The Agreement

Every health and social care organisation in the country is identifying substantial requirements to share and use personal confidential data in order to achieve planned improvements in care delivery and in financial efficiency.

It is also the case that many opportunities to improve care are delayed or lost due to the challenges associated with designing and agreeing information sharing agreements on a project by project basis.

The regional Information Governance Steering Group (IGSG) which is chaired by the Chairman of the Berkshire Local Medical Committee at the time of writing manages the agreement and the membership of the agreement on behalf of the members. The Administrator (Frimley Health NHS Foundation Trust at the time of writing) maintains and publishes the agreement documentation and supporting schedules and registers on behalf of the member organisations and IGSG.

This agreement has been reviewed by Queens Counsel and in his opinion it is both lawful and fit for its purpose. A summary of the QCs opinion is attached below.

This agreement builds on the success of the similarly structured prior agreements for the sharing of information for the provision of care and for secondary uses agreements in use since 2013 and replaces the current 2023 version of the provision of care and secondary uses agreements. The aims of the agreement are:

  1. To provide a clear framework for the secure sharing of personal confidential data for the delivery of care and for the management of the health and social care system;
  2. To accelerate the pace with which regional and local sharing requirements can be agreed; and
  3. To reduce the costs of developing and agreeing individual sharing requirements.

Very specifically, this latest iteration of the agreement is designed to better support the development of:

  1. Federated working and networks;
  2. Integrated working and care delivery models;
  3. Real time risk stratification at the point of care for patients with the most complex needs; and
  4. Latest guidance on data controllership resulting from the implementation of GDPR.

Each organisation remains responsible for the control and use of personal confidential data within the organisation as required by the legislation.

Structure of the Agreement

The Regional Health and Social Care Information Sharing Agreement is executed as a subscription agreement. This form of agreement allows controlled processing and sharing to begin as soon as two controllers have signed their sharing documentation. Unlike the traditional multi-party agreement models, processing and sharing does not need to wait until all parties have executed the agreement.

Organisations become members of the agreement by signing up to the master agreement that sets out the scope and terms of membership for the agreement as well as the roles of IGSG, Lead Controllers and the Administrator. The Administrator accepts the new member’s signed master agreement on behalf of the members as a whole.


Implementation of the agreement is as follows:

  1. Every member of the framework needs to sign the master agreement;
  2. The agreement is currently and will in future be presented through an electronic signature process as a single document;
  3. Data controller organisations that contribute data to the shared pool as a data flow or information asset are presented with one or more additional documents describing each specific processing and sharing arrangement the controller is expected to contribute to;
  4. Where the master agreement and one or more individual processing and sharing arrangement(s) are executed contemporaneously all documents are presented through an electronic signature process as a single document … with signatures required for each item requiring approval; and
  5. Where subsequent individual processing and sharing arrangements are executed non-simultaneously the documents are presented individually through an electronic signature process for approval.


Some supporting documents are presented below.