Information sharing with the Department for Work and Pensions (DWP) guidance for IG professionals

To assess a social security benefit or welfare payment claim, DWP may request confidential patient information from your organisation.

Your legal basis under UK GDPR for providing the information is:

• Article 6 1 (e) – public task
• Article 9 2 (b) – necessary for social security obligations

The common law duty of confidentiality is satisfied by the explicit consent of the patient making a claim, this consent is obtained by DWP.

In line with General Medical Council (GMC) guidance, you may accept an assurance from a DWP officer that the patient or a person properly authorised to act on their behalf has consented. This means that you will not always need to see evidence of the consent.

You should follow local policies for securely supplying information. If DWP asks for specific records, you should send them copies rather than original documents.

DWP’s medical reports are exempt from the provisions of the Access to Medical Reports Act 1988, because the reports are not for employment or insurance purposes. This means the person cannot request access to it before it is sent to DWP.

If a person wishes to see the report, they should request it from DWP through the Subject Access Request process. The GP practice, hospital consultant or other health or care professional will not keep a copy of the report they send to DWP.