Data protection and the Healthcare Quality, Complaints and Disputes Act

Duty of confidentiality

Staff members involved in a complaints procedure or notification have a duty of confidentiality. They may only share information with other parties if the patient has given their express permission.

Decisions by the complaints commission

If the patient and care provider cannot reach a solution on their own, the patient can submit the complaint to an independent complaints commission. Every care provider must be linked to a complaints commission. The complaints commission's decisions are binding. These decisions must be published in a way that does not reveal the identities of the parties involved. This applies to both the care provider and the patient in question.

Public Prosecution Service has limited access to data on incidents

All care providers must ensure that their employees can safely report carelessness and incidents involving patient safety within their organisations. Only authorised employees are allowed to see this data, and use it to improve patient safety in healthcare. No one else has access to it except, in exceptional cases, the Public Prosecution Service.

The public prosecutor may only see the data if there is a reasonable suspicion that the data concerns a serious criminal offence, such as murder or manslaughter, and this information cannot be gotten in any other way. The public prosecutor must follow a due diligence procedure in order to obtain access to the data. It also needs to obtain permission from the examining magistrate.