Article Text

Download PDFPDF
The requirements of the Data Protection Act 1998 for the processing of medical data


The Data Protection Act 1998 presents a number of significant challenges to data controllers in the health sector. To assist data controllers in understanding their obligations under the act, the Information Commissioner has published guidance, The Use and Disclosure of Health Data, which is reproduced here. The guidance deals, among other things, with the steps that must be taken to obtain patient data fairly, the implied requirements of the act to use anonymised or psuedonymised data where possible, an exemption applicable principally to records based research, the right of patients to object to the processing of their data, and the interface of the act and the common law duty of confidence.

  • Data Protection Act 1998 (UK)
  • medical data

Statistics from

Request Permissions

If you wish to reuse any or all of this article please use the link below which will take you to the Copyright Clearance Center’s RightsLink service. You will be able to get a quick price and instant permission to reuse the content in many different ways.

Other content recommended for you