25/05/2018 - 14:20
Most HCPC registrants are aware of General Data Protection Regulation (GDPR) which came into effect on 25 May 2018.
Whilst the HCPC’s Standards of conduct, performance and ethics do not currently mention GDPR directly, they do say that registrants must keep up to date with and follow the law, our guidance and other requirements relevant to your practice.
They also state that registrants must:
We also produce online guidance for registrants on confidentiality. The main body of this guidance is still accurate and should be applied in your practice.
We are working to update Annex A, which outlines data protection principles under the Data Protection Act 1998 and we will be publishing an updated version, outlining data protection principles under the GDPR, in due course.
In the meantime, the Information Commissioner’s Office is the UK’s independent body set up to uphold information rights and are the authority on data protection issues. You can find general information about GDPR on their website, including a Data Protection Self-Assessment Toolkit.
Applying GDPR consent appropriately is only one aspect of your professional duty to make sure you have consent.
“You need to remember that patient consent for treatment or to share healthcare records is not the same as GDPR consent.”
- Information Commissioner’s Office, FAQs for small health sector bodies.