Opt-out model 'not legal under EU law'
The opt-out consent model being implemented in the rollout of the electronic care records is 'unethical' and 'illegal' under European law, an international legal expert has told MPs.
Professor Douwe Korff, professor of international law at London Metropolitan University, said the implied consent model broke EU data protection legislation and would be challenged in the European courts.'If data is disclosed to third parties you will need consent or it will be illegal under European law,' he warned, giving evidence to the health select committee inquiry into the electronic patient record last week.'The EU Data Protection Directive specifically prohibits the processing of personal data concerning health in general unless the data subject has given his explicit consent to the processing of the data. Opt-out solutions will not meet the requirement of being explicit.'Professor Korff said the Government's plans to use pseudonymised' patient records in the secondary uses service for research purposes would also contravene EU law.'When data is so flimsily anonymised, in my way of thinking it remains personal data and therefore cannot be used without consent,' he said.However, Jonathan Bamford, assistant information commissioner, speaking for the Information Commission, told MPs that he strongly disagreed with Professor Korff's assessment.'There is a basis in UK law for doing what we are doing,' he said. 'If there is an issue with UK data protection laws, then that would be a matter for the new Ministry of Justice to look into.'A spokesperson for Connecting for Health said consent procedures complied with the Data Protection Act.'The EC Directive on Data Protection was brought into force in the UK through the Data Protection Act,' he said. 'Legal advice obtained by the Department of Health is that the implementation of the Summary Care Record is lawful.'Dr Peter Gooderham, a tutor at Cardiff Law School and former GP who submitted written evidence to the health select committee inquiry, warned any form of consent was likely to be illegal unless patients were properly informed of the risks of sharing data.'I think there is a huge danger of breach of confidentiality, and once the danger of breach of confidentiality exists, then it seems to me the whole project is inconsistent with the law,' he said. 'People who give consent for use of their data in this way must understand the significant limitations on security. If it's not spelled out for them, then I would argue the consent becomes invalid anyway.'
Why I support IT campaign
Dr Neil Bhatia, a GP in Yateley, Hampshire: 'I suspect many patients have absolutely no idea their uploaded records would be used for research purposes, let alone not anonymously.'Dr Jonathan Eastwood, a GP in Pontefract, West Yorkshire: 'I absolutely agree with your campaign, I hope it receives the support it deserves.'
Dr Stuart Lawson, a GP in Batley, West Yorkshire: 'Staff in Choose and Book call centres are poorly trained. Patient care is affected and mistakes are being made.'Dr Bhagwan Maudgil, a GP in Maidenhead, Berkshire: 'Choose and Book is a waste of time and money. Instead of helping the patients it puts them off.'The campaign