The Medical and Health Sector


The Data Protection Rules in Practice


The confidentiality of patient records forms part of the ancient Hippocratic oath, and is central to the ethical tradition of medicine and health care. This tradition of confidentiality is in line with the requirements of the Data Protection Acts 1988 & 2003, under which personal data must be obtained for a specified purpose, and must not be disclosed to any third party except in a manner compatible with that purpose.


Given the immense sensitivity of health-related information, it is imperative that professionals in this sector be clear about their use of personal data. The questions and answers set out below shed some light on the considerations for this sector. The issues raised in this section are dealt with in a general fashion. The Data Protection Commmissioner recognises that it would be preferable for comprehensive and carefully thought-through guidelines to be designed by the appropriate representative bodies in this sector, by way of statutory codes of practice.



I am a general practitioner: can my locum access my patient records?


Yes. The Data Protection Commissioner’s view is that making clinical patient records available to a locum doctor, so that the locum may provide medical care to patients, is compatible with the purpose for which the GP keeps the patient record.


Should my secretary or office manager be allowed access to my patient records?


Yes, although only to the extent necessary to enable the secretary or manager to perform their functions. Non-medical professionals should have no need to access clinical material or medical notes, as distinct from administrative details (such as patients' names and addresses). The patient is entitled to an assurance that their medical information will be treated on a need-to-know basis.


Do I need to obtain patients’ explicit permission before storing their medical details?


As a general rule, no. The Commissioner’s view is that the patient’s consent for the storage and use of their personal data is implicit in the fact that they come to you, as a medical professional, for help. However, it is good practice to inform people that you will keep their details, and to inform them of what use will be made of their data. Section 2(b)(vii) allows for the processing of sensitive data for medical purposes by health professionals.  In addition, you will need to obtain clear consent for some uses of personal data which might not be obvious to the patient (see below), and be for a non-medical purpose.


Can I pass patient details on to another health professional for clinical purposes?


If you are passing patient data on to a person or body acting in an agency capacity for you - such as a clinical laboratory - then this is not a "disclosure" under the Data Protection Act, and the Commissioner does not insist on specific patient consent in such cases. However, you should inform the patient in advance that their data will be used in this way.


If you are passing the patient data to another health professional for guidance and advice on clinical issues, the patient data should be kept anonymous. If you wish to pass on the full patient data, including identifying details, you will need the consent of the patient in advance, except in cases of urgent need.


Can I pass patient data to the Health Boards or other bodies for administrative purposes?


You can pass on anonymised or aggregate data, from which individual patients cannot be identified. Ideally, you should inform patients in advance of such uses of their personal data.


What if I need to disclose patient data, and I don't have the time to obtain consent?


If patient details are urgently needed to prevent injury or other damage to the health of a person, then you may disclose the details. Section 8(d) of the Acts makes special provision for such disclosures. However, if the reason for the disclosure is not urgent, then you will need to obtain consent in advance.





Office Premises
Synergy House
10, Oakview Drive
Dublin 15

Contact Info

Tel: +353 (0)1 8215189
Mobile: +353 (0)87 2326927

Find Us