Kathy:
My observations
There can be fair obtaining, fair processing and Principle 7 contract
issues.
Notice content to individual dependent on relationships to you and your data
uses as a data controller.
The individual appears to become a data subject of a UK data controller
through the referee as an intermediary.
For Principle 1 Individual should be advised of the information required in
Sch 1 Part II Section 2 1 (b) and 2 (3). You appear to need explicit consent
as some data is likely to be sensitive given data subject is a referred
patient to process as a processing condition (Principle 1) so this needs
full transparancy as to your identity, purposes and disclosures and a method
of the data subject signifying acceptance.
If the referee is providing you with processor services then you also need a
contract covering principle 7 issues about security with them. Also consider
subject access as if they are your processor you are responsible for data
retrieval at any time. Given the admin does the relationship with the
referee need to be a controller processor one, or is it controller to
controller. They appear to be introducing a data subject to a different
health care provider. If they are independent and refer to anyone then are
they working for you. In Insurance we have some intermediaries who are tied
agents (processors) and some who are independent (data controllers). Some
relationships are also a mix.
Hope this assists
David Wyatt
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]]On Behalf Of Medical Records Mgr
> - Kathy Perkins
> Sent: 22 February 2002 09:30
> To: [log in to unmask]
> Subject: 8th principle
>
>
> Some of our patients come from outside the EU. We are in the process of
> putting together a model contract for use when using people in these
> countries who work independently but refer patients to us
>
> Does anyone have a paragraph which succinctly states the obligations we
> jointly have under the Act in the transmission of patient related data to
> the countries outside the EU ?
>
> Kathy Perkins
> Medical Records Manager
> The London Clinic
> 20 Devonshire Place, London W1N 2DH
> Telephone 020 7 935 4444 x 3675
> email: [log in to unmask]
>
>
>
>
>
> This email, together with any attachments, is for the exclusive and
> confidential use of the addressee(s) and may contain legally privileged
> information. If you have received this message in error please notify the
> sender by email immediately and delete the message from your computer
> without making any copies.
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|