Should We Be Notifying Patients or Obtaining Consent for Sharing or Processing of Information in Relation to COVID-19

The order given by the Secretary of  State instructs that health and social care providers collect and share information for the COVID-19 purposes (See Can I Share Information about Patients with Third Parties or Other Health Providers?)

This order means that providers do not need to seek consent or inform patients when they are collecting or sharing information for these purposes and their right to object is limited.

As your DPO, however, we will update your website materials in the background to give patients as much information as possible and have made the LMC Law privacy notice additions available via the standard Kafico Links.

Finally, as a Kafico customer, you have had this message within your materials since you on boarded with our services which means that patients, to some extent, have already been informed;

"Sometimes we will be required by law to share your information and will not always be able to discuss this with you directly. Examples might be for the purposes of detection or prevention of crime, where it is in the wider public interest, to safeguard children or vulnerable adults, reporting infectious diseases or where required by court order."

What About Notifying Employees About Sharing Their Information?

Practices have also been advised to share the following message, via email with all staff;

"Coronavirus (COVID-19) pandemic and your information

We have an obligation to protect all our staff and employees' health. For this reason, it is reasonable for us to ask you to tell us if you are experiencing COVID-19 symptoms. In such circumstances we may need to collect specific health data about you. Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.

It is unlikely that the practice will be asked to share information with authorities about you specifically but if this is necessary then data protection law will allow us to do so."

Can We Re-Instate and Use the Consent Override / Break Glass Function within S1?

Yes, the National Data Guardian, Dame Fiona Caldicott has confirmed that this can be activated. She has indicated certain restrictions including engaging your DPO. Contact us with any queries. For more information see HERE.