May I offer a thought? I expect there is a substantial amount of patient identifiable data (PID) being transferred within the NHS and indeed between NHS organisations and CCGs in shadow form. It is worth remembering that in order to transfer PID there has to be a legal basis for the purpose and use of the data at each point of the data flow. You should only transfer or share data where there is the legal basis to do so. It is important therefore to make sure that the bodies that transfer and use data are legal entities. Of course, CCGs in shadow form are not (yet) NHS bodies and do not have the power/accountability for processing. There may be some statutory and public interest exceptions, but sharing of information with GPs in CCG's should be done with care to ensure the processing is fair and lawful. I suspect very few people are obtaining patient consent to transfer.