Health Column: Understanding healthcare data and consent
Last month a new law came into force that affects businesses around the world who offer services to European citizens.
The law is called the General Data Protection Regulation or GDPR.
Whilst you may not have heard of it, there is no doubt that you will have already noticed its impact with email inboxes full of companies desperate to keep your business. As healthcare providers, we too are feeling the impact of GDPR as it champions your right to enjoy a private life.
So, what are these rights?
As you might expect, information that we collect and hold about your health is regarded as being particularly sensitive. Your fundamental right is to understand what information we collect about you, what right we have to collect it, how we use it and who we share it with. Whilst healthcare providers across the nation already have notices in place to inform you of this, from now on many will be making this clearer to understand and easier for you to access. For example, you may notice leaflets in the GP waiting room, notices on websites or on social media. It’s worth taking the time to read these notices so that you can exercise your other rights around the GDPR.
Once you know what information we hold about you, it’s important to know that you can access this information, request errors to be amended or even restrict our use of the information where you contest the accuracy or right for us to hold it. According to the new law, you have a right of access within one month of us receiving your request, although this can be extended by a further two months where the request is seen as excessive or unfounded.
If you do request access to your record, we don’t need to know why you want access but it is helpful for us to understand what you want to see. Bearing in mind that we hold health information about you that spans your entire life and may refer to other people, narrowing a request down to a specific piece of information will reduce the work we have to do to help you to see your record. You see, we also have an obligation to protect the privacy of others so before you can access your record we need time to remove comments about other people. It also makes it easier for you if your request is clear. For example, there is no point getting a 1000 page print out of your medical record when you just wanted to remember a consultation from last month.
Thankfully, we now have computerised records which makes it easier for us to transfer your electronic medical record to a new GP if you decide to switch practices, as per your new right to data portability. However, I’m afraid your paper records still get sent via NHS snail mail.
Finally, I’d like to add a thought for you to consider. Just think, if your GP is busy reviewing your medical notes because you requested access, then he or she is less available to see ill people. They can’t do two jobs at once.
Please, exercise your rights with caution.