In a memo, to over 3,000 UK GP practices the BMA warns of a possible breach of the Data Protection Act due to a new childhood vaccination data system which shares data with the Child Health Information Service (CHIS).
The main issue apparently stems from the principle of data minimisation, which requires data controllers to only retain the minimum information needed, and no more.
In their memo, BMA states ‘We have received reports that LMCs in the West Midlands region have received communications from their local community trust with regard to changes to the process for electronic transfer of childhood vaccination and immunisations data from GP systems to the Child Health Information Service (CHIS).”
Having received legal advice they’re also concerned that practices using the new proposed extraction service and others like it may be placing themselves in breach of GDPR.
The new Data Protection Act, closely resembling the GDPR has since its implementation caused a lot of issues for GPs. Most notably stipping them of the option to charge a nominal fee for digging out patient information, leading to an increase in subject access requests (SARs).
BMA advice GPs not to sign up to any new CHIS extraction system until this issue is resolved.