In November 2007, the Data Protection Commissioner issued a Guidance Note for Data Controllers on the Release of Personal Data to Public Representatives, in line with which the Health Service Executive prepared a Standard Operating Procedure for its staff. This requires that routine information be provided to public representatives on the basis that it can be generally assumed that the constituent has given consent for the release of the personal data necessary to respond to the request.
In instances where the information requested is determined to be of a very sensitive personal nature, the Executive's procedure, in line with the Data Protection Commissioner's Guidance Note, provides that the data controller should check with the patient or client that he or she has given consent for the information to be released to the public representative. If the client or patient cannot be contacted the person dealing with the inquiry should contact the public representative's office to check if consent has been obtained from the patient or client to the release of sensitive personal data.
Having made inquiries in the matter, it has not been possible to ascertain specific instances where the Executive has declined to provide information on the grounds of confidentiality. However, if the Deputy wishes to provide information on a specific case or cases where such a situation has arisen, I will request that the Executive investigate the matter and take appropriate action if necessary.