The NHMC have prepared an example Data Protection Protocol for homecare medicines services.

This document has been prepared to aid contracting authorities in preparing an appropriate data protection protocol for use in their contracts & framework agreements for homecare medicines services.  Typical homecare service arrangements will require little to no amendment of the prepared example whilst more novel service models may require appropriate adaptation

The document has been prepared using two approved documents:

  • The Department of Health and Social Care Data Protection Protocol template (link)
  • The NCHA position statement – Impact of the General Data Protection Regulation in Clinical and Medicines Homecare Services (link) – approved by NHMC and NHS England.

Guidance for the use of the data protection protocol is published by the Department of Health and Social Care, here, under the title “NHS terms and conditions for the supply of goods and the provision of services: guidance”.

The NHMC recommends that contracting authorities undertake a contract variation for any homecare contracts that are impacted by GDPR the next time the contract is renewed or updated to refer to the prevailing NHS Standard Terms and Conditions and an appropriately completed Data Protection Protocol. This may be undertaken at framework agreement level but in such cases each contracting authority would need to ensure this reflects their Trust’s call-off service under that framework agreement. Each new homecare service contract or framework agreement should include a Data Protection Protocol to complete the contractual documentation set.