In this document I will be discussing the various legal & ethical issues used by the NHS. I will be covering how and why they use these issues to their advantage to help secure a safer environment in the NHS. This document will contain Acts, laws and various ethical issues such as whistle blowing.
Data protection act - The Data Protection Act controls how your personal information is used by organisations, businesses or the government. Everyone responsible for using data has to follow strict rules called ‘data protection principles’. They must make sure the information is: used fairly and lawfully used for limited, specifically stated purposes used in a way that is adequate, relevant and not excessive accurate kept for no longer than is absolutely necessary handled according to people’s data protection rights kept safe and secure not transferred outside the UK without adequate protection
There is stronger legal protection for more sensitive information, such as: ethnic background political opinions religious beliefs health sexual health criminal records
NHS England needs to collect personal information about people with whom it deals in order to carry out its business and provide its services. Such people include patients, employees (present, past and prospective), suppliers and other business contacts. The information includes name, address, email address, data of birth, private and confidential information, sensitive information. In addition, they may occasionally be required to collect and use certain types of such personal information to comply with the requirements of the law. No matter how it is collected, recorded and used (e.g. on a computer or on paper) this personal information must be dealt with properly to ensure compliance with the Data Protection Act 1998 (the Act). NHS England fully supports and complies with the eight principles of the Act which are summarised below:
Personal data shall be processed fairly and lawfully.
Personal data shall be obtained/processed for specific lawful purposes.
Personal data held must be adequate, relevant and not excessive.
Personal data must be accurate and kept up to date.
Personal data shall not be kept for longer than necessary.
Personal data shall be processed in accordance with rights of data subjects.
Personal data must be kept secure.
Personal data shall not be transferred outside the European Economic Area (EEA) unless there is adequate protection.
Computer Misuse Act 1990
This Act makes it a criminal offence to access any part of a computer system, programs and/or data that a user is not entitled to access. Each organisation will issue an individual user id and password which will only be known by the individual they relate to and must not be divulged/misused by other staff. This is to protect the employee from the likelihood of their inadvertently contravening this Act.
Each organisation will adhere to the requirements of the Computer Misuse Act 1990 by ensuring staff are made aware of their responsibilities regarding the misuse of computers for personal gain or other fraudulent activities. Any member of staff found to have contravened this Act will be considered to have committed a disciplinary offence and be dealt with accordingly.
The Access to Health Records 1990
This Act gives patient’s representatives right of access to their manually held health records, in respect of information recorded on or after 1 November 1991. This Act is only applicable for access to deceased person’s records. All other requests for access to information by living individuals are provided under the access provisions of the Data Protection Act 1998.
Access to Medical Reports Act 1988
This Act allows those who have had a medical report produced for the purposes of employment and/or insurance to obtain a copy of the content of the report prior to it being disclosed to any potential employer and/or prospective insurance company.
The NHS as