• Home
  • About us
  • Clinical Safety
  • Digital Transformation
  • Funding
  • Services
    • CSO as Service
    • DSPT submission support
    • Information Governance
    • Training & Support
  • Intranet
    • StaffNet
    • IHC-Comms
    • KnowBe4 Learning Central
    • Mobile Rocket
    • LadyBird AI
    • Florence Healthcare
    • LFH Regulatory Partner
    • Data Connect
    • RetinAI
    • Sound Doctor
    • ClinTrialMed
  • Global MedTech
  • More
    • Home
    • About us
    • Clinical Safety
    • Digital Transformation
    • Funding
    • Services
      • CSO as Service
      • DSPT submission support
      • Information Governance
      • Training & Support
    • Intranet
      • StaffNet
      • IHC-Comms
      • KnowBe4 Learning Central
      • Mobile Rocket
      • LadyBird AI
      • Florence Healthcare
      • LFH Regulatory Partner
      • Data Connect
      • RetinAI
      • Sound Doctor
      • ClinTrialMed
    • Global MedTech
  • Home
  • About us
  • Clinical Safety
  • Digital Transformation
  • Funding
  • Services
    • CSO as Service
    • DSPT submission support
    • Information Governance
    • Training & Support
  • Intranet
    • StaffNet
    • IHC-Comms
    • KnowBe4 Learning Central
    • Mobile Rocket
    • LadyBird AI
    • Florence Healthcare
    • LFH Regulatory Partner
    • Data Connect
    • RetinAI
    • Sound Doctor
    • ClinTrialMed
  • Global MedTech

Data Sharing Policy

 Innovate Health Consulting Limited
Effective Date: 01/11/2024
Last Updated:26/02/2026

 

1. Our Commitment to Responsible Data Sharing

Innovate Health Consulting Limited (“IHC”, “we”, “us”, “our”) operates within the UK healthcare and digital health sector. We are committed to ensuring that any sharing of personal data is lawful, transparent, proportionate, and secure.

Our data sharing practices align with:

  • UK General Data Protection Regulation (UK GDPR) 
  • Data Protection Act 2018 
  • ICO Data Sharing Code of Practice 
  • NHS Data Security and Protection Toolkit (DSPT) standards 
  • NHS Digital Technology Assessment Criteria (DTAC) requirements 
  • Clinical Risk Management standards (DCB0129 / DCB0160, where applicable) 

We do not sell personal data. We only share data where it is necessary to deliver our services, meet legal obligations, or protect public and clinical safety.


2. When and Why We Share Personal Data

We share personal data only in specific and justified circumstances.

2.1 Delivery of Consultancy Services

As a specialist consultancy in digital health, clinical safety, and regulatory compliance, we may share information when providing services such as:

  • Clinical Safety Officer (CSO) support 
  • DTAC readiness and assurance 
  • DSPT compliance consultancy 
  • AI governance and risk frameworks 
  • Digital transformation and programme advisory services 

Where required, data may be shared with:

  • NHS organisations 
  • Integrated Care Boards (ICBs) 
  • NHS Trusts and Foundation Trusts 
  • Digital health suppliers 
  • Regulatory and compliance advisors 

Data shared is limited strictly to what is necessary for the agreed contractual purpose.

2.2 DTAC and NHS Compliance Engagements

When supporting clients with Digital Technology Assessment Criteria (DTAC) submissions or NHS procurement readiness, we may process or review:

  • Information governance documentation 
  • Security architecture documentation 
  • Clinical safety documentation 
  • Risk registers and compliance evidence 

Where appropriate, formal Data Processing Agreements (DPAs) or Data Sharing Agreements (DSAs) are established to define roles and responsibilities.

2.3 Professional Advisors and Service Providers

We may share relevant data with trusted professional providers including:

  • Accountants and auditors 
  • Legal advisors 
  • Insurers 
  • IT service providers 
  • Secure cloud hosting providers 

All third-party providers are contractually bound by data protection obligations.

