EU threatens personal health data security

Doctors leaders warn that changes to EU data protection rules could put existing patient confidentiality safeguards at risk.EC (European Commission) draft proposals on the processing and free movement of personal information suggest identifiable health data could be used for research without patient consent, the BMA says.

BMA director of professional activities Vivienne Nathanson’s written evidence to the Commons justice select committee inquiry into the proposals says the association is concerned that the provisions remove current patient confidentiality safeguards.

Dr Nathanson says the draft General Data Protection Regulation appears to allow identifiable health data to be used without consent for historical, statistical or scientific research purposes when anonymised or pseudonymised data cannot be used.

Although the regulation states that data that could reveal identities must be kept separately, the BMA says clarification is needed as to whether this could be on separate databases or if it must be stored outside the organisations that initially held it.

She writes: ‘The BMA has serious concerns that Article 83 appears to permit the processing of health data, in identifiable form, for research purposes without any reference to consent.

‘The only safeguards which appear in the clause seem to be that identifiable data must be kept separate, and researchers can use it only if research cannot be fulfilled by using non-identifiable data. This seems to be significantly lower than the existing standard for protection of health data.’

The BMA would oppose any change to the requirement that disclosure of confidential data normally requires consent

From the BMA guidance Requests for Disclosure of Data for Secondary Purposes.