An unusual letter from King's College Hospital

[Timster]

Crossed with RosieH and Jane (because I am a slow writer)

[Ladymuck]

Because you write slowly - surely Timster. (As opposed to being a slow writer!);-)

[pk]

Timster Wrote:

-------------------------------------------------------

> I still think this is absurd.

>

> 1. The GMC guidelines relate to medical

> information (not names and addresses) and whether

> it should be passed on to third parties. I assume

> you wouldn't object if the hospital used your name

> and address to write to tell you'd dropped your

> credit card in an outpatient's waiting room.

> Nobody is passing the details of STD sufferers to

> condom manufacturers so they can include them in a

> direct marketing campaign.

>

> 2. The issue in this case is covered by Data

> Protection which again relates to passing on of

> information - not using YOUR name and address to

> write to YOU. I appreciate there may be a grey

> area here in that the charity is distinct from the

> trust but that strikes me as technicality.

>

> 3. No names and addresses are being passed on -

> the letters are being sent to people who already

> know they visited hospital. DulwichMum's point is

> only relevant (and I assume the letters only go to

> people 18 and over) if someone else opens your

> mail and I am afraid a hospital shouldn't have to

> factor in an adult's inability to protect his or

> hers own privacy. The battered mother who'd had a

> termination she hadn't told her partner about

> would be written to anyway by the hospital for

> medical reasons.

>

> 4. Nobody needs permission to write to you and

> that is why we all receive junk mail every day.

> If an organisation with your details writes to you

> and you don't want them to again, then you can

> request that they take your name off their mailing

> list. The same would apply to Kings.

>

> 5. So what if someone gives some money because

> they feel guilty. That's why I give money to

> charity. That's how charities survive. Do you

> honestly believe vulnerable people's livelihoods

> are threatened every time they receive a request

> for a charitable donation?

>

> Sorry for the bullet points.

>

> PS I am surprised no one has objected to the plan

> to put mugshots up in the A&E waiting room of

> every recent patient that has refused to make a

> donation.

although i think that we're broadly in the same camp, i don't think that quite a bit of the above is accurate about what you should and shouldn't do with personal data

[Timster]

It's broadly correct pk. (Out of interest, which bits do you think are wrong?)

[pk]

Timster Wrote:

-------------------------------------------------------

> It's broadly correct pk. (Out of interest, which

> bits do you think are wrong?)

i might be wrong as it's not really an area that i know everything about but i think:

2. the data protection act does not relate only to passing on information but to how data is used

and the charity being a different entity is more than a technicality

3. as such, names are being passed on - from the hospital to the charity

4. people should generally not send unsolicited mail to people without having collected appropriate consents

[DJKillaQueen]

That's absolutely right. Data protection protects type of use as well as confidentiality. There is definitely an issue with names and addresses being used for a different use without prior consent as far as I can see, from not only what the law says, but also the GMC's own guidelines on data protection.

[mycroft]

PK I'm sure tha the above points must have come up during negotiatons with the ICO, who's job it is to govern this.

My understanding was that the letter was from the hospital on behalf of the charity, so no data would have been transferred over to the charity.

If the ICO say that there are no issues with this, then we are just going to have to accept that there are no issues with this no matter how much people look fo them.

The ICO are the law as far as this type of thing goes.

[DJKillaQueen]

You misunderstand. The hospital itself has no right to use patients addresses for this mailout without their prior consent according to the GMC's own guidelines.

[mycroft]

Well...According to the ICO they do...I'm sure that the Hospital's Caldicott Officer would not have allowed the letter to go out if there had been any issues with the GMC guidelines.

[Timster]

> know everything about but i think:

>

> 2. the data protection act does not relate only to

> passing on information but to how data is used

> and the charity being a different entity is more

> than a technicality

>

> 3. as such, names are being passed on - from the

> hospital to the charity

>

> 4. people should generally not send unsolicited

> mail to people without having collected

> appropriate consents

2 and 3 you're right about but I still think it is a technicality and would be looked at in the overall context of whether patients could reasonably expect their data to be passed on to the charity.

4 is wrong - no consent is needed. you have the right to ask someone to stop sending you unsolicited mail, or when you hand over your personal data to request that they do not use it to send you mail, but there is no positive obligation on someone who stores and process personal data to obtain your consent before sending you unsolicited mail.

