Wednesday, September 4, 2019
Overview of the Data Protection Act
Overview of the Data Protection Act Task 2 For the purpose of this task. I am going to do the following: I am going to discuss the Data Protection Act. I am going to discuss what the data protection is. I am going to discuss the rights to a persons personal protection. I am going to look at the aims to their rights. I will identify the rights of people in relation to the data protection, and give eight samples. I will look at when these rights do not apply. I will discuss how a person can have access to their details. I will discuss the role of the Data Commissioner. I will also discuss the role of the Data Receiver. The role of the Data Controller will also be discussed. I will give two examples of breach of data legislation relating to healthcare. 1. What is Legislation? Legislation governs communication in Ireland concerned with communication freedom of information act. It was amended in 2003 and is called the Data Protection Act. What is the Data Protection When you give personal details to an organisation or individual, they have a duty to keep these details private and safe. This process is known as Data Protection. They refer to organisations or individuals who control the contents and use of a persons details as data controllers. Most people give information about themselves to groups such as Government bodies, i.e, banks, insurance companies, medical professionals and telephone companies to use their service or meet a certain source. Under data Protection Law, you have the rights regarding the use of these personal details and data controllers have certain responsibilities in how that handle this information. Identify the rights of people in relation to Data Protection: The right to have your details used in line with Data Protection Regulations. The right to information about your personal details. Thee right to prevent the use of your personal details. The right to change or remove your personal details. The right to remove your details from a direct marketing list. The right to refuse direct marketing calls or mail. The right to object. The right to freedom from automated decision making. When have you the right to Data Protection? You Have the right to Data Protection when your details are: Held on a computer. Held on paper or other manual form as part of a filling system. Made up a photograph or video recordings of your image or recordings of your voice. What are the aims of these rights? Data Protection rights will help you make sure that the information stored about you is Factually correct. Only available to those who should have it. Only used for stated purposes. When do Rights not Apply? The rights does not apply, however, in a small number of cases, where it could harm certain interests for example, when someone ids investigating an offence. How do I request access to my details? You can ask for a copy of all your personal details by writing to any organisation or any You can also ask the Data Controller to inform you of any opinions given about you, unless the Data Controller considers that the opinions are confidential. Even in such cases, your rights to such information will usually be greater than the right of the person who gave this information will usually be greater than the right of the person who gave this opinion in private. 8. What is the Role of the Data Commissioner? The role of the Data Commissioner aims to make sure that those rights are being upheld and that Data Controllers respect data protection rules. Summary proceedings for an offence under the Data Protection Act may be brought and prosecuted by the data Protection Commissioner. The Role of the Data Controller: A Data Controller is the individual or the legal person who controls and is responsible for the keeping and use of personal information on a computer or in structured manual files. Will keep or process any information about living people. They are responsible for the personal data which it holds. They decide what personal information is going to be kept. They decide the use to which the information will be put. The Role of the Data Receiver. A Data Receiver is a person who provides personal information about themselves to a variety of organisations for a whole range of purposes i.e, when you go to the doctor you give him/her information about yourself, name, address, date of birth, if you have children, and your phone number. Give two examples of Data Legislation: Sample One: The office received a complaint from a solicitor acting on behalf of a data subject concerning the alleged further proceedings of the complaints personal data contained in medical records held by her General Practitioner (G.P.). It was alleged that medical records relating to the complaint were released to an Insurance Company by her G. P, following a request made to her G.P. The complaint stated that the G.P, had received a request from an Insurance Company, seeking the complainant medical records, relating to a knee injury she had suffered. It was alleged that, in replying to this request, the G.P, not only realised data relevant to the knee injury, but also disclosed other sensitive medical information including cervical smear test results, colposcopy, correspondence regarding lesions and records relating to Carpel Tunnel Syndrome, none of which were related to the knee injury. We wrote to the G.P, and we asked that he provide an explanation as to what had occurred in this case. He responded stating that an Insurance Company had requested relevant information with respect to the patient concerned and her knee injury. He informed us that the request received, stated that it required copies of clinical consultations/surgery notes, investigations and associated results, treatments, referrals, out-patients appointments and repeat prescriptions from 18 02 2009 to the present date. He stated that, inadvertently, copies of the patient records were supplied to the Insurance Company with some details which were not relevant to her knee injury and that this was obviously an oversight. He stated that he was deeply sorry that he has caused any distress or upset to his patient, whom he has known for thirty-five-years. The G.P, stated that the company knew he always endeavoured to keep high standards in the practice and that she should understand his disappointment that the system used in releasing this information fell below that standard expected by the complainant and himself. He further stated that he hoped that she would accept his unreserved apology for the inadvertent disclosure of her records to the Insurance Company and that he completely understood how upset and appointed she must be. He said that since this unpleasant and unfortunate error he had overhauled his practice procedures. We wrote to tell the solicitor for the complainant outlining the G.Ps response and also conveying the G.Ps apologies. We stated that this offices approach to complaints is to try to seek an amicable resolution to the matter which is the subject of the complaint and we asked if his client would like to try to reach an amicable resolution of the complaint. They responded stating that their client wished for a formal decision of the commissioner on the matter. In considering this case, the key issues from a Data Protection perspective was the issue of consent. It was noted from the material provided that the complainant had completed and signed an insurance claim form which contained the following consent clause: I authorise Financial Insurance Company Limited (the underwriters) to make any enquires and get any information they consider relevant from my doctor, employers or elsewhere. I understand that I must provide evidence to Financial Insurance Company Limited to prove my claim form. On the same claim form, the complainant supplied details of her accident and explained as follows, Why it prevented her from walking? left knee injury, tore ligaments, recovery time unknown, waiting for knee surgery, on waiting list. The Insurance Company concerned had sought the complainants medical records, supplied the relevant consent form and used the following terms in its request to the G.P.: Can you please provide us with copies of the claimants medical records relevant to this claim. This includes all records relating to the medical conditions and associated symptoms which are subject of this claim. It was clear from the Insurance Companies request for medical records that it sought medical records relevant to the claim only. As the claim related to the complainants knee injury, the medical records sought related to that injury and the request did not extend beyond that. Equally the complainants consent authorised the Insurance Company to make injuries and to get any information concerned relevant from her doctor and others. The consent was clearly limited to relevant information and it could not be interpreted as extending to all medical records held by the G.P. This office issued a decision on this complaint which stated that the commissioner was of the opinion, following the investigation of this complaint, that section 2 (1) (C) (ii) of the Data Protection Acts, 1988 2003 had been contravened by the G.P, by the further processing of the complainants sensitive Personal Data in the form of medical records unrelated to her knee injury. The contravention occurred when the G.P, in responding to a request from and Insurance Company, disclosed to that Insurance Company certain medical records of the complainant without her consent.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.