Data Protection and Medical Confidentiality - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

Data Protection and Medical Confidentiality

Description:

The commission or alleged commission by him of any offence. Any proceedings for any offence committed or alleged to have been committed by him. ... – PowerPoint PPT presentation

Number of Views:124
Avg rating:3.0/5.0
Slides: 12
Provided by: janed72
Category:

less

Transcript and Presenter's Notes

Title: Data Protection and Medical Confidentiality


1
Data Protection and Medical Confidentiality
  • Friday 10 March
  • HIV/AIDS and Law Theory, Practice and Policy
  • Birkbeck College, University of London
  • Louisa Stillwell
  • Senior Guidance Promotion Manager

2
Outline for today
  • Who we are
  • What we do
  • Data Protection Act 1998
  • Data Protection Principles
  • Sensitive Personal Data
  • Schedule 2 and 3 conditions for processing
  • Other relevant laws

3
Who we are
  • The Information Commissioner is an independent
    authority appointed by the Queen to oversee the
    Data Protection Act 1998 and the Freedom of
    Information Act 2000.

4
What we do
  • Promote good practice
  • Provide information
  • Issue codes of practice
  • Report on functions
  • Maintain register of data controllers
  • Consider requests for assessments under DPA
    decisions under FOIA and EIR

5
Data Protection Act 1998
  • Background ECHR, 84 Act, Dir 95/46/EC, 98 Act
  • Gives rights to individuals regarding information
    processed about them
  • Places obligations on data controllers processing
    personal information
  • Notification to ICO of processing

6
Data Protection Principles
  • Data must be
  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept longer than necessary
  • Processed in accordance with the individuals
    rights
  • Secure
  • Not transferred to countries outside of EEA
    unless they provide adequate protection

7
Sensitive Personal Data
  • Includes personal data relating to
  • the racial or ethnic origin of the data subject
  • His political opinions
  • His religious beliefs
  • Whether he is a a member of a trade union
  • His physical or mental health or condition
  • His sexual life
  • The commission or alleged commission by him of
    any offence
  • Any proceedings for any offence committed or
    alleged to have been committed by him.

8
Schedule 2 and 3 conditions for processing
  • Sensitive data Sch 2 3 condition must be met
  • Schedule 2
  • Consent
  • Vital interests
  • Legitimate interests
  • Schedule 3
  • Explicit consent
  • Vital interests
  • Medical Purposes
  • Must be undertaken by a health professional
  • Includes
  • Preventative medicine
  • Medical diagnosis
  • Medical research
  • Provision of care and treatment

9
Other relevant laws
  • 1st Data Protection Principle
  • Fairly and lawfully processed
  • To be lawful must comply with other relevant law
  • Common Law Duty of Confidence
  • Consent is usually required, even if could meet
    other conditions in Schedules 2 and 3 of DPA98
  • Human Rights Act 1998
  • Right to a private life
  • The ultra vires rule

10
Medical data
  • DPA98 makes no distinction between types of
    medical data however
  • Risk to/effect on individual is important
  • ICO encourages use of privacy enhancing
    technologies
  • Anonymisation
  • Pseudonymisation
  • Individuals have a right to object to processing
    which is likely to cause damage or distress

11
Contact us.
  • Information Commissioners Office
  • Wycliffe House
  • Water Lane
  • Wilmslow
  • SK9 5AF
  • Switchboard 01625 545700
  • Helpline 01625 545745
  • e-mail mail_at_ico.gsi.gov.uk
  • www.ico.gov.uk
Write a Comment
User Comments (0)
About PowerShow.com