30 January 2018
Gaining Consent in the Age of GDPR
For the last couple of years, data has become such a big subject, and rightly so, data allows businesses to thrive. However, as we continue into the digital age, the EU Parliament is introducing the General Data Protection Regulation, that comes into effect from 25th May 2018. The regulation is being introduced to ensure that EU citizen’s data remains safe.
Healthcare organisations should already be doing 70-75% of the points outlined in the GDPR according to Dawn Monaghan, head of data sharing and privacy (NHS England), head of Strategic IG (NHS Digital) and director Information Governance Alliance. Speaking at UKA Live: Identity, Consent & GDPR, she mentioned that there are 3 sections, the area that organisations should already be doing as part of the Data Protection Act 1998, the bits that are part of good practice codes that will become mandatory in May (this is around 30%), and then the brand new aspects.
Gaining Consent within Healthcare
One of the biggest changes brought in by the regulation is gaining consent to use the visitor’s data. Within Healthcare there is implied consent for direct care and that patient data can be shared among medical professionals. The example Monaghan used within the webinar was that “If I go to the doctor with a bad knee, he takes all my data and says I’m going to share that with the hospital as a consultant needs to see it, it is my reasonable expectation that that GP will share it with the hospital and consultant.”
There is also section 251 of the National Health Service Act 2006 that enables “the common law of confidentiality to be temporarily lifted so that confidential patient information can be transferred to an applicant without the discloser being in breach of the common law duty of confidentiality”. This is to be used in cases such as a patient attending Accident and Emergency (A&E), they can skip gaining consent to have access to the patient’s data but they do need to inform them how they are using it.
The application of gaining consent is to be used for purposes other than direct medical care. It is easy to record consent given in writing or over the phone when providing a service; however most organisations will receive personal data when an individual enquires through the website, so how can they gather the visitor’s agreement before they submit their identifiable details?
Visitors are also able to withdraw their consent after the data has been processed under their right to be forgotten. Organisations will need to ensure they remove any records that contain traces of identifiable personal data which now includes IP addresses.
Providing Secure Software to Healthcare Organisations
Click4Assistance have recently released ‘Experiences’ the new enhanced solution, which has been developed around advanced security and GDPR.
All forms are fully customisable within the system, allowing links to privacy policies and mandatory tick boxes to be added to pre-chat, pre-call and smartContact forms etc. Data is encrypted whilst in transit using secure connections such as HTTPS / SSL, it is then stored within a fully reliable and robust back-end, where it is encrypted at rest on servers that are located in Equinix, London.
Click4Assistance is an UK company and has been providing chat on your website software for over 10 years; our customers include CWP NHS, BMI Healthcare and NHS Scotland. For more information about complying with GDPR and the new enhanced solution contact out team on 01268 524628 or email firstname.lastname@example.org.