GDPR & the Hampshire Health Record/CHIE

Dr Neil Bhatia made this Freedom of Information request to Portsmouth Hospitals NHS Trust

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

The request was successful.

Dear Portsmouth Hospitals NHS Trust,

I would like to make a request under the FOI Act.

For the purposes of the Act, please take the date of your receipt of this request as Wednesday 25th April 2018.

I remain interested in how Portsmouth Hospitals NHS FT is planning to comply with the EU GDPR requirements for the data that it processes (extracts & uploads) to the Hampshire Health Record (HHR/CHIE).

My understanding remains that you have previously extracted and uploaded data to the HHR for both direct care and secondary uses purposes, and that this might continue after 25th May.

You have previously responded to a FOI request of mine:

https://www.whatdotheyknow.com/request/4...

"Portsmouth Hospitals NHS Trust have not made a decision regarding the secondary processing of our data by CHIA. We will undertake a review of our Data Sharing Agreement in the near future."

I trust that any such reviews have now taken place, given the proximity to May 25th.

I am requesting the following information:

DIRECT CARE:

1) Please could you tell me which lawful basis, as set out in Article 6 of the GDPR, will *your* organisation be relying upon to enable processing of personal data for direct care purposes?

2) Please could you provide me with the procedure that patients must follow in order to express their right to object to such processing (as is their right under Article 21).

Please could you provide me with:

a) the form that they must fill in, or a description of the information that you require from them in order to process their objection

b) to whom they must send their objection (e.g. department, address or email address)

c) confirmation that patients will not simply be told to "go and see your GP" when expressing their right to object (i.e. that *you*, as the data controller, will deal with their objection as per Article 21 and Recital 69)

d) confirmation that any upheld objection will ensure that no data about the patient will be extracted and uploaded to the HHR by your organisation, yet still allowing the patient to have a HHR consisting of records derived from the other contributing organisations (including their GP practice)

e) any such policy that you have that, in part or whole, details how HHR "right to object" expressions for direct care will be managed by *your* organisation

Assuming you are to continue to instruct secondary processing:

SECONDARY USES:

3) Please could you tell me which lawful basis, as set out in Article 6 of the GDPR, will *your* organisation be relying upon to enable processing (extraction and uploading) of personal data for secondary uses?

4) Please could you tell me which lawful basis, as set out in Article 9 of the GDPR, will *your* organisation be relying upon to enable processing (extraction and uploading) of special category data for secondary uses?

5) Please could you provide me with the procedure that patients must follow in order to express their right to object to such secondary uses processing (as is their right under Article 21).

Please could you provide me with:

a) the form that they must fill in, or a description of the information that you require from them in order to process their objection

b) to whom they must send their objection (e.g. department, address or email address)

c) confirmation that patients will not simply be told to "go and see your GP" when expressing their right to object (i.e. that *you*, as the data controller, will deal with their objection as per Article 21 and Recital 69)

d) any such policy that you have that, in part or whole, details how HHR "right to object" expressions for secondary uses will be managed by *your* organisation

I would be grateful if you would be kind enough to send me the requested information promptly and in any event not later than the twentieth working day following the date of receipt of my request - that is, by the end of May 24th.

I would be grateful if you would kindly acknowledge receipt of this request as recommended by the ICO (“It would be good practice to acknowledge receipt of requests and to refer to the 20 working day time limit, so that applicants know their request is being dealt with”).

Thank you once again.

Yours faithfully,

Dr Neil Bhatia

Portsmouth FOIRequests, Portsmouth Hospitals NHS Trust



Acknowledgement of Request for information under the Freedom of
Information Act 2000

 

Thank you for your request for information, made under the Freedom of
Information Act 2000 (the Act) which was received today by Portsmouth
Hospitals NHS Trust (the Trust).

 

Under the terms of the Act the Trust will endeavour to respond to your
request within 20 working days. The clock commences on the next working
day following receipt of your request. The Trust will investigate the
nature of your information request;  if clarification is required to
assist the Trust to locate & compile the information you requested,  then
the clock will be suspended until such time as the Trust receives your
clarification.

 

Please note that in accordance with section 12(4) of the Act where
multiple requests for information are received from one person or by
different persons who appear to be acting together, the estimated cost of
complying with any of the requests is to be taken to be the estimated
total cost of complying with all of them. Where applicable, we may deal
with multiple requests for information under a single reference.

 

There are also a number of exemptions which the Act permits with respect
to disclosure of information. The information will be assessed for these
exemptions prior to us releasing it to you. You will be advised if the
Trust is unable to provide the information requested due to exemption(s).

