Data Protection

Access to accurate and up to date patient information is critical to the provision of safe and efficient health services. The management of information of a personal and sensitive nature between service providers is one that I consider to be very important and should be done to ensure that the privacy and confidentiality of the information has the requisite protection whilst ensuring the highest quality of service at all times.  All health sector staff who handle personal sensitive data should be clear in their responsibilities in how to deal with such information. This is clearly set out in the codes of conducts for medical professionals.

TUSLA and the HSE are statutory bodies and data controllers in their own right.  The issue and the nature of the consent obtained in relation to sensitive personal data is dealt with under the Data Protection Acts 1988 and 2004.  Where consent is used as the basis for processing of an individual’s personal information, he or she can give informed  consent to the sharing of information between different data controllers.   However, consent is only one of the grounds for the sharing of information between statutory bodies.  They can, independently of consent, share information where it is necessary for the performance of their statutory functions.  For completeness, it should be made clear that, in a legal sense, the Data Protection Acts do not refer to sharing per se but to the disclosure of information between data controllers which in an everyday sense is sharing of such information.