Data protection laws and personal data Flashcards
What is personal data?
Information relating to an identifiable natural person, who can be directly/indirectly identified by reference to an identifier
Give 3 examples of identifiers?
Name, address, cultural identity
What act was implemented in the UK to protect personal data?
General Data Protection Regulation (GDPR) implemented Data Protection Act 2018
How does the DPA 2018 state data should be processed?
Fairly and lawfully
What right does the DPA 2018 give living people/their authorised representatives?
Right to apply for access to personal data irrespective of where data was produced
In what 2 situations does DPA 2018 not apply?
Deceased person
Data is anonymous
Does DPA 2018 apply to NHS or private health records?
Both
How does DPA 2018 apply to employers?
Employers could hold info on employees’ mental, physical health
Who developed the Caldicott principles?
Dame Fiona Caldicott
What is the purpose of the Caldicott principles?
Demonstrate how staff should handle their access to patient’s personal information
What is the role of the Caldicott Guardian?
Safeguarding and governing of use of personal data in the Trust
How many Caldicott principles are there?
8
What do Caldicott principles state about decisions regarding sharing confidential info?
Must be justified
What do Caldicott principles state about when to share confidential info?
Only when necessary
What do Caldicott principles state about how much confidential info to share?
Minimum necessary amount
What do Caldicott principles state about sharing info on a need-to-know basis?
Only tell others what they need to know at the time that need to know the info
What do Caldicott principles state about staff responsibilities regarding sharing confidential info?
Staff should be aware of their responsibilities
What do Caldicott principles state about the law?
Staff must comply with the law
What do Caldicott principles state about balance between duties of sharing info and confidentiality?
Duty of sharing info for individual care is just as important as duty of confidentiality
What do Caldicott principles state about informing patients and service users?
They should be informed about how their personal data is used
If personal data is incorrect or incomplete, what can the data subject do?
They have the right to correct data
If a patient’s personal records contain an incorrect clinical opinion, can the patient exercise their right to correct data?
No, incorrect clinical opinions can’t be removed/corrected but patient can add note stating that they disagree with the clinical opinion
What right does a data subject have that allows them to request to remove personal data?
Right of erasure
Why does a data subject’s right to erasure not apply to health records?
Healthcare professionals can refuse to comply if data is needed for processing eg. in public interest, or they have official authority
Can children access their personal records?
Yes, if they have capacity
Give 2 situations in which a patient can access their child’s personal records?
Child gives consent to parents
Child doesn’t have capacity, so patients are given access in child’s best interests
Can divorced or separated parents access their child’s personal records if required?
Yes, they still have the same parental responsibility
Generally, do deceased patients’ notes stay confidential?
Yes
Give 2 examples of when deceased patients’ notes are shared?
Access to Health Records Act 1990 applied
Court-ordered
What is the Access to Health Records Act 1990?
Permits access to deceased person’s records by others with claim arising from that patient’s death
