Tasty Morsels of EM 099 – #FRCEM Data Protection confidentiality and FOI

1 Aug

I’m entering a few months prep for the UK and Ireland exit exam in Emergency Medicine: the FRCEM. I’ll be adding lots of little notes on pearls I’ve learned along the way. A lot of my revision is based around the Handbook of EM as a curriculum guide and review of contemporary, mainly UK guidelines. I also focus on the areas that I’m a bit sketchy on. With that in mind I hope they’re useful.

You can find more things on the FRCEM on this site here

This is prime material for the management viva of course but no reason why it couldn’t appear on the SAQs. Confusingly for is in Ireland, we have our own data protection act, also from 1988… you would have thought there was enough going on with the Berlin wall and all that…

What are some principles of the Data Protection Act 1988 (UK)?

  • read the source
  • data protection principles
    • used fairly and lawfully
    • limited, specific purposes
    • adequate, relevant and not excessive
    • kept for no longer than necessary
    • kept safe and secure
    • not transferred outside the EEA without due protection
    • stronger protections apply for things like health records
  • Within health care (MPS factsheet)
    • parties or consented nominated people can request access to health records
    • clarify which part of the record the nominee has consent to – one attendance or everything?

When not to release data even to the patient or representative? Kids?

  • Where the information released may cause serious harm to the physical or mental health or condition of the patient or any other person
  • Where access would disclose information relating to or provided by a third person, this would not be a health professional who had not consented to that disclosure.

What are Caldicott principles?

  • came out of the Caldicott report as everyone panicked about Donald Trump posting everyone’s health records on twitter… or something like that…
  • from the NHS summary
    • 1) Justify the purpose for using confidential information
    • 2) Don’t use personal confidential data unless it is absolutely necessary
    • 3) Use the minimum necessary personal confidential data
    • 4) Access to personal confidential data should be on a strict need-to-know basis
    • 5) Everyone with access to personal confidential data should be aware of their responsibilities
    • 6) Comply with the law
    • 7) (NEW!) The duty to share information can be as important as the duty to protect patient confidentiality
  • The Caldicott guardian in the organisation is a senior person responsible for information governance within the organisation

When do we break confidentiality to report gun and knife crime?

  • Recently updated GMC guidance
  • previously the interpretation generally was that reporting was a statutory requirement for all gun and knife crime
  • gunshot wounds presenting to the ED should normally be reported to the police
  • similar reporting applies to knife wounds (although not accidental or self harm) and also where other weapons may have been used
  • importantly the GMC makes clear that the doctors have some discretion here based on their judgment of the public interest involved and how the patient may be harmed indirectly by dislclosure
  • in the initial report to police the patients name should not normally be used
  • if the patient declines to speak to the police when they arrive this should be respected
  • overall doctors are encouraged to consider the public interest in reporting serious assaults
  • Adrian Boyle has written an excellent piece reflecting on this.

What is the freedom of information act and how does it affect us?

  • in the UK the freedom of information 2000 act
  • some general points (see the NHS england page on it)
    • anyone can make a request to a public body (eg the NHS)
    • it must be in writing
    • it shouldn’t go over the £600 limit
    • it has to very specifically identify the information requested
    • a reason does not have to be provided for the request
    • 20 working days is the time limit for a public body to reply
    • there are lots of exemptions including
      • personal information (eg health records)
      • court documents

When can we justifiably break patient confidentiality?

  • Legal
    • court order
    • the GMC investigating fitness to practice
    • the coroner
    • statutory responsibilities
      • notifiable diseases
    • police requests
      • related to terrorism
      • providing the identity of a driver in a traffic offence
  • Public interest
    • see the section on knife crime above
    • disclosure to DVLA may come under this


2 Replies to “Tasty Morsels of EM 099 – #FRCEM Data Protection confidentiality and FOI

  1. Hi Andy

    Apologies for some reason I called you Neil on one of my posts. Massive bandwidth burnout :-). Under freedom of information it should read 600 GBP I believe, and the I think it’s called the Freedom of Information Act 2000 and came into effect in ‘full force’ 1 Jan 2005 for public bodies.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.