care.data an ico update emis national user group conference east midlands conference centre...
TRANSCRIPT
Care.Dataan ICO UpdateEMIS National User Group
Conference
East Midlands Conference CentreNottingham
3rd October 2013
Lynne Shackley Lead Policy Officer
Information Commissioner’s Office
Purpose• To update the group on the ICO view
on Care.Data
• To promote good practice
• To encourage questions and discussion
Welcome• We understand that NHS information is a valuable resource
• We welcome initiatives to use this information to improve patient care and to enhance the quality of research
But a cautious welcome• Aims may be laudable, but any use
of information must be in compliance with the DPA
• The Principles• Schedule 2• Schedule 3
The Principles1.Fair and lawful2.Obtained for one or more lawful purpose 3.Must be adequate, relevant and not excessive 4.Accurate and kept up to date5.Not kept for longer than is necessary 6.Processed in accordance with the rights of data subjects7.Must be kept secure8.Not transferred outside the EEA, unless an adequate level of data protection exists
The Scheduled Conditions• Conditions for processing: schedules
2 and 3 reflect the need for greater care when handling sensitive data
• Information Rights: not just access • Good security, integrity of
information, • The DS’ expectations about having
confidence in the DC
The Legal Gateway• The Health and Social Care Act as a
legal gateway• How this works in conjunction with
the principles and the schedules
So What’s the Problem?• Our main concern is about fairness
• This requires transparency• There is a legal requirement for fair processing information
• GPs have a responsibility to keep their patients informed
• H&SC IC also have a responsibility to explain what they are doing
Our Next Steps (1)• Working with NHS England offering
advice and guidance as appropriate
• Working with GPs, patients groups and practitioners’ representatives
• Our aim is to help ensure that information for patients is as clear as possible
Our Next Steps (2)• ICO informed that extraction has
been halted• We are awaiting the Communications
Strategy from NHS England• We will comment on this as seems
appropriate• We have seen the relevant task set,
but no timetable as yet
The End Result• Patients know what is happening to
their information and understand this• Patients can object to the extraction
of their information for H&SC IC purposes – and this will be honoured
• This goes beyond the requirement of S10 of the Act
• There will be some exemptions
Some useful links:The ICO website:http://www.ico.org.uk/Working with us:http://www.ico.org.uk/for_organisations/
data_protection/working_with_the_icoFree publications and training aids:https://www.ico.org.uk/Global/request_publicationsPrivacy Notice Code of Practice:http://www.ico.org.uk/for_organisations/
data_protection/topic_guides/~/media/documents/library/Data_Protection/Detailed_specialist_guides/PRIVACY_NOTICES_COP_FINAL.ashx