§ Mr. CohenTo ask the Secretary of State for Health (1) whether the confidentiality of medical data may be breached for billing, policing, protecting national security and tax collecting purposes; and whether he will make a statement;
(2) what guidance he has given as to the circumstances in which implied consent of the patient for the use of a medical record can be assumed; and whether he will make a statement.
§ Mr. DorrellPersonal health information in the NHS is strictly confidential, and all those who work in the NHS are under a legal duty to safeguard its confidentiality. Patients have the right to expect that information about them is used within the NHS only for authorised purposes, and only by authorised personnel. The information so used must be only such as is strictly necessary for the purpose in question. Administrative and financial control, without which the NHS could not function, are authorised purposes, and the use of such personal health information as is strictly necessary for these purposes does not constitute a breach of confidentiality.
Under the common law, there can be a justification, in the public interest, for confidentiality to be breached. It is generally held that the prevention, detection and prosecution of serious crime, and the protection of national security, provide such justification. Tax collection and general policing do not fall within this category.
The Department is working on the production of guidance on these issues for the NHS which will be issued soon in draft form for consultation.