GP practices: good overall compliance with Data Protection Act, but still areas to improve on

A report published by the Information Commissioner’s Office (ICO) today has highlighted the positive approaches GP practices are adopting to look after people’s data.

  • Wednesday, 29th January 2014 Posted 10 years ago in by Phil Alsop

The report summarises 24 advisory visits undertaken by the ICO at GP surgeries across England in the past year. The visits found surgeries tended to have good data protection policies and awareness of issues, including the need for adequate security and patient confidentiality. Practices also tended to have procedures in place around the practical aspects of data handling, including disposal of confidential papers.


But there are also areas highlighted in the report where improvements can be made. The advisory visits found some surgeries didn’t fully appreciate the need to report data breaches, and could make improvements to the way they inform patients about how their information will be used. Improvements were also suggested around faxing and the risks posed by unrestricted internet access.


Almost all of the surgeries had significant volumes of paper records that take up considerable space, highlighting the need for careful management of patient records on an ongoing basis.


Announcing the publication of the report Lee Taylor, ICO Team Manager in the Good Practice team, said:  “The NHS processes some of the most sensitive personal information available and data breaches at GP surgeries can have significant repercussions for the individuals affected. But we were broadly pleased with what we saw during the advisory visits. Having the right policies and procedures in place is the backbone to good data protection and the GP practices we visited tended to have these.


“The findings are particularly important as the NHS has been undergoing a period of considerable change. We hope GP surgeries use this report to review their procedures for handling personal information at their own practice; this can only be good news for patients.”


The advisory visits were carried out between April and November 2013. The visits are a free service provided by the ICO for volunteers, and involve data protection experts visiting practices for around half a day. The visits to GPs were promoted with the support of the British Medical Association (BMA).