14 Aug 2017 17 Aug 2017
For the purpose of this task. I am going to do the following:
1. What is Legislation?
Legislation governs communication in Ireland concerned with communication freedom of information act.
It was amended in 2003 and is called the Data Protection Act.
When you give personal details to an organisation or individual, they have a duty to keep these details private and safe.
This process is known as Data Protection. They refer to organisations or individuals who control the contents and use of a persons details as "data controllers".
Most people give information about themselves to groups such as Government bodies, i.e, banks, insurance companies, medical professionals and telephone companies to use their service or meet a certain source.
Under data Protection Law, you have the rights regarding the use of these personal details and data controllers have certain responsibilities in how that handle this information.
You Have the right to Data Protection when your details are:
Data Protection rights will help you make sure that the information stored about you is
The rights does not apply, however, in a small number of cases, where it could harm certain interests - for example, when someone ids investigating an offence.
You can ask for a copy of all your personal details by writing to any organisation or any You can also ask the Data Controller to inform you of any opinions given about you, unless the Data Controller considers that the opinions are confidential.
Even in such cases, your rights to such information will usually be greater than the right of the person who gave this information will usually be greater than the right of the person who gave this opinion in private.
8. What is the Role of the Data Commissioner?
The role of the Data Commissioner aims to make sure that those rights are being upheld and that Data Controllers respect data protection rules.
Summary proceedings for an offence under the Data Protection Act may be brought and prosecuted by the data Protection Commissioner.
A Data Controller is the individual or the legal person who controls and is responsible for the keeping and use of personal information on a computer or in structured manual files.
A Data Receiver is a person who provides personal information about themselves to a variety of organisations for a whole range of purposes i.e, when you go to the doctor you give him/her information about yourself, name, address, date of birth, if you have children, and your phone number.
The office received a complaint from a solicitor acting on behalf of a data subject concerning the alleged further proceedings of the complaints personal data contained in medical records held by her General Practitioner (G.P.).
It was alleged that medical records relating to the complaint were released to an Insurance Company by her G. P, following a request made to her G.P.
The complaint stated that the G.P, had received a request from an Insurance Company, seeking the complainant medical records, relating to a knee injury she had suffered.
It was alleged that, in replying to this request, the G.P, not only realised data relevant to the knee injury, but also disclosed other sensitive medical information - including cervical smear test results, colposcopy, correspondence regarding lesions and records relating to Carpel Tunnel Syndrome, none of which were related to the knee injury.
We wrote to the G.P, and we asked that he provide an explanation as to what had occurred in this case. He responded stating that an Insurance Company had requested relevant information with respect to the patient concerned and her knee injury. He informed us that the request received, stated that it required copies of clinical consultations/surgery notes, investigations and associated results, treatments, referrals, out-patients appointments and repeat prescriptions from 18 - 02 - 2009 to the present date.
He stated that, inadvertently, copies of the patient records were supplied to the Insurance Company with some details which were not relevant to her knee injury and that this was obviously an oversight.
He stated that he was deeply sorry that he has caused any distress or upset to his patient, whom he has known for thirty-five-years.
The G.P, stated that the company knew he always endeavoured to keep high standards in the practice and that she should understand his disappointment that the system used in releasing this information fell below that standard expected by the complainant and himself.
He further stated that he hoped that she would accept his unreserved apology for the inadvertent disclosure of her records to the Insurance Company and that he completely understood how upset and appointed she must be.
He said that since this unpleasant and unfortunate error he had overhauled his practice procedures.
We wrote to tell the solicitor for the complainant outlining the G.P's response and also conveying the G.P's apologies.
We stated that this office's approach to complaints is to try to seek an amicable resolution to the matter which is the subject of the complaint and we asked if his client would like to try to reach an amicable resolution of the complaint.
They responded stating that their client wished for a formal decision of the commissioner on the matter.
In considering this case, the key issues from a Data Protection perspective was the issue of consent. It was noted from the material provided that the complainant had completed and signed an insurance claim form which contained the following consent clause: "I authorise Financial Insurance Company Limited (the underwriters) to make any enquires and get any information they consider relevant from my doctor, employer's or elsewhere. I understand that I must provide evidence to Financial Insurance Company Limited to prove my claim form". "On the same claim form, the complainant supplied details of her accident and explained as follows, Why it prevented her from walking? 'left knee injury, tore ligaments, recovery time unknown, waiting for knee surgery, on waiting list".
The Insurance Company concerned had sought the complainants medical records, supplied the relevant consent form and used the following terms in it's request to the G.P.:
"Can you please provide us with copies of the claimants medical records relevant to this claim. This includes all records relating to the medical conditions and associated symptoms which are subject of this claim".
It was clear from the Insurance Companies request for medical records that it sought medical records relevant to the claim only. As the claim related to the complainants knee injury, the medical records sought related to that injury and the request did not extend beyond that. Equally the complainants consent authorised the Insurance Company to make injuries and to get any information concerned relevant from her doctor and others. The consent was clearly limited to relevant information and it could not be interpreted as extending to all medical records held by the G.P.
This office issued a decision on this complaint which stated that the commissioner was of the opinion, following the investigation of this complaint, that section 2 (1) (C) (ii) of the Data Protection Acts, 1988 & 2003 had been contravened by the G.P, by the further processing of the complainant's sensitive Personal Data in the form of medical records unrelated to her knee injury. The contravention occurred when the G.P, in responding to a request from and Insurance Company, disclosed to that Insurance Company certain medical records of the complainant without her consent.
If you are the real writer of this essay and no longer want to have the essay published on the our website then please click on the link below to send us request removal:Request the removal of this essay
Get in touch with our dedicated team to discuss about your requirements in detail. We are here to help you our best in any way. If you are unsure about what you exactly need, please complete the short enquiry form below and we will get back to you with quote as soon as possible.