Opt Out NHS referral letters

helen Wilkinson-Makey made this Freedom of Information request to Wolverhampton City Primary Care Trust (PCT)

This request has been closed to new correspondence. Contact us if you think it should be reopened.

The request was successful.

helen Wilkinson-Makey

Dear Wolverhampton City Primary Care Trust (PCT),

I would like to make an FOIA regarding the story on E-Health-Insider this morning concerning the dictation system you have purchased for all GP Surgery's.


1. Are the referral letter held on a central server? Who is the Data Controller for the server?

2. Who has access to the referral letters other than the GP and the hospital to which the GP has referred the patient?

3. Do any third parties have access to the referral letters. For example, does the PCT, CCG or NHS Commissioning Board have access?

4. How is consent obtained from the patients for any third party access?

5. If there is third party access what mechanisms are in place to allow the patient to opt out of having their referral letter shared?

6.If the referral letter is shared with third parties please provide me with a copy of all patient publicity literature and in particular information explaining to patients how to opt out of third party sharing.

As per Section 4a of Part 1 of the FOI Act

) I would like the information in question held at the time when my
request is received (draft or otherwise), except that account may
be taken of any amendment or deletion made between now and the
latest time by which the information is to be communicated to me,
being an amendment or deletion that would have been made regardless
of the receipt of my request.

I would be grateful if you would be kind enough to send me the
requested information promptly and in any event not later than the
twentieth working day following the date of receipt of my request -
that is by then end of the working day of 31st August 2010.

If my request is denied in whole or in part, or specific items
within the responses are withheld from disclosure, then you must
justify all deletions by reference to specific exemptions of the
act, as per Section 17 of the Act

). Where you rely on a qualified exemption to withhold disclosure,
you are obliged to consider the public interest in your decision
and the refusal notice must explain not only which exemption
applies and why, but also the public interest arguments addressed
in reaching the decision.

I wish to receive the information by email; I believe such a
request would be reasonable in these circumstances. As per Section
11 of Part 1 of the FOI Act (

) I would be grateful if you would "so far as reasonably
practicable give effect to that preference"; if you determine that
it is not reasonably practicable to comply with this preference
then you are required by law to notify me of the reasons for your

The "return address" (to which the information that I have
requested be should be sent ) is the email address that this
particular request originates from.

I would be grateful if you would kindly acknowledge receipt of this
request as recommended by the ICO ("It would be good practice to
acknowledge receipt of requests and to refer to the 20 working day
time limit, so that applicants know their request is being dealt

Yours faithfully,

helen Wilkinson-Makey

Wolverhampton City Primary Care Trust (PCT)

1 Attachment

Thank you for your request, please see attached acknowledgement


| Double Click on Above Link to View Attachment |

Wolverhampton City Primary Care Trust (PCT)

2 Attachments

Please find attached response


| Double Click on Above Link to View Attachment |

Dan left an annotation ()

Wolverhampton City Primary Care Trust (PCT) leave the legal duty of data controller to the IT department? Are you sure?!

The data controller "determines the purposes for which and the manner in which any personal data are, or are to be, processed.".

This leads me to believe that the organisations does not understand the Data Protection Act and that the information they have provided is incorrect or they have some work to do on their DPA/IG policy.