19 March 2020
In common with every business, organisation and individual, Exigia Ltd. is now operating under coronavirus restrictions. These are difficult times with many aspects of daily life being radically affected. We just have to cope and adapt as best we can. Here at Exigia, we have been hoarding knowledge, expertise, common sense and attention to detail for years and so we have plenty in stock to tide us over. Black humour aside, we are also keeping up to date with news and developments in our field in order to assist our clients wherever possible. We have always conducted most of your business 'remotely'; largely by email, phone and increasingly via this website and the internet. This has put us in an excellent position to maintain our operations for 'the duration'. So, until further notice, it is business as usual except that:
- We won't be making any client visits or otherwise meeting our clients face to face
- We will use an even wider range of technologies to communicate with our clients and fit in with their practices wherever possible
- We will inform clients of changes in the delivery of our services via the usual channels and by posting notices here - on the home page of our website
We wish all our clients well and hope that they will weather the storm unscathed, if not unaffected. For our part, we will do our best to provide as much help as possible.
04 April 2020
The Government has published National Data Guardian, Dame Fiona Caldicott's statement on the use of data during the current crisis.
The full text is quite long, but here are a some of extracts that may be of interest to those working in the health and care sector.
"Information sharing must be done differently to support the fight against COVID-19 and to protect citizens compared to ordinary times. Information may need to be shared more quickly and widely across organisations than normal, or different types of information may need to be collected and used...
... The National Data-Opt Out has an exemption built in which means that it does not apply when there is an overriding public interest in the use of data, such as there is now. The GDPR has provisions to allow personal data to be used appropriately and lawfully at such a time. The Information Commissioner has clearly announced that data protection concerns should not stand in the way of appropriate information sharing; a statement which I fully endorsed...
... It is with gratitude that in the thick of everything I have still heard colleagues cite the importance of protecting confidentiality. Practical steps are also being taken to ensure that trust is not undermined. For example, my panel and I have been pleased this week to support NHSX with the drafting of a template privacy notice, which will be sent out to NHS organisations next week to support them to tell patients and service users about what might be different in the handling of their health and care data during the outbreak. It is heartening to note that even at this unprecedented crisis, trust and confidentiality still matter."
01 April 2020
The Government today issued four notices under the Health Service Control of Patient Information Regulations 2002 requiring certain organisations to process information.
The organisations affected are:
- NHS Digital
- NHS England and NHS Improvement
- Health organisations
- Arm’s length bodies
- Local authorities
These notices require that data is shared for purposes of coronavirus (COVID-19), and give health organisations and local authorities the security and confidence to share the data they need to respond to coronavirus (COVID-19).
For patients, this means that their data may be shared with organisations involved in the response to coronavirus (COVID-19), for example, enabling notification to members of the public most at risk and advising them to self-isolate.
These notices will be reviewed on or before 30 September 2020 and may be extended by further notice in writing. If no further notice is sent, they will expire on 30 September 2020.
In its covering press release, the Government stated
"... the health and care system is facing an unprecedented challenge and we want to ensure that health organisations, arm’s length bodies and local authorities are able to process and share the data they need to respond to coronavirus (COVID-19), for example by treating and caring for patients and those at risk, managing the service and identifying patterns and risks.
Compliance with data protection standards Data controllers are still required to comply with relevant and appropriate data protection standards and to ensure within reason that they operate within statutory and regulatory boundaries.
The General Data Protection Regulations (GDPR) allow health data to be used as long as one or more of the conditions under articles 6 and 9 are met. There are conditions under both articles that can be relied on for the sharing of health and care data, including ‘the care and treatment of patients’ and ‘public health’.
We would expect any organisation to share information within legal requirements set out under GDPR."