DATA PROTECTION IN THE UK: CURRENT AND FUTURE CONCERNS

The British Medical Association has expressed concern this week about the Health and Social Care Bill – in particular, about its approach to data protection and the sharing of patients’ medical information. The Bill proposes a new “information standard” for the NHS which, according to the BMA, shows that “the Government has decided to place its desire for access to information over the need to respect patient confidentiality”. The new law would empower the Secretary of State to obtain such information as he considers it necessary to have; it would also widen the access to medical information by the NHS Commissioning Board, NHS Information Centre and local authorities. More detail on the proposed changes can be found in articles in the Daily Telegraph here, and the Guardian here.

The BMA wants to see the Bill amended: “so that it enshrines the need for explicit patient concent to any disclosure of information, unless the information has been properly anonymised or there is an overriding public interest.” The Department for Health, on the other hand, is confident that the proposals would preserve confidentiality and comply with the data protection law. Presumably, the Department means data protection law as implemented in the UK. At the 11KBW Information Law Seminar last week, I discussed the tension between the narrow approach to data protection that has prevailed under UK common law since Durant, and the considerably wider approach taken at a European level (and favoured domestically by the Information Commissioner).

On this subject, there is a very interesting report on Amberhawk this week, available here. This sets out in some detail the European Commission’s concerns about the UK’s apparently “bare minimum” approach to implementing its data protection obligations. It’s not yet clear what the Commission will do about this, but it appears to be only a matter of time before negotiation or confrontation on this issue comes to a head.