As many as 3,300 GP practices in England risk violating data protection laws if they sign up to changes in a data sharing agreement for childhood vaccination.
Changes to the Child Health Information Service (CHIS), used by general practitioners in the West Midlands, parts of London and the South West of England, may have rendered it non-compliant with the EU's General Data Protection Regulation (GDPR).
GPs offered to register to a new data extraction system, which feeds childhood vaccination and immunisation data into a centralised database, should wait until these concerns are addressed, the British Medical Association (BMA) said in a newsletter on Friday.
General Data Protection Regulation (GDPR) France issues Google with the heaviest GDPR fine to date GDPR news: GDPR turns six months old
The BMA told IT Pro the advice centres around concerns the new system does not meet the principle of 'data minimisation' outlined in GDPR and the Data Protection Act 2018.
According to data minimisation organisations, or data controllers must minimise data processing to an absolute minimum; that no more data is collected than is required to carry out the functions outlined.
"Having received legal advice, the GPs committee is concerned that practices using the new proposed extraction system to share childhood immunisation data may be placing themselves in breach of GDPR," said the BMA's GP committee chair Dr Richard Vautrey.
"We have now received assurances from the local commissioners of this service that no GP practice in the West and North Midlands will be asked to sign up to this process until the matter is resolved.
"Our advice when being approached to sign any new data sharing agreements pertaining to changes to the CHIS in England is that no GP practice should sign up to any new extraction system until our concerns have been addressed."
A CHIS is an NHS-commissioned service responsible for collating data from various organisations for all children aged 0 to 19 that fall under its remit, depending on which regions of the country are signed up to the system.
This data, ranging from a newborn blood spot to information about vaccinations, is extracted and merged into one single Child Health Record (CHR), according to Health Intelligence, the firm which developed the system.
Despite no involvement in the actual development of CHIS, GPs who nonetheless engage with the system risk violating data protection laws.
IT Pro approached Health Intelligence for a statement but had not received a response at the time of publication.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Tech leaders worry AI innovation is outpacing governanceNews Business execs have warned the current rate of AI innovation is outpacing governance practices.
-
Top data security trendsWhitepaper Must-have tools for your data security toolkit
-
SEC data breach rules branded “worryingly vague” by industry bodyNews The new rules announced last week leave many questions unanswered, according to security industry experts
-
The gratitude gapWhitepaper 2023 State of Recognition
-
Meta sues ‘data scraping for hire’ service that collected info on 600k usersNews Meta says tackling data scraping will require a “collective effort” from platforms and policymakers
-
Building a data governance strategy in 2023In-depth Data governance will continue to expand as attitudes change and businesses look to optimise the value of their data
-
FCC plans strict overhaul of 15-year-old US data breach regulationsNews Telcos could no longer be able to use negligence as a defence for data breaches as the FCC also seeks to hasten public notification of breaches
-
UK follows EU in securing data deal with South KoreaNews The deal will foster cross-border collaboration between businesses by reducing administrative and financial frictions
