FHC EXPLAINS GDPR
Maintaining trust in how we store and process client medical data is crucial to the relationships between Forensic Healthcare Services, Expert Clinicians and Instructing Parties.
Do you have questions about GDPR and medical records? We’ve reviewed the new legislation to hopefully answer some of your questions.
- What is GDPR?
The General Data Protection Regulation (GDPR) comes into force on 25th May 2018. It’s an EU Directive that applies to all Member States, and it intends to:
- strengthen accountability
- enhance individuals’ rights
- give people greater control over their data
Currently, the UK relies on the Data Protection Act. The new legislation will supersede it and cover new and unforeseen ways of using data. Organisations that process and control personal data will have new responsibilities.
Although the UK intends to leave the EU, it has also signalled its intention to mirror the EU Directive. The Data Protection Bill was adopted in 2016 and had its first parliamentary reading in August.
- What is changing?
- Organisations must show they are compliant with its principles
- There is a more expansive definition of personal data
- The right to access personal data and know how it is used
- The right to have personal data erased and forgotten when there is no compelling reason to use it
- The right to have personal data moved from one controller to another in a safe and secure manner
Consent changes include:
- When consent is the basis for processing data, there must be explicit consent for each purpose of processing
- Data controllers must keep records of consent and the context of its provision
- It must be as easy to withdraw consent as it is to give it
- Blanket consent is no longer sufficient. It must be specific and informed
- How are Forensic Healthcare services preparing for GDPR?
We handle client medical records for defence solicitors, prosecuting police forces and insurance companies. We understand our responsibility to handle your sensitive information with respect. We have ISO 9001:2015 quality certification and are compliant with the Data Protection Act. Robust safeguards are in place to maintain your confidence and trust in Forensic Healthcare Services. We will have robust consent and data control in place and our Data Protection Manager will track fully our compliance and ensure all operators understand their obligations.
Please refer to the Information Commissioner’s Office for detailed information about this legislation.