The Data Protection Act 1998 requires anyone who handles personal data to abide by eight principles when doing so, whether the data is held manually, i.e. on paper records, or stored on computer. Optometrists and dispensing opticians who use computers in their practices are required to notify the Information Commissioner’s Office, because they are processing personal data for the purposes of health administration and services. (Notification is also required where records such as fundus photographs and the results of field tests are stored digitally.) There is a further requirement, in some circumstances, for people use CCTV to notify the Information Commission.
The Act also gives individuals rights over their personal information.
The Act requires the data subject’s consent to the processing of “sensitive personal data”, which includes medical records. The patient’s consent will be implied with regard to (1) making a record of the consultation, and (2) keeping the patient’s records. Where an optometrist tells the patient that s/he wishes to send the patient’s records to the patient’s doctor for referral or other medical purposes, and the patient does not object, the patient implies consent to passing the records on to the third party.
If a patient does not consent to 1 and 2, you should refuse to undertake the consultation as you are required to keep records of your consultations. If the patient does not consent to passing information about them on to a doctor or other medical professional, then you may not do so.
More detailed information about responsibilities of those handling personal data, notification and the right of individuals (“data subjects”) is available on the Information Commissioner’s website.
Website: www.ico.gov.uk (Information Commissioner’s Office)
Website: www.ico.gov.uk (Information Commissioner’s Office)
[December 2007.]
