§ Mr. LansleyTo ask the Secretary of State for Health what steps he will take to ensure that no personal information about NHS patients will be disclosed by Ministers, and officials acting on their behalf, beyond that which has been made public as a result of steps deliberately taken by the patients themselves, or with their explicit consent. [31381]
§ Ms Blears[holding answer 29 January 2002]: Disclosure of personal information is regulated by legislation and, where the information concerned is held in confidence, by common law obligations. In many circumstances it would be unlawful to disclose such information without the consent of the individual concerned unless the information is already in the public domain. Ministers and officials are aware of their responsibilities. However, there may arise circumstances where, in the broader public interest and subject to tests of necessity and proportionality, disclosure is both lawful and appropriate, for example where failure to do so might place others at significant risk.
§ Mr. LansleyTo ask the Secretary of State for Health if he will ensure that no information relating to NHS patients of a sensitive nature, covered by Schedule 2 of the Data Protection Act 1998, will be processed other than in accordance with Schedule 3 of that Act. [31380]
§ Ms Blears[holding answer 29 January 2002]: Guidance issued by the Department makes it clear that the processing of sensitive patient information must be in accordance with schedules 2 and 3 of the Data Protection Act 1998. Responsibility for compliance with the requirements of the Data Protection Act 1998 rests with each national health service body or other data controller as defined by that Act.