Legal Basis for Information Sharing. 3.1 The sharing of information via the MIG must be in accordance with legal requirements designed to protect the privacy, confidentiality and security of patient records.
3.2 Viewing organisations must ensure that all legal requirements have been met before they allow qualified clinicians to view the summary data from the GP record via the MIG.
3.3 The First Data Protection Principle (DPP) requires that “personal data shall be processed fairly and lawfully, and requires that at least one condition from Schedule 2 of the Act must be satisfied. In addition, for sensitive personal data, like healthcare data, at least one condition from Schedule 3 of the Act must be satisfied.
Legal Basis for Information Sharing.
Article 6(1) (c) – Statutory Obligation
Article 6(1) (e) - Public Task/Official Authority Article 6(1)(a) – Consent
(a) Explicit Consent
(b) Social Protection Law Article 9(2)(g) – Substantial Public Interest
Legal Basis for Information Sharing. 5.1 Article 6 of the General Data Protection Regulations outline six lawful basis’ for sharing information. One of these must apply whenever personal data is processed:
Legal Basis for Information Sharing. Do the legal bases in the ISA cover all the parties? Is the information which is shared by the parties in accordance with the ISA? Is the contact list up to date and accurate? How are the parties keeping a record of what information has been shared? Random samples of the information shared could be checked against the source record to see if there is evidence of the information sharing.
Legal Basis for Information Sharing. There is legal provision which permits this information sharing, described below. Data Protection Xxx 0000: permits sharing with data subject consent. The Data Protection Directive on which the UK’s Data Protection Act is based defines ‘the data subject’s consent’ as: ‘any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed’. The Data Protection Act also permits sharing, without explicit consent, where necessary for exercising statutory functions, monitoring equality of opportunity, or where sharing is necessary to protect the individual’s “vital interests”. Crime and Disorder Xxx 0000: permits sharing where information exchange is necessary to prevent crime or disorder. This may include details of geographical restrictions on a client; risks posed to individuals in temporary or supported accommodation or to certain groups e.g. children.
Legal Basis for Information Sharing. 2.2.1 Legislative and other provision including: Access to Health Records 1990 Access to Medical Reports 1988 Children Act 1989 and 2004 Civil Contingencies Act 2004 Common Law Duty of Confidentiality Crime and Disorder Act 1998 Criminal Justice and Police Act 2001 Data Protection Act 1998 (DPA98) Data Protection (Processing of Sensitive Personal Data) Order 2000 Education Act 2002 Freedom of Information Act 2000 Human Rights Act 1998 Mental Health Act 1983 and 2007 Mental Capacity Act 2005 NHS and Community Care Act 1990 Protection of Children Act 1999 Special Educational Needs and Disability Act 2001 Youth Justice and Criminal Evidence Act 1999
Legal Basis for Information Sharing. Information sharing protocols (strategic level) and information sharing agreements (managerial and operational level) are about business processes, legalities and being able to understand what each of the partners/agencies is able to bring to the integrated working process.
Legal Basis for Information Sharing. There are various Acts which contain expressed or implied powers to share information for safeguarding. The Act which is most relevant and gives the statutory framework under which the DSCP operates is the Children Act 2004 (as amended by Children and Social Work Act 2017) However, in sharing and disclosing personal information this must be done in compliance with other legislative provisions. Those which are most relevant include: • Data Protection Act 2018 (DPA2018) • General Data Protection Regulations (GDPR) • Data Protection Act 2018 (DPA 2018) • The Human Rights Act 1998 • The Common Law Duty of Confidence • Crime and Disorder Act 1998 • Criminal Justice Act 2003 • Mental Capacity Act 2005 • Criminal Procedures and Investigations Act 1996 Safeguarding is a task carried out both in the public interest and in the exercise of official authority vested in it. The lawful basis for processing information under the GDPR and the DPA2018 are as follows:
Legal Basis for Information Sharing. A number of Acts contain expressed or implied powers to share information for the purpose of safeguarding. The Act which is most relevant and gives the statutory framework under which the LSAB operates is the Care Act 2014. However, in sharing and disclosing personal information this must be done in compliance with other legislative provisions. Those which are most relevant include: • Data Protection Act 2018 (DPA 2018) • General Data Protection Regulations (GDPR) • The Human Rights Act 1998 • The Common Law Duty of Confidence • Crime and Disorder Act 1998 • Criminal Justice Act 2003 • Mental Capacity Act 2005 • Criminal Procedures and Investigations Act 1996 Safeguarding is a task carried out both in the public interest and in the exercise of official authority vested in it. The lawful basis for processing information under the GDPR and the DPA 2018 are as follows:
Legal Basis for Information Sharing
