Data protection in the context of the National Health Service (NHS) in the United Kingdom has been in the spotlight this week.
eWeek Europe reports today that the NHS has received a written warning from the Information Commissioner over a spate of recent data breaches concerning patients’ records. This warning letter will be backed up by spot-checks on hospitals to ascertain the state of compliance [note: there is no general power to enter premises in order to conduct spot-checks in the absence of a warrent under sch.9 of the Data Protection Act 1998. It is however understood that public sector bodies will not resist such a request, and the Coroners and Justice Bill 2009, noted by Datonomy here, contained proposals to extend the ICO’s rights of access].
An earlier report in The Guardian indicates that NHS patients will not be left to the mercy of that highly accident-prone body: those who are not satisfied with the NHS’ ability to protect their data will be allowed to delete some electronic record information from the national medical database. The NHS previously claimed that the cost of deleting individual summary care records would be too great.
One cannot but feel sympathy for the NHS. Increasingly under pressure regarding the quality of its healthcare, the limitations of its budget, the deficiencies of its computerisation and its lengthy battle against hospital-borne infections, its seeming inability to satisfy data protection requirements is just one more burden to bear. Perhaps if it can get just one thing right, this tottering giant of the public sector will begin to regain the confidence it needs if it is to regain the confidence of its users.