If a medical professional with whom I do not have a clinical relationship (i.e., not working at my registered Family Practitioners, not my dentist, or someone to whom I have been referred by them) access my NHS data, this should be alerted to a 'Caldecott Guardian' who will assess whether the access was justified. So, if I've been involved in a car accident and the A&E team access my data, all well and good. If a medical professional accesses my data to find out if I'm on medication for anything because they know me socially, this is not good.
I do wonder whether the safeguarding rules for NHS Covid Data should have been clearly defined and implemented BEFORE all this data was collected. Not that I mind too much if it is used to save lives, improve public health etc., but if it is for more nefarious or mostly commercial purposes, I'd object strongly.