Data Protection Flashcards
What are consequentialist arguments for maintaining confidentiality?
The impact on the patient - breach may upset them, affect trust, less likely to share info in future
Impact on others generally - loss of public trust
Impact on specific others - the harm of non-disclosure
What ethical arguments are there for maintaining confidentiality?
Consequentialist arguments - impact Respect for autonomy Virtue ethics - trustworthiness virtues/promise-keeping Duty of Care Protecting doctor-patient relationship
Outline the GMC professional guidance on confidentiality
Updated to reflect GDPR
Trust is an essential part of Dr-patient relationship, confidentiality is central to this and if breached can result in poor care as patients will withhold symptoms/delay seeking help
Consent is required to share info about patients care
What are the 4 points that you can assume implied consent with regards to sharing patient information about their care?
The data must be accessed to directly support patients care
Info is available to the patient saying how their data will be used and how they can object
You have no reason to believe the patient might object
You are satisfied that anyone you disclose the information to will understand its given in confidence and treats it accordingly
You should ask for explicit consent to disclose patient information for purposes other than direct care
What are secondary uses of patient information?
Research Types of audit eg financial Public health Education Health service planning
When can you disclose patient information without breaching confidentiality?
When the patient has given explicit consent
Disclosure is required by law/courts
Disclosure is approved by statutory process that sets aside common law of duty of confidentiality
Disclosure can be justified in public health interest
Outline the use of anonymised information/what is it?
Anonymised info usually suitable for any reason other than patients direct care
Anonymised if:
It doesn’t directly identify individual
Unlikely to allow individual to be identified by combination of data
Can you breach confidentiality and disclose non-anonymised data?
Identifiable information may be disclosed for secondary purposes if there’s a legal basis for breaching confidentiality
(In case of research, has to be approved by Research Ethics Committee)
What are some alternative secondary reasons for disclosing patient information?
Notifiable disease
DVLA
Gunshot/knife wounds
Disclosing info for insurance/employment/financial/administrative purposes
What are the 2 laws/acts concerned with data protection?
GDPR (General Data Protection Regulation in all EU states)
Data Protection Act 2018 updated to supplement above
What are the 6 key principles of GDPR?
Data must be: Fairly, lawfully processed Collected for legitimate purposes Adequate, relevant, limited to what's necessary Kept for no longer than necessary Processed to ensure appropriate security
Outline NHS access to health records
GDPR allows access to health records for all living individuals
NHS has 1 month to respond to request
Access to Health Records Act 1990 - allows access to deceased people
Who may access health records?
Patients Person with parental responsibility (if not contrary to competent childs wishes) Power of attorney if patient lacks capacity Executor of will Independent Mental Health Advocates Independent Mental Capacity Advocates Police Solicitors with consent of data subject
When is access to health records limited?
When it reveals identify of another person
When access is likely to cause serious physical/mental harm to data subject
