Posts Tagged ‘Data Protection Act’

Who owns patient records?

Friday, March 4th, 2011

The proposed Heath and Social Care bill has certainly got temperatures raised at the British Medical Association, not least because the organisation claims that the new legislation could threaten the confidentiality of patient medical records.

As the BMA point out, the bill would give bodies including the Commissioning Board, the NHS Information Centre, and the Secretary of State broader powers to access confidential information, but provides little guidance on how this power could be wielded, who could potentially have access to the records in the future, or how it will be safeguarded.

The BMA’s main concern seems to be that patients may withhold information from doctors if they become concerned for their privacy. Dr Vivienne Nathanson, the BMA’s head of science and ethics, recently said that the government had placed its desire for access to information over the need to respect patient confidentiality, adding:

There is very little reference to rules on patient confidentiality that would ensure patients are asked before their information is shared or guarantee that the patient’s identity will not be revealed. Fears that their data may be shared with others may result in patients withholding important information; this may not only affect their own health but has implications for the wider health service.

There has never been a level playing field when it comes to accessing medical records and data. Back in 2006 Dr Foster Intelligence was given exclusive access to NHS data in an agreement with the DoH – and it seems any big pharmaceutical companies with deep enough pockets can lay their hands on this supposedly sacred information (see this blog post on Dr Foster by journalist Robert Munro).

The BMA has voiced support for the use of anonymised data for “secondary health purposes” but maintains that identifiable information should not be disclosed unless patients give explicit consent. The Department of Health has said that the bill does not change any of the existing legal safeguards, “which are set out in the Data Protection Act and the common law of confidence.”

You can track the progress of the Bill on the British Medical Association website.

Council survey causes privacy concern

Wednesday, February 16th, 2011

A survey issued by Wiltshire Council has stirred up a privacy debate in the local community, as it asks questions about resident’s sexuality, debt levels and qualifications.

According to the Salisbury Journal, the document has been sent out to 26,500 households across the county “to help the council develop its housing and planning policy” to provide affordable housing in the area.

The council said responses will be anonymous, but campaign group Privacy International has advised people not to fill out the form at all. PI’s Alexander Hanff told the BBC:

Questions about sexual orientation [and] how much money you have in the bank are highly personal questions…They’re asking for far too much data with far too much variants and this is an issue, and a         concern, from a privacy perspective.

Oddly, the council’s service director for economy and enterprise said, “all this stuff is actually getting cleansed before we get the data”.
Data cleansing usually involves verifying collected information and discarding any data that is out of date, but it’s unclear what is being done to the surveys. The council also claims they are required by law to ask about sexual orientation, but what law this is they don’t say.

The council expects 6,000 completed surveys, so it will be interesting to see how many are submitted after the concerns raised.

Public call for stronger data protection

Friday, November 26th, 2010

UK Information Commissioner Christopher Graham has handed out the first fines for breaches of the Data Protection Act saying they will “send a strong message” to those handling data.

The commissioner was given the ability to fine organisations up to £500,000 for breaching the Act earlier this year. Hertfordshire County Council was fined £100,000 for sending two faxes regarding a child sex abuse case to the wrong recipient. Sheffield-based company A4e was fined £60,000 after a computer containing the unencrypted data of 24,000 people was lost. Both incidents occurred in June.

In these cases, both organisations came forward of their own accord. In some American states such as California, revealing breaches such as this is mandatory The system in the UK is currently voluntary although a recent poll published by LogRhythm showed that 80 percent of people wanted more stringent laws regarding data breaches.

Out of the 5000 people surveyed, 31 percent even suggested that company directors should be subject to criminal proceedings. Many have welcomed the commissioner’s step towards protecting sensitive data. The Financial Times referred to Graham as a “privacy watchdog chief with a bite”, and noted that the announcement follows criticism of the ICO’s handing of the Google Street View data collection controversy.

Perhaps the ICO is trying to prove it is a watchdog with teeth.