Data Protection for Medical & Healthcare
The GDPR was enacted into UK Law as the Data Protection Act 2018. It imposes legal obligations on medical and healthcare organisations around how they must manage and process personal data.
The new legislation complements the NHS Data Security and Protection Toolkit (DSPT) and requirements for Caldicott Guardians. It gives the Information Commissioner’s Office (ICO) powers to impose significant financial penalties for non-compliance.
This, along with the increased focus on data collection and developments in AI for healthcare, are making the need for robust personal data protection practices essential.
This page explains what the new legislation means for medical and healthcare organisations and the key areas they need to consider when managing and protecting personal data.
WHAT DOES THE LEGISLATION MEAN FOR MEDICAL AND HEALTHCARE ORGANISATIONS?
Like all other organisations, medical and healthcare organisations must:
- Access the data stored on them
- Ensure it is correct and modify it as necessary
- Have it deleted (unless needed for legitimate reasons)
- Are a public body
- Process data on a large scale especially special category data or data relating to criminal convictions
- Use the data for automated decision making
“I became acquainted with The DPO Centre through one of their Data Protection Officers (DPO) who acts as outside DPO for one of our US-based clients. We were negotiating a DPA for a unique trial his client is conducting in the EU which utilizes my company’s mobile research services. The DPO I had the pleasure of working with on that project is one of the best DPO/counsels I have worked with when it came to thoughtfully negotiating through a clinical trials-DPA, given his great knowledge of the GDPR and the crossover with clinical trials regulations in both EU & UK. He’s also just a solid, nice person, and I have greatly enjoyed and am very grateful to have him across the table to get the trials up and running.”
Professional Case Management
IMPORTANT DATA PROTECTION CONSIDERATIONS FOR MEDICAL AND HEALTHCARE
Medical and healthcare organisations must protect personal data across all of their operations and be aware of multiple regulations. Major considerations include:
Complementary regulations, guidance and inspections
Marketing, communications and consent management
Sharing data with others
Managing sensitive information
Data gathering for predicting clinical outcomes
Patient facing care and getting the job done
Care management systems and medical records
Fill in your details below and we’ll get back to you as soon as possible
DATA PROTECTION SERVICES FOR SECTORS
“Our DPO from the DPO Centre has been excellent. They are happy to answer any questions we have, and have been a great sounding board for our Information Governance team which has supported all the great work the team does. By helping to provide a clear and prioritised plan of action, our DPO has ensured that we stay on track to meet our compliance goals.”
PCCTC Contracts Manager
“By having The DPO Centre take responsibility for the role of GDPR representative for the PCCTC we are confident we are meeting the legal requirements of the GDPR.
The DPO Centre’s team are always on hand to answer any queries we may have and to help us respond to any Data Subject Access Requests from any trial member across the EU.”