In the medical field, the DPA often makes only a relatively modest
contribution to patient privacy compared to the common law of
confidence and the requirements of professional ethics, both of which
give high priority to confidentiality (eg a doctor can be struck off
for a serious breach of patient confidentiality). Its risky to approach
patient confidentiality primarily as a DP issue, because these other
regimes often provide far more substantial safeguards and penalties.
I'm not sure I would characterise the common law as something which
only operates after harm has been done (point 1 below). If you know
that a breach of confidence is being considered, you can obtain an
injunction against it before the harm is done. If you are a health
body or professional considering the legality of a proposed disclosure
you would consider all the relevant legal provisions (Article 8, law of
confidence, DPA etc) before going ahead, not just the human rights
provisions. It may be that some provisions operate before any question
of disclosure arises (eg regulating what you can record), but doesn't
that just depend on the nature of the provision? The 1984 DPA also
regulated the collection of data, and that wasn't the result of human
rights law.
Maurice Frankel
On 31 May 2004, at 11:40, ianwelton wrote:
>
> It is a DP issue directly relevant to those who are concerned with
> disclosure/use issues relating to medical data.
>
> Otherwise personally I perceive it as a more generic but very important
> issue covering justificatory cause for principle one compliance when
> looking
> at Schedule 1 or 2 conditions; Hence how to approach any DP matter,
> what
> questions are relevant in that approach and the content of any Code of
> Practice.
>
> i.e. Can I collect and use data regarding a persons reading habits or
> particular viewpoints for organisational purposes. If that is
> possible, what
> justification could provide legitimacy for that purpose, what
> restrictions
> will exist surrounding that data, and how can the other principles be
> effectively implemented to reflect that situation?
>
>
> My understanding is that answers emanating from the Common law and
> answers
> emanating from Human Rights law can differ, sometimes in fundamental
> ways:
>
> 1. Common law requires individuals to prove they have been harmed
> after any
> event and may need to catch up (Expensive for all involved);
>
> 2. Human Rights law requires sufficient cause/reason prior to any
> personal
> data collection and hence before any harm is caused to the data
> subject.
>
> Human Rights law has a wide international and considered signatory
> base, so
> would seem more widely geographically relevant.
> The Common law depends on historical origins and is frequently focused
> for
> various reasons.
>
> I also think the Human Rights law is what is termed 'superior law', so
> takes
> precedence over the Common law. Perhaps one of the lawyers in the
> group
> could confirm/deny that.
>
> Each EU member states ICO's guidance should actually reflect the base
> set of
> laws which they use to formulate their guidance, and hence the eventual
> accuracy, effectiveness, scope and resilience of that guidance.
> Providing
> guidance focused on a set of the common law would seem to inevitably
> leave
> any guidance vulnerable and only of restricted use to international
> business.
>
>
> Ian W
>
>> -----Original Message-----
>> From: This list is for those interested in Data Protection
>> issues [mailto:[log in to unmask]] On Behalf Of
>> DPCS Associates
>> Sent: 30 May 2004 23:26
>> To: [log in to unmask]
>> Subject: Re: Disclosure to defence solicitor
>>
>>
>> Have I completely lost the plot? Is this really a data
>> protection issue?
>> Please help.
>>
>> Caution, I have lacked group support on similar issues in the past,
>> however, it would be great to hear the views of members who
>> may or not agree
>> with my comments.
>>
>>
>> Freddie
>>
>>
>> ----- Original Message -----
>> From: "Rosemary Pattenden" <[log in to unmask]>
>> To: <[log in to unmask]>
>> Sent: Sunday, May 30, 2004 10:28 AM
>> Subject: Re: Disclosure to defence solicitor
>>
>>
>> In Z v Finland (1998) 25 EHRR 371 the European Court of Human
>> rights would
>> not have upheld a court order that compelled the applicant's
>> doctor to give
>> evidence of her HIV status in criminal proceedings against
>> her husband had
>> the questioning taken place in open court:
>>
>> "The interference with the applicant's private and family
>> life which the
>> contested orders entailed was thus subject to important
>> limitations and was
>> accompanied by effective and adequate safeguards against
>> abuse" para 103
>>
>> In the light of this, I think that cross-examination of a
>> witness about HIV
>> status without first seeking to have the court closed to the
>> public and a
>> fortiori establishing that the witness actually knows that s/he is HIV
>> positive, is an unjustifiable breach of article 8. Counsel
>> should not have
>> sought to put the questions in the circumstance that he did
>> and as soon as
>> the question was put to the witness, the judge should have
>> stopped counsel
>> and had a discussion about the questioning with counsel.
