How Will GDPR Affect Health and Social Care?

  • techUK techUK
    Tuesday12Sep 2017
    Meeting notes
    Member only download

    On Wednesday 6 September, techUK held an event to explore the issues on how GDPR will affect the Health and Social Care Industry.

Presentations from speakers are available to download below.

With the EU General Data Protection Regulation (GDPR) coming into effect on 25 May 2018, the countdown has begun. As the health and social care industry both generate and utilise vast quantities of data in their daily operations, the introduction of GDPR will be an incredibly important development. In order to explore some of the issues on how GDPR will affect the health and social care industry, techUK held an event where a fantastic line up of speakers presented to a packed room.

IMG-6731

Victorian Hordern (Hogan Lovells LLP) provided an overview of GDPR from a legal perspective. She explored the meaning of health data in the GDPR context saying the new broad definition of health data should come as no surprise and there will be greater rights for individuals to control their health data. When it comes to medical research, she explained there will be a more flexible compliance framework for health data used for scientific research purposes. She also highlighted that apart from explicit consent, lawful grounds for the use of health data will depend substantially on EU or member state law. Victoria also said that around 60 to 65 per cent of the GDPR is similar to the Data Protection Act (DPA) and so although GDPR is much longer and more detailed, if companies are compliant with the DPA the leap to GDPR compliance should not be too great.

IMG-6734

Steve Norledge (IBM) focused on the opportunities of GDPR to build the trust crucial to enable the digitisation of health services. He said there is huge potential for tech to transform the health and care industry but it will not be successful if citizens do not trust suppliers and providers of healthcare with their data. The value in GDPR could be to catalyse organisations to fix some of their operational limitations in order to gain a clearer view of personal data. This will enable better service delivery and result in better outcomes. Companies should also consider re-thinking their data relationship with customers to secure trust, transparency and confidence.

IMG-6739

Gary Smith (PhixFlow) addressed the practicalities of GDPR. He discussed how GDPR will mean changes and the most successful organisations will be those that embrace the need for change. Organisations should also consider what other benefits could be derived from these changes. The Subject Access Request (SAR) process was discussed, where individuals can request a copy of their information held by an organisation. The SAR process is important for all industries and there are many considerations for an organisation, including ensuring consistency in searches, keeping records consent, the need for audit trails, and the volume of requests. GDPR is an ongoing process and organisations need to change the way they think about data.

IMG-6743

David Evans (NHS Digital), discussed the implementation of GDPR and the impact it will have on the NHS. The NHS, along with other industries will have to embrace new changes when GDPR begins, this includes subtle changes to definitions, increased focus on accountability and the need to be able to demonstrate compliance with the law. He explained that transparency and trust come from getting the design right and are hugely important to ensure the NHS has the confidence of patients and citizens. He said the NHS, through the Information Governance Alliance will be publishing guidance that goes to the heart of where the health service needs to focus its attention. The NHS will face challenges and uncertainty along the way and, although perfection is not possible, the focus must be on doing the right thing to ensure transparency, accuracy and accountability.

The panel then opened the discussion to the audience. The discussion was wide-ranging and ranged from the readiness of the industry to predictions on what the regulatory authorities will do on 26 May 2018 once GDPR comes into effect. Panellists cautioned that although some organisations have embraced GDPR and have started to make the necessary changes, the industry as a whole is not ready. Organisations were encouraged not to wait for guidance but to ensure that their specific obligations under GDPR were understood and codified. One of the keys is transparency: being clear about what you are going to do with the data and why.


For more information on techUK’s Health and Social Care Programme and the Cloud, Data Analytics & AI Programme, please contact:


This content has download attachments that are only available to techUK member users. Login with your techUK account to view and download attachments.

If you would like to know more about membership please visit Become a member page to contact our membership team.

FROM SOCIAL MEDIA

Join @techUK and @its_uk_org to bring together transport and technology industry to better innovate for the future. https://t.co/39sdnRdCxX
Register now for our 'Future Gazing: Where Next for Local Government Tech?' on 12 Dec https://t.co/6kPsaTm5I6
Calling all SME’s, register today for #SnacksSips and find new business partners https://t.co/Tg4h7hFYUj
New study explores customer expectations around purchasing and installing connected home devices. Read our new repo… https://t.co/xk9kitATr6
Energy costs for #datacentres is a key concern which must be addressed in the upcoming Budget @G_Derringtonhttps://t.co/RLAEATiTN8
Join us on 12 Dec for 'Future Gazing: Where Next for Local Government Tech?' w/ @aylesburyvale @dominiccampbellhttps://t.co/qX6B2DbOwH
techUK’s Digital Ethics Summit partners inc @RoyalStatSoc , @wellcometrust, @royalsociety, @britac_news,… https://t.co/QaIakHHjgM
Congratulations to Ruth Milligan, Head of Financial Services and Payments @techUK for making it onto the @InnFin 20… https://t.co/3Kp1XT2xRb
. @techUK 's @craigmelson discusses the importance of the circular economy for manufacturers @New_Electronics https://t.co/IaqgZQf5ol
.@techUKdepCEO welcomes Gov's proposal to increase the number of visas for tech personnel post- #brexit but that al… https://t.co/cV3g95EpCc