Skip to main content

Medical Records: Databases

Volume 469: debated on Tuesday 11 December 2007

To ask the Secretary of State for Health under what circumstances a patient's wishes expressed as a section 10 opt-out from the summary care record are expected to be overridden. (168955)

The Data Protection Act 1998 makes it clear that a section 10 request should only be overridden where the purpose served by processing the data is sufficiently important to warrant doing so even where it is accepted that substantial harm or distress is being caused. We do not expect there to be many, if any, circumstances where this would arise in the case of an individual who is competent to make decisions. We are, however, taking legal advice, and consulting with the Department for Children, Families and Schools, about the position in respect of those that lack competence, where all decisions should be taken in the individual's best interests.

To ask the Secretary of State for Health whether it will be lawful for the secondary users database to be searched at the request of the police and for the police to be provided with the identity of individuals whose medical records contain specific information. (168956)

Data from the secondary uses service will only be disclosed to the police where it is in the overriding public interest, for example to prevent, or support detection of, extremely serious crimes, where there is statutory authority, or where the courts have made an order requiring disclosure.

To ask the Secretary of State for Health who the data controller will be in respect of the information stored on the secondary users database. (169023)

The data controller for information held within the secondary users service is the Department. Other organisations lawfully permitted access to data held within the secondary users service will be data controllers in common for the subset of data that they can access.

To ask the Secretary of State for Health under what circumstances he may be designated the data controller in relation to personal data processed on a detailed care record. (169025)

With regard to detailed care records provided as part of the national health service care records service, the Department is data controller in common with the NHS organisations providing health care to patients. Although key data controller responsibilities such as overall network and technical system security are managed through the Department's contracts, most data controller responsibilities will be discharged by local organisations. However, there may be occasions, for example due to an organisation ceasing to exist or function, where the Department is the sole data controller for the data concerned.