Legislation requiring GPs and hospitals in England to share patient data will be announced in the King's Speech this week, as part of a £10bn programme to digitise the health service. The plan to create a single patient record for every individual has broad clinical logic behind it, but has surfaced a dispute about who owns health data, who is liable when it goes wrong, and whether the legal framework being proposed is adequate for either.

The single patient record is intended to bring together health information currently held in separate systems across different providers. At present, a hospital treating a patient in an emergency can typically access details of current medications and known allergies, but not a full medical history. GPs, meanwhile, learn what happened to their patients during hospital stays through letters sent by email from consultants, a process that is slow and creates gaps in the clinical picture. The new system would make a complete record available to any treating clinician, regardless of where in the health service they work.

Health Secretary Wes Streeting has made the case for the change in direct terms. He has pointed to the situation facing paramedics attending heart attack and stroke patients who cannot access medical records at the scene, and described the legislation as something that would save lives. The Department of Health and Social Care confirmed that single patient records would begin reaching clinicians in maternity and frailty care settings as early as next year, with wider rollout to follow. The legislation forms part of a health bill that will also abolish NHS England by 2027.

The current arrangement places GPs as the legal data controllers for their patients' records. They can share that data with third parties, including for research, but they hold responsibility for it. Hospitals operate their own data systems independently. The proposed legislation would shift that arrangement, compelling data sharing and, in doing so, transferring elements of data ownership and responsibility away from individual practices.

It is this transfer that has generated the sharpest response from the medical profession. GP leaders have raised concerns about being held liable for errors in data entered by other providers. If a hospital records information incorrectly and that error causes harm, the question of who bears legal responsibility is, under the current draft framework, unanswered. Without statutory indemnity and clear legal protections, GP leaders have warned that clinicians may become more cautious about data sharing rather than less, which would undermine the policy's stated purpose.

The British Medical Association has been explicit on this point for some time. Its GP committee has argued that doctors should retain control over GP data within any unified record system, and has warned that removing that control risks eroding patient confidentiality and damaging trust between patients and their family doctors. The concern is less about the principle of shared records and more about who answers for what when things go wrong.

The NHS Alliance, which speaks for hospital trusts and NHS leaders, has taken a more measured position. It has said a unified patient record could improve how services communicate and could give patients greater involvement in their own care. But it has also called on the legislation to be specific about accountability. Who controls which data, for what purposes it can be used, who is legally responsible in the event of a breach or an error, and what patients are told about how their information is handled are, the Alliance argues, questions the bill must answer clearly. Without that clarity, it has cautioned, the legislation may face difficulties in Parliament and could struggle to secure public confidence.

The clinical argument for a single patient record is not seriously contested. Fragmented records cause real harm, and the current system of letters and disconnected databases is difficult to defend as fit for purpose. What remains unresolved is the governance around it. Legislation that compels data sharing without settling questions of liability and ownership may find that the problems it was designed to solve are replaced by different, and potentially more complicated, ones.