To the NHS folks, and the data protections ones too...

[Spinney]

Just got a letter from the local NHS Clinical Commissioning Group, also badged by the county council, saying my medical records are going to be 'joined up' unless I choose to opt out. There is a letter outlining the benefits, which seem reasonable on the face of it.

Part of the data protection blurb in the accompanying 'newsletter' styled thing with it says the info will only be available to authorised local health and social care professionals and will never be passed on to anyone else. The more formal letter adds '... unless we have your consent or it is allowed by law.' - which doesn't quite seem the same thing to me. The 'unless we have your consent' bit sounds like there may be others they share it with in the future, and if that consent is obtained in the same way that this is (i.e. you have to opt out rather than opt in), I don't find that very reassuring. And what if the law is changed to make it allowable to share with third parties (ring ring... hello, we hear you have problem with X... our new medical product is proven to ....)?

Am I being too suspicious? It's not the doctors/nurses etc I don't trust, it's the politicians and the private firms that may well end up running the NHS, the way things are going.

And as a final rant, stating on the 'how wonderful this idea is' letter is the statement that 97% of patients at two pilot scheme practices in the county consented is not a reason to sign up...that's just manipulation....

 

[martint235]

I think you're being too suspicious. When you originally gave your data it was with consent for it to be used by authorised health and social care staff to provide the care provided so what they are now doing is just saying that unless you say otherwise they are going to continue effectively based on your previous consent. My understanding is this is within the remit of DPA.

However in order for your data to be shared with other parties outside of those initially authorised, they need your explicit consent. I believe this would also apply to a private company that has one arm providing a service to the NHS and one arm selling things, they aren't allowed to use the data to sell to you as that wasn't your original purpose in consenting.

 

[swee'pea99]

"or it is allowed by law." When, exactly? Or, to put it another way "Open sesame!"

 

[martint235]

"or it is allowed by law." When, exactly? Or, to put it another way "Open sesame!"

I've always taken that to mean (and I'm no lawyer) that if a law that is considered "higher" in the legal framework requires the data then it's allowed to be shared.

EDIT: I just thought of an example but working the other way. I believe that the DPA outranks the FOI law so an FOI request can be refused on the grounds it would break the Data Protection Act. [I think}

 

[Wafer]

When PCTs were broken up and oxalic health joined local government, it meant people who had been using nhs records for practical stuff were no longer allowed to.
Stuff like letting relevant public sector bodies share this data is in yours and the publics interest. That extra bit sounds like a clause to allow them to share with other relevant organizations more easily without needing a whole new agreement. It doesn't mean it's going to be given to be given to private companies for any reason.

I work with data in the public sector and restrictions on sharing hamper our work because everyone is so scared of data protection. By sharing nhs info, including nhs number, we can do our jobs better. People like to complain about how inefficient public sector us, but then oppose plans to make it better.

Certainly keep an eye on what changes are made to those agreements to keep them in line, but we need to share data to do things properly, we also need some flexibility else we spend ages putting something in place then find we can't use it for a specific purpose which seems ridiculous . Make the right debate about good use of the data rather than whether to share it at all.

 

[Levo-Lon]

I always thought you health records were accessible to all..in health service? Govt bodies

Wouldt bother me..id feel happier9ier knowing my details were easy to obtain if i ended up under a truck..
assuming my doner card wasn't needed..

 

[srw]

The data protection rules in Europe are being tightened up, so your right to be forgotten if you don't like what they do with your data in the future will be strengthened. And the ICO, who regulates this sort of thing in the UK, is a regulator with some teeth and a history of using them.

On the list of evil corporations likely to make nefarious use of personal data an NHS CCG and a county council would come well down the list for me. Even lower, for instance, than the operator of a cycling website.

 

[martint235]

I always thought you health records were accessible to all..in health service? Govt boddies

Wouldt bother me..id feel happier9ier knowing my details were easy to obtain if i ended up under a truck..
assuming my doner card wasn't needed..

Yes but Social Care is now provided by local councils under the re-org that got rid of a lot of the work of the Regional Public Health Groups.

 

[srw]

"or it is allowed by law." When, exactly? Or, to put it another way "Open sesame!"

No - it's things like enabling the police to have access if they can demonstrate that they need it and have the proper permissions, or enabling a hospital to have access to it in an emergency.

Here's what the ICO says:

Can an organisation use my information or pass it on without my consent?
Sometimes – for example, if the police want information in connection with a criminal investigation, or in an event where your health might be at risk. You have certain rights in situations where information might be shared, which you can read about in our guide Sharing my information.

 

[swee'pea99]

No - it's things like enabling the police to have access if they can demonstrate that they need it and have the proper permissions, or enabling a hospital to have access to it in an emergency.

Here's what the ICO says:

When you say 'No', I take it you mean 'yes'. As illustrated by your example, which is just that - an example. Basically, once you say, 'yes, if the law allows', you effectively give free access to those who make, and interpret, the law. And from that point on, they can decide what 'things' are 'like', and on what basis. Not, I suspect, that they won't do that anyway, regardless. But then I have a very dim view of Theresa and her ilk, and am fundamentally suspicious of 'them' generally. Let's face it, in a digital age, civil rights to things like privacy are dead, whatever we do or don't sign.

 

[martint235]

When you say 'No', I take it you mean 'yes'. As illustrated by your example, which is just that - an example. Basically, once you say, 'yes, if the law allows', you effectively give free access to those who make, and interpret, the law. And from that point on, they can decide what 'things' are 'like', and on what basis. Not, I suspect, that they won't do that anyway, regardless. But then I have a very dim view of Theresa and her ilk, and am fundamentally suspicious of 'them' generally. Let's face it, in a digital age, civil rights to things like privacy are dead, whatever we do or don't sign.

I feel that, very briefly, I should defend my boss so "Oi leave off". There. I've defended her.