Lost USB? Hacked? What to do in the case of a data protection breach?

Despite all the best will in the world and processes in places, data breaches can happen. It can be as simple as a lost USB with patient information or a more sustained hacking attempt which affects only your clinic or you as part of a wider organisation which has been maliciously attacked. Informing the supervisoryContinue reading “Lost USB? Hacked? What to do in the case of a data protection breach?”

Health data – How long can / should I keep it?

Whether you are a data controller deciding which data should be used or a data processor in charge of keeping the health data in the cloud for example, how long you you should keep data for is something you should be proactively thinking about. The general principle is that you only keep it as longContinue reading “Health data – How long can / should I keep it?”

When can you (temporarily) skip the medical data protection?

Health data is by definition and function sensitive data, but as anyone seeing patients knows, it is not always practical to get consent when treating a sick patient. It is not necessary to encrypt or anonymise patient data if: The patient as given express consent. It is in the vital interest of the patient, andContinue reading “When can you (temporarily) skip the medical data protection?”

Sharing & transferring health data.

When you share patient data as a doctor, for example, referring your patient to a cardiologist colleague, you are ‘disclosing personal data’. You don’t have to disclose the transfer of the information to the patient or data subject if you are still respecting professional confidentiality. The receiver or recipient of this data then becomes theContinue reading “Sharing & transferring health data.”

GDPR and fitness apps.

Do you own a fitness tracker? Or even just activate the steps counter on your phone? Most of us have used some sort of health or fitness app, whether to go running or record more intimate details. Most of us have also ticked all the terms and conditions automatically. To comply with GDPR, the informationContinue reading “GDPR and fitness apps.”

GDPR and health data – the questions you need to ask as a doctor.

As a doctor, I have always been very aware of the importance of patient confidentiality. Not only for ethical or legal reasons but also for purely practical purposes. If you don’t have all the information you can’t make the right decisions, and you will only get all the embarrassing information if patients are confident itContinue reading “GDPR and health data – the questions you need to ask as a doctor.”