Some GPs risk violating GDPR by signing up to changes in childhood health data sharing

The BMA warns changes to a system that collects immunisation data risks breaching the 'data minimisation' principle

A photo of a doctor with GDPR overlayed in the foreground

As many as 3,300 GP practices in England risk violating data protection laws if they sign up to changes in a data sharing agreement for childhood vaccination.

Changes to the Child Health Information Service (CHIS), used by general practitioners in the West Midlands, parts of London and the South West of England, may have rendered it non-compliant with the EU's General Data Protection Regulation (GDPR).

GPs offered to register to a new data extraction system, which feeds childhood vaccination and immunisation data into a centralised database, should wait until these concerns are addressed, the British Medical Association (BMA) said in a newsletter on Friday.

The BMA told IT Pro the advice centres around concerns the new system does not meet the principle of 'data minimisation' outlined in GDPR and the Data Protection Act 2018.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

According to data minimisation organisations, or data controllers must minimise data processing to an absolute minimum; that no more data is collected than is required to carry out the functions outlined.

"Having received legal advice, the GPs committee is concerned that practices using the new proposed extraction system to share childhood immunisation data may be placing themselves in breach of GDPR," said the BMA's GP committee chair Dr Richard Vautrey.

"We have now received assurances from the local commissioners of this service that no GP practice in the West and North Midlands will be asked to sign up to this process until the matter is resolved.

"Our advice when being approached to sign any new data sharing agreements pertaining to changes to the CHIS in England is that no GP practice should sign up to any new extraction system until our concerns have been addressed."

A CHIS is an NHS-commissioned service responsible for collating data from various organisations for all children aged 0 to 19 that fall under its remit, depending on which regions of the country are signed up to the system.

This data, ranging from a newborn blood spot to information about vaccinations, is extracted and merged into one single Child Health Record (CHR), according to Health Intelligence, the firm which developed the system.

Advertisement - Article continues below

Despite no involvement in the actual development of CHIS, GPs who nonetheless engage with the system risk violating data protection laws.

IT Pro approached Health Intelligence for a statement but had not received a response at the time of publication. 

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354577/data-protection-fines-hit-ps100m
General Data Protection Regulation (GDPR)

Data protection fines hit £100m during first 18 months of GDPR

20 Jan 2020