|
answer text |
<p>Health and care organisations must ensure there is a lawful basis for sharing confidential
patient information from a person's medical records for purposes beyond their individual
care and treatment. This will generally mean that the person has provided their consent;
there is a statutory or other legal requirement to disclose information; or there
is an overriding public interest justification.</p><p>When using personal data, health
and care organisations must comply with UK General Data Protection Regulation (UKGDPR)
requirements and are guided by the eight Caldicott principles which state that confidential
patient information should only be used when it is lawful, necessary and there is
a clear purpose for doing so.</p><p>There are a limited number of legal gateways that
set aside the common law duty of confidentiality, such as the powers of NHS Digital
under the Health and Social Care Act 2012 to require or request data- for example
for purposes directed by the Secretary of State for Health and Social Care. In addition,
where it can be demonstrated that it is impracticable to obtain patient consent or
work with anonymised data, the Health Service (Control of Patient Information) Regulations
2002 permit personal information to be used for cancer registries, communicable diseases
and other threats to public health and enable the approval of the use of confidential
patient information for other ‘medical purpose’s such as research, clinical audit
and service planning by the Health Research Authority (HRA), for research, or the
Secretary of State, for other medical purposes. Before approving such applications,
the HRA and Secretary of State must be advised by the Confidentiality Advisory Group,
an independent body which considers all applications, balancing patient and public
interest with appropriate use of confidential patient information without consent.</p><p>Both
the UKGDPR and Caldicott principles include specific principles related to transparency
and it is the responsibility of each health and care organisation to make a range
of information materials readily available to patients and members of the public about
what, why, how, when and where confidential patient information might be shared.</p>
|
|