- The Act was passed on the 1st March 2000, and replaces the previous 1984 Act.
- While much of the Act remains the same, the coverage have now been extended from just computerised records, to include the records held in manual filing systems and CCTV footage.
- The Act can be described as 'regulating the processing of personal data relating to individuals, including the obtaining, holding, use or disclosure of such information'.
- Personal data relates to living individuals, who can be identified from that data. This could include demographic data such as names, addresses and dates of birth, but also sensitive data such as physical or mental health or condition, racial or ethnic origin or religious beliefs. Forthe NHS Trust this data is often about patients, but can also refer to staff or others, such as those mentioned in next of kin details.
The Act has eight principles - personal data shall:
- Be processed fairly and lawfully (subject to certain schedules)
- Be obtained only for specified and lawful purposes, and not further processed in any manner incompatible
- Be adequate, relevant and not excessive
- Be accurate and where necessary kept up to date
- Not be kept for longer than is necessary
- Be processed in accordance with the data subject's rights
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing, accidental loss, destruction or damage to personal data
- Personal data shall not be transferred to a country or territory outside the European Economic Area (EEA) unless there is adequate protection in place
Accessing medical records
Barnet and Chase Farm Hospitals NHS Trust has procedures in place for giving access to Medical Records to people and organisations who have authority to receive a copy.
Is this a legal requirement?
Yes, a data subject (person the information is about) or legal representative has the right to apply for access to a copy of information held about them.
How can I access my health records?
Why do you ask for my personal information?
To ensure you receive proper care and treatment and to meet certain statutory obligations.
Why do you keep this information?
This information is kept, together with details of your care, because it may be needed if you require treatment again.
How are my records used to help the NHS?
We may use some of your information to help us:
- Protect the health of the general public
- Ensure our services meet patient needs in the future
- Pay the hospital, your dentist and GP for the care and treatment they provide
- Audit accounts and services within the NHS
- Investigate legal claims, complaints or untoward incidents
- Train and educate our staff
- Monitor clinical practice
- Provide anonymised statistics on the NHS performance and activity
- Undertake research and development
The Local Research Ethics Committee (LREC) approves research undertaken. Your consent will be sought should any identifiable information be necessary.
Do you disclose my information?
Your information may sometimes be disclosed as a requirement of the law, for example the notification of a birth.
Your information may also be disclosed to other non-NHS organisations you may be receiving care from.
All NHS staff have a legal duty to maintain confidentiality. Non-NHS staff who have received information from us, also have a duty to keep it confidential.
We would only share information about you if there is a genuine need, thus allowing us to work together for your benefit.