In a message dated 07/06/2002 09:00:40 GMT Daylight Time,
[log in to unmask] writes:
<< We have staff jointly employed working on combined NHS and SS work. They
are using the same data and populating data bases in the NHS and in Social
Services.
How do we comply with Data Protection and Caldicott when it is obviously
impossible for one person to split their memory so they do not share data
with them selves!! >>
-------------
As SS data and Health data are both classed as "sensitive" under the Act,
there will be a problem with sharing the data unless the person has given
explicit consent. The conditions under Sch 3 which would apply to the
individual organisations processing their client data would not necessarily
apply where data are shared with another organisation for what is essentially
a different purpose. In addition, the confidentiality rules that apply to
NHS and SS separately are not necessarily overridden just because of the
"convenience" factor in both having access to a common database.
Of course, where a life and death matter arises, the vital interests argument
can be used and Sch 2 / 3 conditions are more easily met without needing
consent. Otherwise, there could be real problems in "using the same data"
without the patient's / client's consent.
Question 1: Is there a possibility that a patient's details could be seen by
a social worker even if that person does not need or want any assistance from
social services? If the answer is yes, then the data are not appropriately
protected.
Q2: If a person working for the NHS sees SS data on a patient that
contradicts the information given by that patient at the hospital, what would
happen? If the NHS data could / would be altered by the employee then there
could well be a breach of the DPA.
Ian Buckland
Managing Director
Keep IT Legal Ltd
Please Note: The information contained in this document does not replace or
negate the need for proper legal advice and/or representation. It is
essential that you do not rely upon any advice given without contacting your
solicitor. If you need further explanation of any points raised please
contact Keep I.T. Legal Ltd at the address below:
55 Curbar Curve
Inkersall, Chesterfield
Derbyshire S43 3HP
(Reg 3822335)
Tel: 01246 473999
Fax: 01246 470742
E-mail: [log in to unmask]
Website: www.keepitlegal.co.uk
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|