Data Protection Act 2018: Difference between revisions
(Created page with "{{Legislation |Type=UK Public General Act |Year=2018 |Number=12 |Subject=Miscellaneous legislation |Summary=Data protection legislation. |News=No |RSS pubdate=2021/09/29 09:08...") |
No edit summary |
||
| Line 5: | Line 5: | ||
|Subject=Miscellaneous legislation | |Subject=Miscellaneous legislation | ||
|Summary=Data protection legislation. | |Summary=Data protection legislation. | ||
|Detail===Health records== | |||
The general rule is that the relevant GDPR provisions "do not oblige a controller to disclose information to the data subject to the extent that doing so would involve disclosing information relating to another individual who can be identified from the information" ([https://www.legislation.gov.uk/ukpga/2018/12/schedule/2/enacted sch 2] para 16(1)). | |||
That general rule does not apply where "(a) the other individual has consented to the disclosure of the information to the data subject, or (b) it is reasonable to disclose the information to the data subject without the consent of the other individual" (sch 2 para 16(2)). | |||
In relation to that exception, "it is to be considered reasonable for a controller to disclose information to a data subject without the consent of the other individual where ... the health data test is met" (sch 2 para 17(1)). | |||
This health data test is met if "(a) the information in question is contained in a health record, and (b) the other individual is a health professional who has compiled or contributed to the health record or who, in his or her capacity as a health professional, has been involved in the diagnosis, care or treatment of the data subject." | |||
Further details including definitions of terms can be found in Schedule 2 of the Act. | |||
|External links=* [https://www.legislation.gov.uk/ukpga/2018/12/schedule/2/enacted Schedule 2 (Exemptions etc from the GDPR)] | |||
|News=No | |News=No | ||
|RSS pubdate=2021/09/29 09:08:59 AM | |RSS pubdate=2021/09/29 09:08:59 AM | ||
}} | }} | ||
Revision as of 09:22, 29 September 2021
Health records
The general rule is that the relevant GDPR provisions "do not oblige a controller to disclose information to the data subject to the extent that doing so would involve disclosing information relating to another individual who can be identified from the information" (sch 2 para 16(1)).
That general rule does not apply where "(a) the other individual has consented to the disclosure of the information to the data subject, or (b) it is reasonable to disclose the information to the data subject without the consent of the other individual" (sch 2 para 16(2)).
In relation to that exception, "it is to be considered reasonable for a controller to disclose information to a data subject without the consent of the other individual where ... the health data test is met" (sch 2 para 17(1)).
This health data test is met if "(a) the information in question is contained in a health record, and (b) the other individual is a health professional who has compiled or contributed to the health record or who, in his or her capacity as a health professional, has been involved in the diagnosis, care or treatment of the data subject."
Further details including definitions of terms can be found in Schedule 2 of the Act.
External links
Full text: Legislation.gov.uk
Type: UK Public General Act🔍
Year: 2018🔍
Number: 12
Subject: Miscellaneous legislation🔍
What links here: