The legal framework governing the use of personal confidential data in health care is complex. It includes the NHS Act 2006, the Health and Social Care Act 2012, the Data Protection Act 2018, the UK General Data Protection Regulation 2021, and the Human Rights Act 1998.
The law allows personal data to be shared between those offering care directly to patients but it protects patients’ confidentiality when data about them are used for other purposes.
We ensure that whatever the work we carry out for a client, a legal basis to process data is established. For managing a particular piece of work or function, we can deliver services as a preferred independent/arms-length body, e.g. to fulfil your Data Protection Officer (DPO) role.
There is an increased need to complete statutory Data Protection Impact Assessments (DPIA) as an increased volume of new technology is used to support direct patient care. We have a wealth of experience in producing DPIAs for our clients.
Where Data Processing Agreements and/or Data Sharing Agreements are needed across individual partner organisations, we can provide an efficient set of documents, with the aim of delivering these in a more collaborative and standardised environment across geographical areas, together with any other necessary processes and documentation required, including:
We can support you when you have workforce capacity issues, or when there is a spike in Information Governance requirements, and your current staffing resource needs some short-term support.
We can also help organisations to reach NHS standards to become a data sharing partner.
We work with Information Asset Owners and Information Asset Administrators to complete and/or maintain a client’s Information Asset Register and Data Flow Mapping, as part of their Record of Processing Activities.
We can develop and deliver bespoke training in the following areas:
For further information contact MIAA's Digital Director, Tony Cobain