National Shared Care Record: Data Protection Impact Assessment (DPIA)

A data protection impact assessment (DPIA) helps identify and reduce data protection risks in a project or service. This DPIA was carried out by the HSE for release 1 (beta) of the National Shared Care Record (NSCR), which went live in November 2025.

This DPIA started at the beginning of the NSCR project and will continue as the system develops. The HSE Data Protection Office (DPO) and the Data Protection Commission were consulted throughout.

This is a summary of the DPIA and will be updated when new information becomes available.

The National Shared Care Record (NSCR) is a digital solution that brings together patient health information from different healthcare providers. It shows this information to healthcare staff in a clear and consistent way.

The NSCR gives staff a fuller view of a patient’s health. It may include information such as:

• diagnoses
• test results
• appointments
• procedures
• care plans

Healthcare staff in many settings can use the NSCR, including hospitals, GP practices and community services. It supports better communication and coordinated care. The NSCR is an additional source of information; healthcare staff should still use their own clinical judgment when making decisions.

The NSCR supports Irish and EU commitments under the European Health Data Space and the EU Digital Decade, which aim to ensure that all EU citizens can access their health information online by 2030.

The NSCR also supports Digital for Care – A Digital Health Framework for Ireland 2024–2030 and enables safe and secure data sharing within the health service.

There are two purposes for processing personal data in the NSCR:

• to allow healthcare staff to access patient information for care and service delivery
• to support the promotion and protection of public health

Release 1 (beta) is the first step in the national rollout. It uses a limited number of data categories and is only available to a trained group of approved users.

Several types of personal data are processed in the NSCR.

1. Patient demographic data

This data helps confirm a patient’s identity. It uses the Individual Health Identifier (IHI) and follows:

• the IHI minimum dataset required by the Health Identifiers Act 2014
• S.I. No. 155/2022
• IHI programme business rules for safe matching

2. Health data

Seven sets of health data are included in release 1 (beta). These come from HSE systems and will expand over time.

Data sets include:

• radiology results sent to GPs
• reimbursed medications
• procedures
• laboratory results sent to GPs
• hospital appointments
• hospital discharge summaries
• Chronic Disease Management programme data

These data are sourced from systems such as Healthlink, HIPE and the HSE data lake.

3. Healthcare practitioner data

Professional and work information is processed to verify identity and manage access to the system.

The NSCR uses clear legal bases for data processing:

• Article 6(1)(e) of the GDPR — processing necessary for tasks carried out in the public interest
• Article 9(2)(h) of the GDPR — processing necessary to provide healthcare and manage health systems and services

Irish legislation also supports the processing of this data, including:

• the Health Act 2004
• the Health Identifiers Act 2014
• the Social Welfare Consolidation Act 2005

The DPIA also assessed the NSCR against the ePrivacy Directive.

These assessments ensure that only the minimum personal data needed for the NSCR is collected, and that data is used in a fair and balanced way.

Necessity

Processing patient data is necessary to:

• bring together records from different providers to support continuity of care
• verify patient identity safely using the IHI
• allow healthcare practitioners to access information needed to deliver care and manage services

Processing data about healthcare practitioners is necessary to:

• verify their identity
• control access
• support oversight and compliance

Proportionality

Proportionality ensures that processing is not excessive.
This means:

• using only the minimum demographic information needed to verify identity
• transferring only the health data needed for care from connected systems
• ensuring all users are trained to understand when and how they should use the NSCR

EY provides the technical solution for the NSCR. The HSE selected this solution after a detailed procurement process that included assessments of security, privacy and data protection.

For release 1 (beta), the technical solution focuses on:

• creating and maintaining a single NSCR repository, called the Clinical Data Repository (CDR)
• making records available through a secure clinical portal for authorised users

The NSCR uses an integration architecture that supports the full flow of clinical and operational data from HSE source systems. It uses international healthcare data standards such as FHIR and openEHR.

For Release 1 (beta), data comes from:

• IHI systems
• Healthlink
• HIPE
• HSE data lake (IIS)

Data goes through several steps before being stored:

1. Cleaning, filtering and adding demographic details to help verify records
2. Formatting information to meet standards
3. Storing validated data using openEHR and FHIR models

Access to the CDR is controlled through secure APIs, ensuring traceability and compliance.

Healthcare practitioners access the NSCR through a web-based clinical portal. In release 1 (beta), the portal:

• provides read-only access to patient information
• works on all devices using modern web browsers
• shows data from several health systems in one place
• helps deliver coordinated care across GP, hospital and community settings

A group of 340 trained beta users can use the portal and will provide feedback to support future releases.

To protect patient data:

• audit logs are kept
• users must inform patients when appropriate that their record is being accessed
• automatic session timeouts reduce the risk of unauthorised access

Data from source systems is assessed before it is shown in the NSCR. This includes ongoing data analysis to check if the information is suitable for display.

Data is included only when it meets standards agreed with clinical experts and in line with international best practice.

The NSCR Digital Clinical Safety team:

• maintains a clinical data and interoperability framework
• completes clinical safety assessments
• manages hazard logs and decision logs

The NSCR does not change source data. Instead, issues are logged and sent back to the relevant systems to improve quality over time.

The NSCR was built with “security by design” and “privacy by design.” It aligns with HSE policies and the Chief Information Security Officer (CISO) requirements. A risk assessment was completed as part of the DPIA, and appropriate security controls were put in place.

The NSCR has been assessed against the HIQA “Standards for Information Management in Health and Social Care”. It meets all standards. An action plan is in place to ensure ongoing compliance.

Data processing follows all GDPR principles, including:

• lawfulness
• fairness and transparency
• purpose limitation
• data minimisation
• accuracy
• storage limitation
• security
• accountability

The HSE is the data controller for the NSCR. Any data processors must follow written agreements.

The NSCR team has regularly engaged with the Data Protection Commission. This includes meetings and reviews during the DPIA process.

The HSE Data Protection Office has been involved throughout the DPIA process. It has reviewed the DPIA, provided its opinion, and will continue to review updates as the NSCR develops.