Search Legislation

Health and Social Care Act 2001

Section 60: Control of patient information

291.This section enables the Secretary of State to make regulations for and in connection with requiring or regulating the processing of patient information in prescribed circumstances. This will make it possible for patients to receive more information about their clinical care and for confidential patient information to be lawfully processed without informed consent to support prescribed activities such as cancer registries. The Government places importance on the consistent use of informed consent as the basis for handling confidential patient information. The regulation–making power in this section is therefore intended to provide for exceptional situations where essential services cannot, having regard to the present NHS systems and available technology, operate on that basis.

292.In recognition of the inherent difficulties associated with using confidential information the Act builds in a number of safeguards over the use of this power to protect patients’ interests. First regulations can only provide for the processing of patient information for medical purposes ( defined in subsection (10)) where there is a benefit to patient care or where this is in the public interest. Secondly , regulations can only require the processing of confidential patient information, where there is no reasonably practicable alternative. The Secretary of State can only make regulations under the terms of this section following consultation with bodies representing the interests of those likely to be affected by the regulations and with the new statutory advisory group introduced by section 61. Finally any such regulations can only be made under the affirmative resolution procedure, requiring the consent of both Houses of Parliament (See section 64(3)).

293.It is envisaged that the Patient Information Advisory Group (to be established under section 61), will consider and advise the Secretary of State as regards each proposed use of the regulation-making power, including as regards the need to use the information and whether consent should be obtained.

294.The Data Protection Act 1998 governs, in broad terms, the processing of information relating to living individuals. This section does not amend that Act. In addition, regulations made under this section will not be capable of derogating from that Act (see note on subsection (6) below). Regulations made under this section may provide additional and more specific restrictions on the use of information relating to patients.

295.Information provided in confidence by patients is also subject to common law requirements which, being derived from case law, are difficult for healthcare professionals to apply with certainty in particular circumstances, especially since there has been little case law relating to healthcare settings. Regulations may provide that the processing of patient information under the regulations is lawful despite any common law obligation of confidence (see note on subsection (2)(c) below).

296.Subsection (1) enables the Secretary of State, subject to limitations imposed by subsections (3) – (6), to make regulations requiring patient information to be processed for medical purposes (as defined in subsection (10)) and regulating such processing.

297.Subsection (2) specifies some of the ways in which the power conferred by subsection (1) may be used.

298.Subsection (2)(a) enables regulations to be made that require specified communications about patients to be disclosed to them by NHS bodies, in certain circumstances. Such regulations may only provide for these communications to be disclosed to those persons to whom they relate or principally relate or to a prescribed person on their behalf, for example a spouse. Such regulations are intended to support the NHS Plan commitment that clinicians will in the future be required to share information about patients with them.

299.Subsection (2)(b) enables regulations to be made which require the disclosure or other processing of specified patient information subject to conditions or the giving of undertakings. This will support public health work and important activities such as cancer registration where it is essential to maximise the patient information available.

300.Subsection (2)(c) enables regulations to be made to permit patient information to be processed lawfully where, but for the regulations, this may be prevented by an obligation of confidentiality at common law. This is subject to the limitations imposed by this section (see, for example, the note on subsection (6)) and human rights requirements.

301.Subsection (2)(d) enables regulations to make provision for their enforcement by the creation of criminal offences.

302.Subsections (3) – (5) serve to limit the use of the power conferred by subsection (1) to make regulations requiring the processing of confidential patient information (as defined in subsection (9)).

303.Subsection (3) provides that regulations cannot be made under subsection (1) if the purpose for which confidential patient information would be used could be achieved in another reasonably practical way, having regard to cost and available technology. In practice this means, for example, that persons cannot be required to disclose confidential patient information where the purpose can be satisfied by use of anonymised information.

304.Subsection (4) requires the Secretary of State to carry out an annual review of whether regulations made under subsection (1) and requiring the processing of confidential patient information would contravene subsection (3). The review must be conducted within one month of each anniversary of the making of the regulations (paragraph (a)) and, if he determines that they would contravene subsection (3), he must vary or revoke them (paragraph (b)).

305.Subsection (5) provides that regulations may not be made under subsection (1) solely or principally for the purpose of determining the care and treatment that is to be provided to individual patients. The care and treatment of individuals should be determined by appropriate professional staff that work with, and are responsive to the preferences of, those in their care.

306.Subsection (6) provides that regulations made under this section cannot make provisions for the processing of information which are inconsistent with the provisions of, or the provisions in instruments made under, the Data Protection Act 1998.

307.Subsection (7) provides that before the Secretary of State may make regulations under this section, he must consult such bodies as appear to him to represent the interests of those likely to be affected by the regulations as he considers appropriate in the light of the requirements of section 61. The consultation is intended to ensure that the regulations are fair and non-discriminatory.

308.Subsection (8) defines patient information as any information that is, or is derived from, information concerning a patient’s physical or mental health or condition, the diagnosis of his condition or his care or treatment. In addition to information which directly identifies individuals, this would include information which is either anonymised (e.g. any information that cannot be tracked back to the individual) or coded (e.g. information that can be tracked back to an individual by persons in possession of the key to the code). It includes information recorded in any manner, whether electronically or manually.

309.Subsection (9) provides that “confidential patient information” for the purposes of the section is patient information that has been obtained by a person who owes an obligation of confidence to an individual where the identity of that individual is ascertainable from that information or from that information and other information which is in, or is likely to come into, the possession of the person processing the information .

Back to top


Print Options


Explanatory Notes

Text created by the government department responsible for the subject matter of the Act to explain what the Act sets out to achieve and to make the Act accessible to readers who are not legally qualified. Explanatory Notes were introduced in 1999 and accompany all Public Acts except Appropriation, Consolidated Fund, Finance and Consolidation Acts.


More Resources

Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:

  • the original print PDF of the as enacted version that was used for the print copy
  • lists of changes made by and/or affecting this legislation item
  • confers power and blanket amendment details
  • all formats of all associated documents
  • correction slips
  • links to related legislation and further information resources