 

Re-use of Public Sector Information Regulations 2005

 

The supply of information under Freedom of Information is intended to be
for personal use only and does not automatically give the recipient the
right to commercially re-use it, for example, the right to publish it or
make it available to a wider audience [SI 2005 No: 1515 4(1)].  Therefore,
if this information is not for your personal use, you must apply in
writing to this Trust. A licence may be issued if the information is under
copyright and the issue of a licence may constitute a charge depending
upon the information released and proposed re-use.

 

Failure to comply with the Regulations may result in legal proceedings
being taken against you.

 

The Trust will only release staff personal information of those who are
grade Band 8 and above.

 

If you have any queries, please do not hesitate to contact this office.

 

Yours sincerely

 

Freedom of Information Team

Room 2.03

De La Court House

Queen Alexandra Hospital

Southwick Hill Road

Portsmouth

Hampshire

PO6 3LY

 

Tel: 023 9228 6000

Ext. 3708

Email:  [1][email address] (Please do not use this
email for further FOI requests)

 

 

 

References

Visible links
1. mailto:[email address]

Dear Portsmouth Hospitals NHS Trust,

Just a polite reminder that you must respond to this request by the end of today, 24th May, else you will be in breach of the Act.

Yours faithfully,

Dr Neil Bhatia

Dear Portsmouth Hospitals NHS Trust,

You have not responded to my FOI request.

You are in breach of s10 of the Act.

If I do not receive the information requested by the end of today, I will have no option but to refer this matter to the ICO.

Yours faithfully,

Dr Neil Bhatia

Portsmouth FOIRequests, Portsmouth Hospitals NHS Trust

Dear Dr Bhatia,

In reference to your Freedom of Information Request. Ref: 18-19 046

We apologies for the delay in dealing with your request. We are currently collating information in order to answer your request and we hope to have a sufficient response to your request by the end of today.

Again, our sincerest apologies for the delay.

Kind Regards

Freedom of Information Team

Portsmouth Hospitals NHS Trust
Room 2.03 Top Floor
De La Court House
Queen Alexandra Hospital
Southwick Hill Road
Cosham, Portsmouth
Hampshire PO3 6LY

02392 286000 Ext. 3708
[Portsmouth Hospitals NHS Trust request email] (For further requests only)
[email address] (For general enquiries)
www.porthosp.nhs.uk

"The information contained within this message is intended for the addressee only and may contain confidential and/or privileged information. If you are not the intended recipient, you may not peruse, use, disseminate, distribute or copy this message. If you have received this message in error, please notify the sender immediately by email, facsimile or telephone and either return or destroy the original message. The sender accepts no responsibility for any changes made to this message after it has been sent by the original author. The views or opinions contained herein do not necessarily represent the views of Portsmouth Hospitals NHS Trust. This email or any of its attachments may contain data that falls within the scope of the Data Protection Acts. You must ensure that any handling or processing of such data by you is fully compliant with the terms and provisions of the Data Protection Act 1984 and 1998".

show quoted sections

Portsmouth FOIRequests, Portsmouth Hospitals NHS Trust

Dear Dr Bhatia,

In reference to your Freedom of Information Request. Ref: 18-19 046

We apologies for the delay in dealing with your request. Unfortunately, due to unforeseen circumstances, we have not been able to answer your request to a satisfactory standard. Mainly due to our Information Governance Manager, who is in the process of answering this request, having some unplanned time off of work; due to illness.

We Hope to have a sufficient response to your request by no later than Tuesday 29th May 2018.

Again, our sincerest apologies for the delay.

Kind Regards

Freedom of Information Team

Portsmouth Hospitals NHS Trust
Room 2.03 Top Floor
De La Court House
Queen Alexandra Hospital
Southwick Hill Road
Cosham, Portsmouth
Hampshire PO3 6LY

02392 286000 Ext. 3708
[Portsmouth Hospitals NHS Trust request email] (For further requests only)
[email address] (For general enquiries)
www.porthosp.nhs.uk

show quoted sections

Dear Portsmouth FOIRequests,

It is now Friday.

I have no option but to report this matter to the ICO, as you clearly have no intention of responding to my request. You are in breach of s10 of the Act.

Yours sincerely,

Dr Neil Bhatia

Portsmouth FOIRequests, Portsmouth Hospitals NHS Trust

2 Attachments

Dear Dr Bhatia,

 

Please find attached Portsmouth Hospitals NHS Trust's letter of completion
for your request made under the Freedom of Information Act 2000.

