Tag: Baroness Byford

The below Parliamentary question was asked by Baroness Byford on 2014-05-07.

To ask Her Majesty’s Government whether persons whose National Health Service data has been compromised are informed of that fact; and, if so, what remedy or compensation is available to them.

Earl Howe

National Health Service organisations are individually responsible for managing incidents where patient data has been compromised. Guidance provided by the Health and Social Care Information Centre is that data subjects should be informed when personal data about them has been lost or inappropriately placed in the public domain, unless the cost of doing so would be prohibitive or the risk to those concerned is judged to be minimal. Where there is any risk of identity theft it is strongly recommended that this is done.

There are no central guidelines on remedies or compensation. Individuals whose data has been compromised may make a complaint through local NHS complaints procedures or if they believe that an incident resulted from a breach of data protection requirements they may report this to the Information Commissioner. In some circumstances individuals might seek redress through the Civil Courts.

The below Parliamentary question was asked by Baroness Byford on 2014-05-07.

To ask Her Majesty’s Government whether they have considered strengthening National Health Service data confidentiality by removing the final digit of the postcode from each anonymised patient record uploaded from hospitals, general practitioner practices and other NHS bodies.

Earl Howe

Anonymised records cannot include the last three digits of a postcode and would generally not include postcodes at all. A postcode is sometimes needed for analytical purposes, for example to calculate distances from a specific point such as a hazard but where this is the case, the data cannot be classed as anonymised and so there must be a clear legal basis for its use.