>>
>> Rosemary Pattenden
>>
>> -----Original Message-----
>> From: This list is for those interested in Data Protection issues
>> [mailto:[log in to unmask]] On Behalf Of ianwelton
>> Sent: 29 May 2004 20:00
>> To: [log in to unmask]
>> Subject: Re: Disclosure to defence solicitor
>>
>> Maurice Frankel on 28 May 2004 at 17:53 said:-
>>
>>> As Ian suggests, the DPA is not the only potential restraint on
>>> disclosure in such cases. The more substantial restriction is the
>>> common law obligation of confidentiality, which would
>>> normally apply to
>>> a patient's medical details. Section 35 wouldn't be relevant to that
>>> question.
>>
>> A strange situation when an older frame of law (common law)
>> which works by
>> exclusion (you can do whatever is not forbidden) should provide more
>> substantial restrictions protecting individual privacy where new laws
>> (HRA/DPA) ostensibly regulating by inclusion (do not intrude
>> into these
>> areas without good and specific cause) do not. That would
>> seem to indicate
>> the DPA fails at the first hurdle in meeting the Directive
>> requirements
>> where medical records are concerned. :- "1. In accordance with this
>> Directive, Member States shall protect the fundamental rights
>> and freedoms
>> of natural persons, and in particular their right to privacy
>> with respect to
>> the processing of personal data."
>>
>> Reverting to the earlier post by DREW Nic on 25 May 2004 at
>> 14:12 if the
>> common law confidentiality issues and legal procedure rules
>> were the only
>> protections for the individual when the witness was informed
>> they had HIV in
>> a witness box, then clearly such procedures and rules are
>> inadequate, unless
>> of course the solicitors/lawyers did not take notice of them
>> or were able to
>> claim exemptions for some reason.
>>
>>> The question of what is necessary for the legal action is really for
>>> the court to decide rather than for an NHS body which isn't
>> a party to
>>> the proceedings. Presumably this would normally be done in
>> accordance
>>> with the Civil Procedure Rules via a court order.
>>
>> Does the court no make a determination on relevancy to a case when the
>> material is presented to the court, after the solicitors/lawyers have
>> collected it and themselves determined if it meets the
>> necessary rules?
>>
>> Ian W
>>
>>
>>> -----Original Message-----
>>> From: This list is for those interested in Data Protection
>>> issues [mailto:[log in to unmask]] On Behalf Of
>>> Maurice Frankel
>>> Sent: 28 May 2004 17:53
>>> To: [log in to unmask]
>>> Subject: Re: Disclosure to defence solicitor
>>>
>>>
>>> As Ian suggests, the DPA is not the only potential restraint on
>>> disclosure in such cases. The more substantial restriction is the
>>> common law obligation of confidentiality, which would
>>> normally apply to
>>> a patient's medical details. Section 35 wouldn't be relevant to that
>>> question.
>>>
>>> When you disclose to the patient's own lawyers, you would
>> normally be
>>> doing so with the patient's consent - so no question of breach of
>>> confidence. From what you say, the disclosure seems to have
>>> been to the
>>> other side's lawyers, and the patient hasn't consented, which does
>>> raise the question of breach of confidence.
>>>
>>> The question of what is necessary for the legal action is really for
>>> the court to decide rather than for an NHS body which isn't
>> a party to
>>> the proceedings. Presumably this would normally be done in
>> accordance
>>> with the Civil Procedure Rules via a court order.
