-going consent to anyone involved in your care so you don’t have to be asked again.

Can my records be accessed without my consent?

There are certain special circumstances that a care professional may be allowed to access your record without asking for consent, if you haven’t already given it. For example if you have arrived in A&E and are unconscious but have an iDCR record. In all cases, this access is time limited, recorded on the system and at your next appointment you will be asked for explicit consent for your care professional to access your record.

How can I “opt-out”?

You have the right to opt-out of having an iDCR. By completely opting-out at the initial stage will result in no record being available. Details of how you can opt-out are contained within the leaflet below.

iDCR Record

You can also opt-out for specific data from certain organisations being shared in to the iDCR at any time. To opt-out from one of the five organisations detailed above sharing your information you should contact the relevant organisation and inform your health and social care professional or the organisation’s Information Governance Lead of your wishes.

Children’s data – opting-out

If a parent chooses to opt-out their child’s data totally from the iDCR, this record will not be deleted but locked until the child is at an age where they can legally make the decision to consent to their data being shared within the iDCR.

If you choose to opt-out, what are the implications on your care?

As the data subject it is your legal right to opt-out of your information being shared in to the iDCR. However, we ask you to think carefully before making this decision as sharing your health and social care information will make it easier for Doncaster services to provide the best treatment and care for you.

Health and social care professionals caring for you may not be aware of:


  • Your current medications in order to treat you safely and effectively
  • Your current conditions and/or diagnoses, or any social care in place, which could lead to a delay or missed opportunity for correct treatment
  • Any allergies/adverse reactions to medications and may prescribe or administer drug/treatment with adverse consequences

Your rights as a ‘Data Subject’

Under the Data Protection Act 1998 (GDPR May 2018), you have the right to request access to the information held about you as well as who has accessed your information.

If at any point you believe the information we process on you is incorrect a further right you have as a data subject is to request that this incorrect data is corrected or deleted.

If you wish to raise a concern or a complaint you can do so by contacting the care professional providing your care or treatment, or the organisation’s Data Protection Officer or key contact.

If you are not satisfied with the response you receive or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).



  • Rotherham Doncaster and South Humber NHS Foundation Trust
    • Sue Meakin, Information Governance Manager – 01302 796189 /
  • Doncaster Metropolitan Borough Council
    • Nikki Minnikin, Data Sharing and Protection Officer – 01302 736000 /
  • Doncaster and Bassetlaw Teaching Hospitals NHS Foundation Trust
    • Roy Underwood, Head of Information Governance – Bassetlaw Information Governance Office: 01909 500990 Ext 2664/2665 or Doncaster Royal Infirmary RA Office: 01302 366666 Ext 642355


  • Fylde Coast Medical Services
    • Samantha Marsh, Quality and Risk Lead – 01253 951621 /