Existing clients

Log in to your client extranet for free matter information, know-how and documents.

Client extranet portal

Staff

Mills & Reeve system for employees.

Staff Login
13 Aug 2025
5 minutes read

The future of data sharing in health and social care

As we move from one healthcare setting to another (eg, from a hospital to a care home), our data often fails to follow. The Department of Health and Social Care (DHSC) has recognised that this leads to delays, wasted resources and worse patient outcomes.

The Health and Social Care Information Standards (Procedure) Regulations 2025 – which came into force on 6 August 2025 – are the latest piece in a larger legislative puzzle that aims to solve this problem.

The nature of the problem

Currently, there are technical obstacles that block the seamless movement of patient data between the IT systems of different HCPs (health and care providers). One of the main problems is that HCPs and their IT suppliers don’t consistently follow common “information standards”. In practical terms, an information standard covers things like:

  • The defined minimum information that systems must be able to record for provision of care (such as a patient number).
  • The format and structure of that information, and the technical interfaces through which that information should be made available.

Following common information standards enhances the interoperability of the IT systems where patient data is stored. In other words, it allows patient data to flow between different systems because they speak the same language. A 2022 survey from NHS England & PwC illustrates the scale of the problems caused by the lack of common information standards:

  • 84% of HCPs and 74% of IT suppliers agree that the key barrier to standards adoption is the lack of clear prioritisation among competing standards.
  • Only 15% of HCPs agreed that they had the contractual levers to get suppliers to prioritise and implement interoperability features.
  • 76% of HCPs felt they did not have enough support when negotiating contractual terms with a supplier.

The law on information standards

Since 2012, governments have passed a series of laws encourage development of information standards and to create incentives for compliance.

The Health and Social Care Act 2012:

  • Gave NHS England the power to set information standards – and many have since been established (current list available here).
  • The Act required public bodies and organisations involved in the provision of health and social care to “have regard” to those standards, but there were no consequences for noncompliance.

The Health and Care Act 2022 went a step further:

  • Amending the 2012 Act to say that public bodies and organisations involved in the provision of health and social care “must comply” with essential information standards.
  • Delegating power on the Health Secretary to pass further regulations imposing fines on health and care providers (other than public bodies) that failed to comply with essential information standards.

The Data (Use and Access) Act 2025 took another step forward, amending the 2012 Act by:

  • Making information standards mandatory for IT suppliers to public bodies and organisations involved in the provision of health and social care.
  • Establishing an accreditation scheme for IT suppliers to demonstrate compliance with essential information standards.
  • Giving the Health Secretary the power to publicly censure or fine IT suppliers who fail to comply with essential information standards.

The Health and Social Care Information Standards (Procedure) Regulations 2025 made another incremental step, introducing a new requirement on those responsible for information standards to seek advice from subject matter experts when preparing those standards.

So what?

The intended outcome of this legislation is to hold everyone involved in processing health and care information responsible for defining sensible information standards and ensuring that they are adhered to. The DHSC estimates that the DUAB measures will deliver £340.5 million in savings/benefits over a 10-year period due to increased IT provider compliance with essential information standards.

How we can help: Support for health and care providers and IT suppliers

Historically, HCPs have been left to determine the information standards to be included in their contracts with IT suppliers on their own, meaning the approach differs from HCP to HCP and contract to contract.

Contracts for key IT systems are typically long-term contracts and difficult to amend to bring in new standards requirements once they are signed. If required to change their software or its architecture to implement new information standards, IT suppliers will likely incur additional costs not budgeted for under the original contract – costs that IT suppliers will want to pass through to HCPs, but which HCPs may be unwilling/unable to cover. This means change is likely to take time. However, with NHS England signalling its determination to bring greater clarity on information standards for interoperability and data access, we are optimistic that in the future it will become easier for HCPs to get their interoperability requirements and associated contractual obligations for IT suppliers right the first time around.

We can help you with that – by working with you to design your procurement evaluation methodology and contract terms in a way that enables you to deliver the interoperability between IT systems that you are looking for in your future state digital environment.

 

Our content explained

Every piece of content we create is correct on the date it’s published but please don’t rely on it as legal advice. If you’d like to speak to us about your own legal requirements, please contact one of our expert lawyers.