>>>
>>> Maurice Frankel
>>> Campaign for Freedom of Information
>>>
>>> On 28 May 2004, at 09:07, Ian Mansbach wrote:
>>>
>>>>> I have received a complaint from a patient that we have
>>> disclosed some
>>>>> medical information (relating to an attendance in our A & E
>>>>> department) to
>>>>> the defence solicitor in a court case in which he is taking legal
>>>>> action
>>>>> against his former employer.
>>>>>
>>>>> Have we done wrong here? S35 expemption in the DP Act states that
>>>>> personal
>>>>> data are exempt from non-disclosure provisions where the
>>> disclosure is
>>>>> necessary for the purpose of, or in connection with, any legal
>>>>> proceedings
>>>>> (ncluding prospective legal proceedings).
>>>>>
>>>>> It seems clear cut to me - but am I being too simplistic here -
>>>>> perhaps we
>>>>> should not have disclosed to "the opposition", so to speak.
>>>>
>>>>
>>>> John
>>>>
>>>> I am NOT a a lawyer but my understanding is that a court
>>> order is not a
>>>> prerequisite when applying the s.35(2) exemption. However,
>>> perhaps more
>>>> importantly, exemption from the non-disclosure provisions
>> of the DPA
>>>> does
>>>> not mean one is required to disclose. It just means you are not
>>>> prohibited
>>>> from disclosing by virtue of the non-disclosure provisions
>>> of the Act.
>>>> One
>>>> may have some other - very good - reason(s) for not
>>> disclosing personal
>>>> data (or at least not without consent or a court order)
>>> such as client
>>>> or
>>>> patient confidentiality.
>>>>
>>>> Ian Mansbach
>>>> Mansbachs
>>>> Data Protection Practitioners
>>>> [log in to unmask]
>>>> phone: 0871 716 5060
>>>> international: +44 (871) 716 5060
>>>>
>>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>>> All archives of messages are stored permanently and are
>>>> available to the world wide web community at large at
>>>> http://www.jiscmail.ac.uk/lists/data-protection.html
>>>> If you wish to leave this list please send the command
>>>> leave data-protection to [log in to unmask]
>>>> All user commands can be found at : -
>>>> http://www.jiscmail.ac.uk/help/commandref.htm
>>>> (all commands go to [log in to unmask] not the list please)
>>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>>>
>>>
>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>> All archives of messages are stored permanently and are
>>> available to the world wide web community at large at
>>> http://www.jiscmail.ac.uk/lists/data-protection.html
>>> If you wish to leave this list please send the command
>>> leave data-protection to [log in to unmask]
>>> All user commands can be found at : -
>>> http://www.jiscmail.ac.uk/help/commandref.htm
>>> (all commands go to [log in to unmask] not the list please)
>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>>
>>
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> All archives of messages are stored permanently and are
>> available to the world wide web community at large at
>> http://www.jiscmail.ac.uk/lists/data-protection.html
>> If you wish to leave this list please send the command
>> leave data-protection to [log in to unmask]
>> All user commands can be found at : -
>> http://www.jiscmail.ac.uk/help/commandref.htm
>> (all commands go to [log in to unmask] not the list please)
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> All archives of messages are stored permanently and are
>> available to the world wide web community at large at
>> http://www.jiscmail.ac.uk/lists/data-protection.html
>> If you wish to leave this list please send the command
>> leave data-protection to [log in to unmask]
>> All user commands can be found at : -
>> http://www.jiscmail.ac.uk/help/commandref.htm
>> (all commands go to [log in to unmask] not the list please)
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> All archives of messages are stored permanently and are
>> available to the world wide web community at large at
>> http://www.jiscmail.ac.uk/lists/data-protection.html
>> If you wish to leave this list please send the command
>> leave data-protection to [log in to unmask]
>> All user commands can be found at : -
>> http://www.jiscmail.ac.uk/help/commandref.htm
>> (all commands go to [log in to unmask] not the list please)
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|