 

Yours sincerely,

 

Freedom of Information Team

 

Portsmouth Hospitals NHS Trust

Room 2.03 Top Floor

De La Court House

Queen Alexandra Hospital

Southwick Hill Road

Cosham, Portsmouth

Hampshire PO3 6LY

 

02392 286000 Ext. 3708

[1][Portsmouth Hospitals NHS Trust request email] (For further requests only)

[2][email address] (For general enquiries)

[3]www.porthosp.nhs.uk

 

 [4]cid:image001.png@01D11173.1F986F90

"The information contained within this message is intended for the
addressee only and may contain confidential and/or privileged information.
If you are not the intended recipient, you may not peruse, use,
disseminate, distribute or copy this message. If you have received this
message in error, please notify the sender immediately by email, facsimile
or telephone and either return or destroy the original message. The sender
accepts no responsibility for any changes made to this message after it
has been sent by the original author. The views or opinions contained
herein do not necessarily represent the views of Portsmouth Hospitals NHS
Trust. This email or any of its attachments may contain data that falls
within the scope of the Data Protection Acts. You must ensure that any
handling or processing of such data by you is fully compliant with the
terms and provisions of the Data Protection Act 1984 and 1998".

P .......Save a tree..........do you  really need to print this email?

 

References

Visible links
1. mailto:[Portsmouth Hospitals NHS Trust request email]
2. mailto:[email address]
3. http://www.porthosp.nhs.uk/

Dr Neil Bhatia left an annotation ()

More information about NHS data sharing, including:

• The Summary Care Record,
• The Hampshire Health Record (CHIE)
• The Berkshire Health Record (Share Your Care)
• The Manchester Care Record
• The Stockport Health and Care Record
• The Salford Integrated Record
• The West Cheshire Care Record
• The North Staffs and Stoke-on-Trent Shared Record
• The Sutton Integrated Digital Care Record
• The Wirral Care Record
• The Dorset Care Record
• The Bolton Care Record

• Secondary uses of your information
• The National Data Opt Out

• Local data streaming initiatives
• Remote consultations
• Secure online access to your GP record

can be found at:

www.nhsdatasharing.info

Dear Portsmouth FOIRequests,

Thank you for your response.

You are the *only* organisation contributing to the HHR/CHIE that asserts it is relying upon Vital interests and/or legal obligation, conveniently enough the two legal bases with no right to object.

I would point out that you are under no legal obligation to process your patients' data to the CHIE - it is an entirely optional project (otherwise every healthcare organisation in Hampshire would be compelled to do so). You are the data controller, the CSU is the data processor. You can withdraw from CHIE whenever you like.

You also cannot rely upon Vital Interests as your patients are perfectly capable of consenting (or dissenting).
https://ico.org.uk/for-organisations/gui...
" this only applies if the data subject is physically or legally incapable of giving consent"

Every other organisation relies upon Article 6(1)(e) which gives the data subject the right to object to processing in this way, or Consent (which the data subject can withdraw at any time).

www.hampshirehealthrecord.info

Yours sincerely,

Dr Neil Bhatia

Armour Emile - Information Governance Manager, Portsmouth Hospitals NHS Trust

2 Attachments

Link: [1]File-List
Link: [2]Edit-Time-Data

Dear Dr Bhatia,

Thank you for your observations on this subject.  As you can appreciate
the changes within GDPR and the DPA18 are new to many of us in Information
Governance.  We will reflect on your comments and will keep you informed
if a decision is made to change our position. 

 

Kind regards,

Emile

 

Emile A. Armour

Information Governance Manager

 

Portsmouth Hospitals NHS Trust

Room 2.03 Top Floor

De La Court House

Queen Alexandra Hospital

Southwick Hill Road

Cosham, Portsmouth

Hampshire PO6 3LY

 

Tel 02392 286000 Ext. 3708

Email [3][email address]

NHSmail [4][email address]

General Enquiries [5][email address]

 

Hospital Website [6]www.porthosp.nhs.uk

 

 

[7]cid:image001.png@01D0106A.2E785440

 

This email message and any files transmitted with it are confidential and
intended solely for the use of the addressee. This communication may
contain material protected by law from being passed on. If you are not the
intended recipient and have received this email message in error, you are
advised that any use, dissemination, forwarding, printing, or copying of
this email message and any files transmitted with it is strictly
prohibited. If you have received this email in error, please notify the
sender and remove all copies of this message, including any attachments.

 

Emails are not considered a secure method for sending personal, sensitive
or confidential information outside the Trust unless encrypted and may
therefore be at risk.

 

The information contained in this email may be subject to public
disclosure under the Data Protection legislation or the Freedom of
Information Act 2000.

 

 

References

Visible links
1. file:///tmp/cid:filelist.xml@01D3FCAF.F2C13120
2. file:///tmp/cid:editdata.mso
3. mailto:[email address]
4. mailto:[email address]
5. mailto:[email address]
6. http://www.porthosp.nhs.uk/
7. http://qahwdtestweb01:84/