Health minister Lord Warner wrote a furious response to the Guardian's article on the NHS database privacy disaster. Unfortunately he repeated some of the government's mistakes on European privacy law. My colleague Douwe Korff, a professor of international law, wrote the following reply:
In his "response" in today's Guardian ("This medical database does not herald a Big Brother society"), Lord Warner makes several claims about the security of the proposed NHS database which are dubious, but which I will leave to others to address. However, he also makes a further worrying statement:
He says, in one breath, that on the one hand, "The NHS does not permit any external access to its patient records unless this is explicitly required by law" and that "The police have no powers to require access to patients' NHS records" - but then goes on to say that "In the absence of a legal requirement the NHS may, and indeed should disclose patient information ... in relation to serious crimes".
Note the "in the absence of a legal requirement" — what does this mean? That the NHS provides medical information to the police even without a warrant, i.e. when it is not "explicitly required by law", at their (the NHS') discretion, if they (the NHS) are convinced the crime is serious enough? Surely, if ever there was an area in which data should ONLY be disclosed if there is a legal requirement to do so &mdash i.e. if the police obtain a warrant to produce the evidence — this is it!
Yours sincerely -
Professor of International Law
London Metropolitan University
Department of Law, Governance
& International Relations