2.4 Legal and Regulatory Requirements

We may disclose personal data where required by law, including:

  • Regulatory authorities 
  • Courts or tribunals 
  • Law enforcement agencies 

Such disclosures are limited to lawful requests and statutory obligations.


3. Lawful Basis for Sharing

We share personal data only where a lawful basis exists under UK GDPR. This may include:

  • Performance of a contract 
  • Compliance with a legal obligation 
  • Legitimate interests (balanced against individual rights) 
  • Consent (where required) 
  • Substantial public interest, particularly in healthcare safety 

Where Special Category Data (such as health-related information) is processed, we ensure that an additional lawful condition under Article 9 UK GDPR applies.


4. Data Minimisation and Proportionality

We apply strict data minimisation principles in all sharing arrangements:

  • We only share information that is relevant and necessary. 
  • We avoid excessive disclosure. 
  • Access is restricted to authorised individuals. 
  • Data is not retained longer than required. 

We assess risk before engaging in structured or recurring data sharing.


5. Security and Safeguards

We implement appropriate technical and organisational measures to protect shared data. These include:

  • Role-based access controls 
  • Secure password policies and multi-factor authentication 
  • Encrypted systems where appropriate 
  • Secure Microsoft 365 and SharePoint environments 
  • Confidentiality obligations for staff and associates 
  • Governance oversight by senior leadership 

Where applicable, our approach aligns with NHS DSPT standards and DTAC security expectations.

If personal data is transferred outside the UK, appropriate safeguards such as Standard Contractual Clauses or adequacy decisions are applied.


6. Formal Data Sharing Agreements

Where ongoing or structured sharing takes place (for example in NHS contracts or regulatory partnerships), we establish formal written agreements that define:

  • Whether parties act as Data Controllers or Processors 
  • Purpose and scope of data processing 
  • Security expectations 
  • Retention periods 
  • Incident reporting responsibilities 
  • Responsibilities for handling data subject rights 

This ensures transparency, accountability, and compliance with UK GDPR.


7. Website Data Sharing

When you interact with our website, we may collect limited personal data through:

  • Contact forms 
  • Service enquiry forms 
  • Newsletter subscriptions 
  • Meeting bookings 

This data is used solely to:

  • Respond to enquiries 
  • Deliver requested services 
  • Provide relevant information 

We do not sell or trade website data. It is shared only with authorised personnel or essential service providers supporting website functionality.


8. Data Subject Rights

Individuals whose data we process have the right to:

  • Request access to their personal data 
  • Request correction of inaccurate information 
  • Request deletion (where legally permissible) 
  • Restrict or object to processing 
  • Request data portability 
  • Lodge a complaint with the Information Commissioner’s Office (ICO)
     

To exercise your rights, please contact initially to:

Dr Krishna Nair, Named Data Protection Officer and IG Lead

Email: Krishna@Innovatehealthconsulting.com
Registered Office: 124-128 City Road, EC1V 2NX LONDON


9. Data Breach Management

In the unlikely event of a personal data breach:

  • We will assess the risk promptly 
  • Notify affected parties where required 
  • Report to the ICO within statutory timeframes where applicable 
  • Cooperate fully with NHS organisations or partners 

We maintain internal procedures to manage and mitigate incidents effectively.


10. Updates to This Policy

We may update this Data Sharing Policy periodically to reflect changes in law, NHS guidance, or operational practice. The latest version will always be published on this page with an updated revision date.


Contact Information

Innovate Health Consulting Limited
Company Number: 16001254
Registered in England and Wales
Email: Info@innovatehealthconsulting.com 

  • About us
  • Clinical Safety
  • Digital Transformation
  • Funding
  • DSPT submission support
  • Information Governance
  • Training & Support
  • Privacy Policy
  • Data Sharing Policy
  • Terms and Conditions
  • Global MedTech

Registered office address: 124-128 City Road, EC1V 2NX LONDON

Company Register number: 16001254

Copyright © Innovate Health Consulting Limited - All Rights Reserved.

Info@innovatehealthconsulting.com

This website uses cookies.

We use cookies to analyse website traffic and optimise your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept