Sunday, 26 February 2012

Can we continue to fudge access to people’s medical records?

Following my last blog post, I’ve been asked for examples of types of manual files that might now fall outside the ambit of the draft Regulation (which might possibly result in regulatory savings in the UK), and for those which might now be included in the ambit of the draft Regulation (possibly resulting in increased regulatory costs in the UK).

So, here goes.

We need to remember that the Article 24 of the draft Regulation defines a “filing system” as “any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.”

And we need to remember that the Data Protection Act 1998 currently restricts an individual’s right of access to only certain types of information held in manual files.

As I pointed out last time, the general rule is that information in a manual file is disclosable when specific information about an individual in that manual file can be quickly found. This is known as the easy access rule, or the temp test. If a temporary employee can’t locate specific information in a manual file within a very short time of their opening the file, then the information is not disclosable.

But, we all know that’s not quite the story. There are certain types of manual files that are disclosable, even when if the file fails the temp test. The Data Protection Act 1998 extends access to personal information held what it defines as accessible records and it also protects the personal information held in all types of files held by public authorities. The accessible records relate to various types of health, education, local authority housing and local social services authority records.

The big question is what happens to access to these types of records under the draft Regulation? Will citizens continue to enjoy access to them, or will access be denied?

I’m not expressing an opinion here, as I don’t yet have one.

But I do want to point out some of the consequences of the answer – which, presumably, is either Yes or No.

If the answer is Yes, then it could be argued that the UK has been indulging in a little gold plating of the current Directive, by extending (for understandable cultural reasons) its ambit. But I thought it was the stated intention of the British Government that, from now on, gold plating was to be forbidden. So what will it do next?

On the other hand, if the answer is No, then it could be argued that some people are to be disadvantaged because (presumably) they will no longer have statutory access the relevant information, which (probably) in practice means that it will still be provided, but at a cost which is closer to the actual cost of producing the information.

Widening the issue, given the “one rule to rule them all” principle of the draft Regulation, and the powers that will be reserved to the European Commission to ensure that all citizens across Europe will have equal access to everything, I wonder what this means elsewhere. Does it mean, for example, that citizens in countries which formerly restricted access to social services authority records will now have to open them up to public inspection? If so, at what cost?

And what other manual file subject access” extras may exist elsewhere in Europe, which might suddenly be extended to other countries, potentially imposing additional compliance costs?

I don’t have an answer to that, today.

But I will comment that the more you examine the concept of a Regulation, where rules are to apply equally everywhere, the more you wonder just how local citizens will react to changes which they really don’t understand.

Anyway, my task today was to set out a potential problem. And to invite readers to submit cunning plans for a resolution – before our political masters start asking why the Commission hadn’t thought of this before presenting us with a more elegantly worded draft Regulation.