Information rights
Good information handling provides a range of benefits as well as helping you to comply with the Data Protection and Freedom of Information Acts. We have produced guidance for senior managers about taking a positive approach to information rights.
Data protection – looking after the information you hold about patients
If you handle and store information about identifiable, living people – for example, about patients – you are legally obliged to protect that information.
Under the Data Protection Act, you must:
- only collect information that you need for a specific purpose;
- keep it secure;
- ensure it is relevant and up to date;
- only hold as much as you need, and only for as long as you need it; and
- allow the subject of the information to see it on request.
Find out more about your data protection obligations.
Your patients have rights to see their personal information. They can make a subject access request to see the personal information you hold about them. We have produced guidance about how to deal with subject access requests for health records.
You can find help on your obligations regarding the storing and release of any professional opinions you supply.
We have also produced guidance on health data: use and disclosure.
Notification with the ICO
If you handle personal information, you may need to notify as a data controller with the Information Commissioner’s Office. Notification is a statutory requirement and every organisation that processes personal information must notify the ICO, unless they are exempt. Failure to notify is a criminal offence. See our page Do I need to notify and how do I maintain my register entry? for more information.
Violent warning markers
Violent warning markers are a way of identifying individuals who may pose a risk to members of your staff – they are usually a flagged piece of text attached to an individual’s file. See our guidance on how to manage the use of violent warning markers and remain compliant with the Data Protection Act.
Employment
If you are an employer, you are obliged to protect your employees’ personal information. For more information, see our section on employment here; our Quick Guide to the Employment Practices Code gives practical advice on handling employees’ personal information, on monitoring at work and on employees’ rights. You will also find help on your obligations regarding the storing and release of any references you supply.
Freedom of information – making public information available
The Freedom of Information Act means that public authorities must disclose official information when people ask for it (unless there is a good legal reason not to), and they must reply within 20 working days. Find out about your freedom of information obligations.
If the establishment you work in is a public authority, the Freedom of Information Act means you must produce a publication scheme, which outlines the information you will routinely make available to the public - such as minutes of meetings, annual reports or financial information. Find out about the obligations of health practitioners. To help you do this, we have provided a definition document.
Medical records of the deceased
Health organisations often get freedom of information requests relating to the medical records of the deceased. There are no special exemptions under the Freedom of Information Act about the deceased, but you do need to consider whether the information is sensitive. See our guidance about access to information about the deceased. The ICO has ruled on a similar request, although every decision is made on a case by case basis. There is also a decision notice for this case.
Health and Safety
Some information may be exempt from release under the Freedom of Information Act if it would be likely to endanger people’s health and safety. For more information, see our guidance.
Summary Care Record
The ICO has been involved in discussions with Connecting for Health regarding the roll-out of the Summary Care Record. Given the level of interest from both the general public and health professionals, we will publish our meeting notes of these discussions here.
Meeting note – 18 May 2010
Meeting note – 18 November 2010