I wonder if I may have the benefit of the considerable experience on this
forum.
Mentioning no names...
An organization (NHS) has used a system developed initially by a consultant
(medical) who then set up a business supplying the system and is no longer a
consultant - this part is fine. The system has been in use for a few years
with only very basic terms and conditions in force. When renewal of the
licences became due the organization decided not to go ahead on cost grounds
- a very significant increase was tabled.
On requesting the information held in the database (medical details and
images) to be released so that it could be imported into something else, the
company concerned refused, and stated that the database is "proprietary" and
export of the information will cost a significant amount of money.
The information is not critical, but might be needed for case review
purposes.
I wonder what people's views are on:
1. The right to charge for access to the data controller's own data
2. The refusal to allow access to medical information and the issues that
may bring.
Any views would be most welcome. For what it is worth I feel that there is
no right to refuse access to the data and at the very least the proprietary
data should be made available so that in-house developers can get at it. As
they are a data processor, they have no rights to hold the information in
any form, beyond that which the controller authorized.
Thanks in advance.
Simon Howarth.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|