If you are complying with current data protection best practice in health and social care the world will not end on 25 May, says NHS England’s head of data sharing and privacy, Dawn Monaghan.
Also head of strategic information governance for NHS Digital and director of the Information Governance Alliance (IGA), Monaghan says there are a lot of untruths going around about GDPR. But current best practice puts you in a good place to follow ICO guidance for the sector as it becomes available.
Consent under GDPR, she adds, is potentially confusing in health and care. It will not be necessary in the majority of cases as a means of data sharing: you can use the fact that you are a public authority with official investment to share and the protection that data is shared for medical purposes. Consent under the common law duty of confidentiality will still be required, she says, but it is not as onerous as consent under GDPR.
The Information Governance Alliance's website has guidance from the national GDPR working group and IGA that will help the NHS, social care and partner organisations prepare for EU General Data Protection Regulation when it comes into force later this month.
The Information Commissioner's Office website contains lots of useful summaries of both the current Data Protection Act and the General Data Protection Regulation (GDPR). Specific sections of the ICO website that may be useful are:
· https://ico.org.uk/for-organisations/health/
· https://ico.org.uk/for-organisations/local-government/
You can watch the full broadcast 'Are you ready for GDPR & Subject Access Requests?' here.
You can also hear Dawn speak at the forthcoming Digital Health and Social Care event on the 21 June 2018. Click here to reserve your place.
