NHS: Data Protection

Department of Health and Social Care written question – answered at on 30 July 2020.

Alert me about debates like this

Photo of Lord Freyberg Lord Freyberg Crossbench

To ask Her Majesty's Government what plans they have to consult key stakeholders and external experts on future Data Protection Impact Assessments for the management, storage and handling of NHS controlled data.

Photo of Lord Bethell Lord Bethell The Parliamentary Under-Secretary for Health and Social Care

Under the General Data Protection Regulations 2016, data controllers are under a legal obligation to complete Data Protection Impact Assessments (DPIAs) particularly where it involves high risk processing. All National Health Service organisations processing patient data as data controllers are therefore required to complete DPIAs and where necessary, to consult with key stakeholders to ensure risks to privacy are identified and mitigated as far as possible.

A DPIA for the NHS COVID-19 Data Store has been completed and is published on the NHS England website. The data held in the Data Store has gone through a process of pseudonymisation. Identifiable data is not held or made available to users and nor are they permitted to remove the data from the controlled area.

Does this answer the above question?

Yes2 people think so

No0 people think not

Would you like to ask a question like this yourself? Use our Freedom of Information site.