outsourcing GP appointments to India: is this legal under DPA?

Mary Hawking maryhawking at tigers.demon.co.uk
Fri Jan 21 08:12:00 GMT 2011

Mary Hawking
-----Original Message-----
From: Francis Davey [mailto:fjmd1a at gmail.com] 

> Re outsourcing medical data to India; it has been done routinely for a
> decade at least, and for material that is far more sensitive than
> appointments. Several specialist companies have been set up to do it, and
> AFAIK are flourishing.

Doesn't mean its lawful. There have been quite a number of judgments
which found that widespread and common practice was illegal - a good
example being local authority interest rate swap agreements.

GPs are always being reminded of the importance of confidentiality and
observing the Data Protection Act - which forbids the export of personally
identifiable data to countries outside the EU with data protection laws
which do not match EU standards.
Both India and the USA fall into this category.
True, there have been companies doing typing of medical letters in India for
some time ("it isn't identifiable if there is no name or NHS number
attached") but that does not make it legal.
It is really disturbing when the NHS tries to force this illegality on the
NHS via the NHS Shared Business Services - and I have no doubt that GP
Consortia - if not GP practices themselves - will be effectively forced to
use these services for back-office functions on grounds of economy.

Assuming I am right in this, where will legal liability for the possible
breach of confidentiality and the breach of Data Protection regulations lie?

Mary Hawking

Francis Davey

More information about the ukcrypto mailing list