Duncan
As the data subject is in the bed pass responsibility back to them. Hospital
staff may say "Here's your records Fred / Freda its up to you to manage
their security while here, you are welcome to keep them private if you wish.
For your convenience we have provided you with a filing facility via a hook
on your bed. Oh and if you hide them where we can't get them quickly you may
get incorrect treatment in an emergency. But you have a free choice."
(Consent by duress or not)
A exeception process of course needed for all unconscious or mentally
impaired patients. Perhaps for these the Ward sister should hold the
records. If ability to sprint was a recruitment factor for the Ward sisters
such security improvement needn't slow hospital efficiency by much. ;-)
More seriously perhaps a pragmatic step, if it is not there already, would
be to ensure a clear warning exists on such envelopes advising that any
unauthorised access by non-hospital staff without patient consent is a
criminal offence. Security by psychology. This does not stop a loss or
possibly a malicious change which could cause harm (depending on the
reliance on the records in treatment) but it does make a prosecution against
the person abusing easier, assuming they can be identified. Same philopsphy
as Computer Misuse - give clear warning of unauthorised use, do not invite
access. To my mind if the current procedure is run by the majority of
hospitals then it appears reasonable, in that context given access
arguments, until proven evidence of abuse shows it not to be. A breach of
7th principle in itself not being a direct criminal offence.
If the records are used to make care decisions where unauthorised alteration
could prove fatal to the patient, then perhaps security should be better.
As ever many points of view possible
David Wyatt
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]]On Behalf Of Duncan Smith
> Sent: 15 February 2002 14:33
> To: [log in to unmask]
> Subject: Patient Identifiable Information and P7
>
>
> Just trying to find a balance here between the requirements of Principle
> 7 and day-to-day reality.
>
> A recent discussion with a colleague centred on whether a hospital had
> failed in its duty to take reasonable precaution against unauthorised
> access to sensitive personal data, by allowing Health Records to be
> located in a brown document wallet at the foot of the patient's bed. You
> know, like they always are!
>
> In an open ward situation, what would stop an unauthorised person
> 'browsing through the contents' whilst the patient was away for
> treatment etc.?
>
> We convinced ourselves that locking them away would not work, with all
> the various health professionals needing 24hr access to the records. It
> could also be argued that this would be dangerous in an emergency
> situation (not in the spirit of the Act).
>
> Anyone think the current practice is illegal?
>
>
> Duncan S Smith
> Principal Consultant
>
> e-mail: [log in to unmask]
> gsm: +44 (0)777 556 8180
>
> Company Profiles
> "The process of Improvement"
> ----------------------------------------------------------------
> The information transmitted is intended only for the person or entity to
> which it is addressed and may contain confidential and/or privileged
> material. Any review, retransmission, dissemination or other use of, or
> taking of any action in reliance upon, this information by persons or
> entities other than the intended recipient is prohibited. If you
> received this in error, please contact the sender and delete the
> material from any computer.
>
> This footnote confirms that this email message has been swept by Norton
> Antivirus software for the presence of computer viruses.
>
> Company Profiles Huntingdon UK +44(0)1480 461671
> -----------------------------------------------------------------
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|