WGPlus (Archive)

NHS must care for patients AND their confidential medical records

The Information Commissioner has welcomed a change in the law that will give his office the right to force NHS authorities to be audited for compliance with the Data Protection Act.  Compulsory audits have previously only applied to central government departments.  The audits review how the NHS handles patients' personal information, and can review areas including security of data, records management, staff training and data sharing.

The ICO will be able to assess data protection by NHS foundation trusts, GP surgeries, NHS Trusts and Community Healthcare Councils, and their equivalent bodies in Scotland, Wales and Northern Ireland under section 41A of the DP Act.  The new legislation will not apply to any private companies providing services within public healthcare.

Researched Links:
7-Step Guide Inspired by the UK Management of Risk in Government Framework