[pk]

DJKillaQueen Wrote:

-------------------------------------------------------

> That's absolutely right. Data protection protects

> type of use as well as confidentiality. There is

> definitely an issue with names and addresses being

> used for a different use without prior consent as

> far as I can see, from not only what the law says,

> but also the GMC's own guidelines on data

> protection.

but in these particular circumstances advice has been sought from lawyers and the office of the information commissioner so it seems likely that this mailing is compliant

as such, and in general, it strikes me as sensible activity that's trying to do something positive

[Timster]

And I am simply at a loss to understand how the GMC guidelines would be relevant to this scenario - I suggest DJKIllaQueen re-reads them carefully.

[pk]

mycroft Wrote:

-------------------------------------------------------

> PK I'm sure tha the above points must have come up

> during negotiatons with the ICO, who's job it is

> to govern this.

>

i agree (and always have)

[DJKillaQueen]

Even the ICO's own website states that a person must consent to way their information is processed so I think there are grounds for a challenge here. The information held on patients in fact has even tougher requirements because of the sensitive nature of some of that information. I'd like to see proof that the ICO sanctioned this process of sourcing patients addresses for a mailing list not related to their treatment, and the grounds by which it did so because there is nothing on their own website that disagrees with anything I've pointed out in relation to the law so far. The ICO are NOT the law by the way...they are a body that seeks to uphold the law....which is why they can be challenged if they get it wrong.

[Timster]

DJKillaQueen Wrote:

-------------------------------------------------------

> Even the ICO's own website states that a person

> must consent to way their information is processed

> so I think there are grounds for a challenge here.

> The information held on patients in fact has even

> tougher requirements because of the sensitive

> nature of some of that information. I'd like to

> see proof that the ICO sanctioned this process of

> sourcing patients addresses for a mailing list not

> related to their treatment, and the grounds by

> which it did so because there is nothing on their

> own website that disagrees with anything I've

> pointed out in relation to the law so far. The ICO

> are NOT the law by the way...they are a body that

> seeks to uphold the law....which is why they can

> be challenged if they get it wrong.

Why would you want to do this???? What would it achieve??? Stop King's from raising money?

I want to see what part of the GMC guidelines this breached.

[mycroft]

Yes DJ, that does seem a rather odd thing to want to do, especially when you didn't even receive a letter.

[Timster]

Do you raise these objections to every company that mailshots you? Some of them might be in breach of data protection?

Why is King's being singled out for this treatment?

[Jeremy]

If anyone received a letter and found it inappropriate, I suggest they reply asking to be removed from the fundraising mailing list.

Other people... suggest you mind your own business and stop trying to drag King's through the dirt. I think your behaviour is absolutely disgraceful.

[SeanMacGabhann]

the key question, as others have raised is WHY? Why would you want to challenge this? As I've said even if you had the time and inclination and won, (which you wouldn't), yuo would have achieved precisely nothing. Worse than nothing

[Timster]

And sorry to harp on about this but if you give someone your address, that person doesn't need to then obtain your consent to write to you, because it's self-evident that is what they will use your address for. It would be impossible for business to function at all if DJ was right. That's why the ICO website talks about people having the right to object to direct marketing etc - not businesses having to obtain consent to direct market to you.

[DJKillaQueen]

I've just looked at the ICO register. All bodies are required to register the way they process information by law with the ICO (there are some exemptions that aren't relevant here). There is one catagory for fundraising (purpose 8) but patients are not listed as a source for data. In other words the Hospital have NOT disclosed the use of patient data it seems in relation to fundraising related activities.

You can view the Kings register enties here.

Kings have disclosed the use of patient details for medically related activities for the following purposes - Health Administration and Services (purpose 3)/ Research (purpose 4)/ Public Health (purpose 6) and Administration of Membership Records (purpose 7).

So I really would like to see evidence now to the claim that the ICO have sanctioned the use of patient data as debated above.

[mycroft]

Why? To what end?

[DJKillaQueen]

All that has to be done is to obtain consent from patients before adding them to a mail-shot list....problem sorted. I think people should be able to opt out of junk mail in the same way they can with virtually every other service provider.

And I am not singling out Kings...I am simply taking part in a discussion about the law and the data protection act....doesn't matter who the subject of the discussion is.....the law applies to everyone.......that's all it is...an exploration of the law. And after all...that's what happens on forums...debate.

[*Bob*]

This morning, I received a letter from a man called Mike.

He is offering to clean my carpets - for half price. After a long talk with my girlfriend - and some heated conversations with friends and family - we have agreed to put his letter into the blue recycling bag.

I'm just 'putting this out there' in case anyone else is currently working themselves into a similarly pointless lather by way of a clipboard, hi-vis jacket, biro and google-powered deconstruction of privacy law - to no particular useful end whatsoever.

[SeanMacGabhann]

This is getting a bit scary now

Actually it has been for a while