>Does anyone have a model "confidentiality clause" that could be used -
>by making people accessing data on the computer read and sign so that
>they understood that legal action etc could be taken against *them* if
>information disclosed or used improperly. My staff contracts have
>reference to confidentiality and include the computer use specifically.
The problem is surely that if you allow the data to be passed on digitally,
via links, PCG datasets whatever, then you are going to have an impossible
job proving just who it was that leaked the data (due to exact digital
copies). You may find that a court takes the view that the person who was
charged with maintaining the confidence was you, and that the fact that info
had leaked was prima facie evidence that you had failed to do so!
Maybe we need to go back to the patient on this one. How about asking the
patient for explicit consent at new registration. Would be a marvelous tool
to deny access to public health, PCG board etc if your patient had
explicitly refused consent to share their data (annonymised or not) with
these orgs.
Paul Galloway
MedWeb UK Ltd. http://www.medweb.co.uk/
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|