Health Protection and Data Protection in the NHS

5th July 2021 Media Law

At the heart of the most challenging year period for the UK in generations has been the National Health Service.

Whilst politicians have debated the overall direction of efforts to combat the coronavirus pandemic, GPs and nursing staff have been very much on the front line, making incredible efforts to keep those afflicted by Covid-19 alive.

The workload undertaken by the NHS is immense. Together with the tremendous physical outputs - the treatment provided - that work generates huge amounts of data.

Needless to say, like every other charity, public and private sector organisation, the NHS has a responsibility to ensure that data is safeguarded effectively.

Yet figures published by the data regulator, the Information Commissioner's Office (ICO) illustrate how even before the pandemic struck, the Health Service was experiencing problems doing so.

In fact, as I've been telling Shaun Lintern, Health Correspondent of The Independent newspaper, the ICO's statistics illustrate that there were more data breaches across the NHS than another sector during the 12 months to April last year.

Ninety per cent of the more than 2,000 incidents recorded were due to staff mistakes rather than criminal activity, such as hacking.

Whilst there were nearly 800 cases in which confidential medical information was sent to the wrong individuals, verbally disclosed, lost or stolen.

There were also 10 incidents in which patients' files had been deliberately altered.

No-one is under any doubt about the very intense pressures on the NHS. However, data breaches - whether the result of error or something more sinister - can often have devastating consequences for those affected.

Myself and my colleagues at JMW have dealt with a rapidly rising number of complaints from victims of such incidents.

More than the fact that often sensitive details are either mislaid or sent to complete strangers, these men and women are concerned about what happens to that information when it's in the wrong hands.

After all, identity theft is one reason why the authorities, such as the ICO, are determined to police data in a vigorous manner.

That is why there have been severe sanctions in place since the introduction of the General Data Protection Regulation (GDPR) three years ago.

Organisations like the NHS which handle personal data are required to protect it against “unauthorised or unlawful processing and against accidental loss, destruction or damage”.

Any shortcomings can result in large fines and even criminal prosecution.

Such failures will rightly not change the perception of the very positive contributions made by medical professionals in the UK and further afield - and not only in the last 15 months.

Nevertheless, it is important that those whom they treat not only feel safe in their care but that their information is protected with just as much dedication.

We're Social

Dominic Walker is a Solicitor located in Manchesterin our Media Law department

View other posts by Dominic Walker

Let us contact you

View our Privacy Policy

Areas of Interest