Data protection and freedom of information

The law is only a catalyst for changing the culture in the NHS T he protection and use of confidential information about patients has had welcome priority in the government's thinking in recent years1–3 and becomes more important with the planned introduction of the new NHS care records service.4 The legal framework for the processing and use of personal information is set out in the Data Protection Act 1998, which makes provision for the protection of privacy and confidentiality of people's personal information.5 At the other end of the privacy spectrum, openness and accountability in the NHS have been given a boost with the implementation in January 2005 of the Freedom of Information Act 2000.6 Many members of the public and healthcare professionals are unclear about the details—perhaps even the existence—of both laws and what they mean in practice. The Freedom of Information Acts (Scotland's was passed in 2002) give people a general right of access to information held by or on behalf of public bodies, which include NHS trusts, primary care trusts, strategic and special health authorities, and others—general practitioners, dentists, opticians, and pharmacists—providing services under parts II or 28C of the NHS Act 1977. The act creates an obligation on these bodies to have a publication scheme …