On 19th November, Graphnet hosted an enlightening webinar titled Information Governance Considerations when Deploying Graphnet’s Shared Care Record Across Multiple Integrated Care Systems. The session brought together experts to address the growing challenges of managing shared care records in a complex and evolving healthcare environment.

The event featured Andrew Harvey, Director of Information Governance, Cyber and Compliance at Graphnet, and Raz Edwards, Chair of the National SIGN (Strategic Information Governance Network) and Head of Data Security at The Royal Wolverhampton NHS Trust. Together, they provided an in-depth exploration of the intricacies of deploying shared care records and the pivotal role of information governance (IG) in enabling success.

Key Topics and Challenges Explored

The webinar addressed some of the most pressing issues for Integrated Care Systems (ICSs), including data sharing agreements, governance frameworks, patient rights, and resource allocation.

Raz Edwards opened her presentation by emphasising the complexity of information governance in shared care record systems. She explained:

"Defining the relationships between all of the organisations involved in your shared care record is key... Who are your data controllers? Who are your data processes and what is the model that you're looking to adopt?"

She described the two principal models of data sharing—federated and combined record systems—explaining that both approaches come with distinct responsibilities for data controllers. In federated systems, data remains at the source, with access granted temporarily for specific uses. In combined record systems, however, data is collected into a central repository. Each model has unique implications for governance, data sharing agreements, and accountability.

The Critical Role of Governance

Good governance was a recurring theme throughout the session. Raz highlighted its importance in navigating the complexities of working with multiple data controllers, often across several ICSs. She stated:

"Having clear lines of accountability... and documented data sharing agreements in your terms of reference is really important because this will support good information governance."

Governance structures must ensure clarity in decision-making processes and responsibilities. Raz noted that this is especially vital when introducing new stakeholders into the system. She explained the importance of mechanisms like joint data controller agreements, which formalise roles and expectations among organisations. These agreements are key to avoiding confusion, particularly when managing data subject rights such as rectification and opt-outs.

Aligning Patient Rights Across ICSs

Raz also underscored the importance of ensuring that patients’ rights are applied consistently across multiple ICSs.

"If your data is available through a provider and you have multiple ICSs involved, your data will be processed across all of those, not just the care landscape where you receive treatment, but... your rights should apply across the board, across all ICSs where your data is being processed."

She stressed that inconsistency in applying opt-outs—whether for secondary data use or other purposes—can lead to confusion and risks undermining patient trust.

To manage this complexity, Raz encouraged ICSs to synchronise their fair processing materials and communications. This can help ensure patients are fully informed about how their data will be used, no matter where they access care.

Interactive Insights: Polling Key Challenges

To engage the audience, attendees participated in a live poll identifying the biggest information governance challenges when deploying shared care records. The results revealed that "conflicting views and/or structures of governance" was the most significant issue, receiving 47% of the votes. Other challenges included "each ICS moves at a different pace" (26%) and "who holds the contract – ICB or another provider" (21%).

Raz acknowledged the difficulty of balancing priorities and resources across ICSs, adding that structured forums are essential for resolving conflicts and ensuring alignment.

Practical Advice for IG Professionals

The session offered numerous practical tips for IG professionals working on shared care record programmes. Key recommendations included:

• Defining Roles Clearly: Ensure all stakeholders understand their roles as data controllers or processors within the system.
• Streamlining Agreements: Use mechanisms like deeds of accession or lead data controllers to onboard new organisations without requiring extensive renegotiations.
• Allocating Resources: Dedicated IG leads should be given sufficient time and resources, as per NHS England guidance, to manage the complex requirements of shared care records effectively.

When asked about managing disagreements among IG professionals, Raz advised turning to regional SIGN networks for facilitation. SIGN is a collaborative framework designed to align information management practices with organisational strategies, ensuring data governance, compliance, and effective decision-making across multiple stakeholders.

"Definitely go to your regional SIGN Chairs. Have conversations with them. See if there's a facilitation role that they can provide in helping manage that understanding."

Future Challenges and Interoperability

Raz also touched on broader challenges facing shared care record programmes, particularly around interoperability:

"Whilst there was a future intention... to have all shared care record systems talking to each other, interoperability is the biggest challenge here."

She noted that varying models and processes across ICSs complicate efforts to achieve seamless integration, and additional government investment may be needed to address these hurdles.

Final Thoughts

The webinar concluded with Andrew Harvey thanking attendees and acknowledging the value of collaboration and shared learning in tackling the complexities of information governance.

For IG professionals and healthcare leaders, the session provided actionable insights and practical strategies to navigate the challenges of shared care records. By fostering collaboration, aligning processes, and committing to good governance, ICSs can create systems that both meet regulatory requirements and serve patients effectively.

As Raz put it:

"It all comes back to good governance and making sure that that's all set up from the off."