1 / 14

When Worlds Collide: Freedom of Information and the Protection of Health Data Dr Renate Gertz AHRC Research Centre S

When Worlds Collide: Freedom of Information and the Protection of Health Data Dr Renate Gertz AHRC Research Centre School of Law, University of Edinburgh. The legislation . 11 January 2005: Freedom of Information legislation England + Scotland Purpose:

rupert
Télécharger la présentation

When Worlds Collide: Freedom of Information and the Protection of Health Data Dr Renate Gertz AHRC Research Centre S

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. When Worlds Collide: Freedom of Information and the Protection of Health Data Dr Renate Gertz AHRC Research Centre School of Law, University of Edinburgh Edinburgh eHealth Research Network 29.11.06

  2. The legislation • 11 January 2005: Freedom of Information legislation England + Scotland • Purpose: • General right of access to information held by or on behalf of public authorities • Promoting culture of openness and accountability across public sector Edinburgh eHealth Research Network 29.11.06

  3. cont. • 2000: Data Protection Act 1998 came into force • Purpose: • Protects ‘personal data’ against unlawful disclosure to third parties • Promotes a spirit of confidentiality. Edinburgh eHealth Research Network 29.11.06

  4. Exemptions to FOI • Reasons for withholding information → exemptions from the right to know. • Absolute exemptions: will always prohibit disclosure • Qualified exemptions: public interest test - public interest in maintaining the exemption must outweigh public interest in disclosure. Edinburgh eHealth Research Network 29.11.06

  5. Absolute exemption • Personal data - FOI refers to Data Protection Act for definition • S. 1- personal data: “data which relate to a living individual who can be identified- (a) from those data, or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller. “ • S. 2 – sensitive personal data: “personal data consisting of information as to …(e) his physical or mental health or condition ...” Edinburgh eHealth Research Network 29.11.06

  6. cont. • The result: • Two diametrically opposed pieces of legislation – spirit of openness v. spirit of confidentiality • The problem: • To find a sensible way of agreeing on a feasible compromise Edinburgh eHealth Research Network 29.11.06

  7. The first health data case • Common Services Agency (ISD) v Collie • Information on childhood leukaemia cases (0-14 years) in Dumfries and Galloway by census ward • Grounds for refusal: combination of rare diagnosis, specified age group, small area, low numbers = identifiability = personal data • SIC: personal data, but ‘barnardised’ version to be provided • ISD: appeal to the courts – hearings took place two weeks ago! Decision expected soon Edinburgh eHealth Research Network 29.11.06

  8. Implications of Collie • ‘pure’ FOI issues: • powers of the SIC • Data Protection – FOI interface issues: • What are personal data Edinburgh eHealth Research Network 29.11.06

  9. FOI Issues • S.1 (4) “The information…is the information held at the time the request is received“ • SIC: data to be barnardised – still data ‘held’? • What power does the SIC have? • Power to order authority to release data it does not hold? • Power to instruct authority to ‘do something’ to data so it can be released? – s. 15(1) ”A Scottish public authority must, so far as it is reasonable to expect it to do so, provide advice and assistance to a person who proposes to make, or has made, a request for information to it.” • → Power to order ‘barnardisation’? Edinburgh eHealth Research Network 29.11.06

  10. Implications beyond Collie • S 15 – to provide “advice and assistance” • How far does this go? • What about data not held in a form that can be handed over to applicant? • Duty to analyse data and arrange into table? • Data integration: consequences? Edinburgh eHealth Research Network 29.11.06

  11. Preventing identifiability • Most commonly recognised: anonymisation • Problem legally acceptable level of anonymisation: Is ‘barnardisation’ sufficient? • Problem ‘connectivity’ • Spirit of DP would prohibit disclosure • Spirit of FOI promotes disclosure • Tension at interface between regimes: Solution “to substantially remove risk of identification”? Again: What is acceptable? • Problem definition Edinburgh eHealth Research Network 29.11.06

  12. Defining personal data • Durant case precedent= “focus on an individual or be of biographical significance for the individual concerned” • October 2005: European Commission: UK before ECJ if personal data definition remains too narrow, not in line with the Directive! • FOIA refers to DPA: will Durant continue to provide yardstick for both Acts? → Ruling against UK will affect both England and Scotland. Edinburgh eHealth Research Network 29.11.06

  13. cont. • Practical difficulty: England, Information Commissioner = both DP + FOI: new policies applied by one office • SIC = only FOI, not DP as DP = national matter. • So: Will SIC obtain policy on personal data from England before being able to apply it to Scottish FOI appeals, because: unacceptable if differing interpretations of ‘personal data’ were to emerge. Edinburgh eHealth Research Network 29.11.06

  14. Data protection principles • 2 new cases requesting surgeon mortality rates • Required: breach of DP principle = fair processing • SIC: personal data relating to professional, not personal lives! • Problem: DPA and FOIA – guidance on ‘fairness principle’ differs • Applying DPA guidance to FOI – unproblematic • Applying FOI guidance to DPA: direction of referral – DPA does not refer to FOIA!! New legislation trumps old, but what about guidances? Edinburgh eHealth Research Network 29.11.06

More Related