The Department of Health (DoH) has revealed plans that aim to strengthen controls and safeguards on the use of an individual’s health and care data.
The government has opened a consultation that closes on 8th August 2014 for the public to express their opinions on proposals that local organisations will have the ability to create “safe havens” for health care data.
This would give certain bodies the right to gather, use and share sensitive information in certain circumstances that would be subject to privacy safeguards.
The secure havens would have to be accredited by the Secretary of State for Health and will allow strictly controlled access to information from peoples’ personal care records which could be used to identify an individual.
At a national level, the Health and Social Care Information Centre (HSCIC) will still be responsible for holding identifiable data and the plans are said to be separate, but complementary, to the controversial care.data scheme.
“Our vision is that Accredited Safe Havens (ASHs) will provide a secure environment within which data that could potentially identify individuals can be lawfully processed for a limited range of approved purposes, under controls that minimise reliance upon identifiable data and constrain how the data is processed in the ASH,” claims a DoH document containing the proposals.
It also notes that if individuals object to their data being used the ways outlined, objections will be respected and their data will not be used.
“The purposes that information is used for are clearly very important. While most people obviously support information sharing for good quality care, we have heard a lot of concern about individuals’ confidential data being provider to insurance companies or other commercial bodies,” claimed Dr Dan Poulter, Parliamentary Under Secretary of State for Health.
“We intend to make it clear, through regulations, that there must be no abuse of trust and that information collected for important purposes like commissioning or delivering public services will be used appropriately and subject to strong security controls,” he added.
Such controls would include mandatory reporting of any data breaches or loss of data and ASHs must only use the minimum data necessary for their purposes to minimise the risk of damage should the information fall into the wrong hands.