Transcript Enforcement
The Data Protection Act
Confidentiality
and
Associated Problems
Enforcement
Common Law
Statute
-
Data Protection Act
Computer Misuse Act
Venereal Diseases Regulations
Human Fertilisation & Embryology Act
Abortions Regulations
Contract of Employment
Registration Body
DPA Principles
1.
2.
3.
4.
5.
6.
7.
8.
Be obtained and processed lawfully and fairly
Be held for specified and lawful purposes as described in
the register entry
Be adequate, relevant and not excessive
Be accurate and up to date
Be held no longer than necessary
Be processed in accordance with the rights of data
subjects under this Act
Appropriate technological and organisational measures
shall be taken against unlawful or unauthorised processing
as well as damage, destruction or accidental loss
Not to be transferred outside the EEA unless the country
has adequate levels of protection for Data Subjects
Data Protection Act 1998
Key Terms
Personal data
Automatically processed
Relevant filing system
Data users
Data controller
Exemptions
Sensitive personal data
DPA Registration
Data users must be registered – their name and address
and a description of:
the personal data they hold
the purpose for which it is held
the sources/sources
to whom it may be disclosed
The Register is overseen by the Data Protection
Commissioner – powers:
Enforcement notice
De-registration
Overseas transfer prohibition
Disclosure 1
Statutory Disclosure
Public Health Control of Diseases Act 1984
Births to be notified within 36 hours
Deaths –
doctor must state cause of death on death
certificate
Abortions Act
the doctor terminating a pregnancy must
notify the Chief Medical Officer at The
Department of Health
Disclosure 2
Patients have a right to see their own medical records
EXCEPT where a clinician considers that this is not in the
best interest of the patient
They can resist disclosure if:
potential harm to the patient
third party breach of confidentiality
Other disclosures to third parties are:
children under 16
HIV positive patients
mentally ill or with learning disabilities
to long term carers
Disclosure 3
Employers (1)
Insurance Co’s (2)
Legal Eagles
)
) Signed Waiver
)
1 and 2 - Access to Medical Reports Act
1988
Informed Consent (ALL)
CHARGES
At the moment the charges for access to records
under the DPA are:
– Mainly manual
– Mainly computer
£50 plus p&p etc
£10 plus p&p etc
with effect from 24th October 2001 the charges
for access to records under the DPA are:
-
Mainly manual
Mainly computer
£10 plus p&p etc
£10 plus p&p etc