Author Archives: admin

Musings on the Summary Care Record

So – who can see my Summary Care Record – and when? The Summary Care Record (SCR) is now well established in England. It is undoubtedly a good idea, in principle. Given the complex web of organisations that deliver healthcare … Continue reading

Posted in GDPR | Leave a comment

NHS Confidentiality Guidance

It may be a source of some confusion that the NHS has five live guidance documents relating to the duty of confidentiality. The original 2003 guidance document is the non-statutory “Confidentiality: NHS Code of Practice” issued by the Department of … Continue reading

Posted in FOI | Leave a comment

The “Legal Basis” for processing sensitive health data

There are several occasions when the legal basis for processing health data needs to be identified, particularly in relation to data sharing and processing arrangements and when carrying out a Privacy Impact Assessment. This discussion is limited to those occasions … Continue reading

Posted in GDPR | Leave a comment

How to send sensitive bulk emails

Chelsea and Westminster Hospital NHS Foundation Trust has been fined £180,000 after revealing the email addresses of more than 700 users of an HIV service. This was a classic case of putting all the email addresses of a large circulation … Continue reading

Posted in GDPR | Leave a comment

Royal Free NHS Trust and Google UK

The murky world of Information Governance in the NHS has been further stirred by the story of the arrangements between the Royal Free Trust and Google UK. The BBC and others have reported a “data-sharing agreement” between the two. Google … Continue reading

Posted in GDPR | Leave a comment

NHS Email Armageddon 2016

All intelligent people understand that email and the personal inbox is not a good place to store and manage corporate information. Many organisations will have formal policies which forbid, frown on, or discourage such practices. A small subset of those … Continue reading

Posted in GDPR | Leave a comment

The appeal of Alzheimers

Article originally posted in February 2016. Updated following confirmation from the society that they had withdrawn the appeal after the terms were varied by mutual consent to extend it to April 2017 and the ICO had subsequently confirmed satisfaction that … Continue reading

Posted in GDPR | Leave a comment

Do Children Have Rights (Part 2)

How far can we rely on Information Commissioner’s Office (ICO) Guidance? I recently commented on the issue of schools internally publicising the performance of pupils. But what about publishing to the world? The concerns expressed below may be more serious … Continue reading

Posted in GDPR | Leave a comment

Do schoolchildren have rights?

My eye was caught recently by this article on the BBC News channel. It seems some, no doubt well-meaning,* Head thought it a good idea to create what was in effect a league table of pupils’ ability by displaying their … Continue reading

Posted in GDPR | Tagged , | Leave a comment

Volunteers and Data Protection

The Information Commissioner recently published a report  following a series of visits to Victims’ Services Alliance Organisations. These are typically charities but the report is also aimed at non-charitable volutary organisations. One issue touched is the question of identifying who … Continue reading

Posted in FOI, GDPR | Leave a comment