The Data Protection Acts are not there to stifle business, they are there to ensure that data collected is used and protected appropriately, and managed according to the purpose for which it was collected.

That means you can share data with your secretary, the insurance companies and other parties, such as Hospitals, Accountants and Billing companies like HytheHopes. But you should only share the data that is absolutely necessary for them to undertake their role. For example, at HytheHopes, we do not get to see clinic letters, as they are not relevant to producing an invoice. We only need the codes for the treatment performed, the history and the outcome for the patient make no difference to how we can do our job.

Technically, you are the Data Owner, and the other parties are the Data Processors. Most of legal requirements around the data apply equally to all parties.