More than 3,000 GPs are at risk of breaching data protection laws if they sign up to a new way of sharing childhood vaccination data, the BMA has warned.
The new extraction system, which shares immunisation data between GP systems and the Child Health Information Service (CHIS), could be sharing more data than the law allows.
The new system uses a process that copies, transfers and stores the whole GP database, rather than the minimal data required to update vaccinations data.
Under the principle of data minimisation a system is only required to hold the minimum amount of personal information to complete the task it was designed for.
According to a memo from the BMA some 3,300 GP practices could be affected, including the West Midlands, London and the southwest regions.
GPs have been warned not to sign up to any new CHIS extraction system until the matter is resolved.
A BMA spokesperson told Digital Health: “The system in question uses a process whereby the whole GP database is copied, transferred and stored, rather than just the limited information needed to update childhood vaccination and immunisations data on CHIS.
“Based on legal advice, we believe the main risk is that practices may breach GDPR by not meeting the principle of ‘data minimisation’ which requires data controllers to carry out the minimum processing necessary.
“Practices should ensure that any new proposals meet GDPR requirements and if they have any doubts they should contact their Local Medical Committee (LMC), the BMA or their data protection officer.”
It comes after the new GP contract called for Clinical Commissioning Groups to ensure GP practices have access to a Data Protection Officer (DPO) in addition to their existing data services.
In the memo to GPs the BMA said: “We have received reports that local medical committees (LMCs) in the West Midlands region have received communications from their local community trust with regard to changes to the process for electronic transfer of childhood vaccination and immunisations data from GP systems to the CHIS.
“Our advice when being approached to sign any new data sharing agreements pertaining to changes to the CHIS in England is that no GP practice should sign up to any new extraction system until our concerns have been addressed.”
Share this post if you enjoyed! 🙂