Data protection, health care, and the new European directiveBMJ 1996; 312 doi: https://doi.org/10.1136/bmj.312.7025.197 (Published 27 January 1996) Cite this as: BMJ 1996;312:197
- M F Smith
- Professor of health informatics Keele University, Keele ST5 5AY
Extension of data protection to paper records is logical but problematic
Last summer a directive on data protection was agreed by the European Union's Council of Ministers and is now in force in all member states.1 Although it confirms the general principles already established by the United Kingdom's Data Protection Act of 1984,2 it has particular implications for health care information. It provides for the collection and processing of sensitive personal information for health care purposes and of epidemiological, public health, and scientific data for research. Its biggest impact, however, will be its extension of data protection to manually held records containing personal information.
The directive has to be implemented for computer based data systems within three years. The United Kingdom's effective Data Protection Act enforcement programme has ensured that health care computer based systems which have achieved compliance in Britain should have little difficulty complying with the directive. Like the existing act, the …