My apologies for my poor grammar. The forum is not a "HIFA and UN forum". [*see note below]
The forum is an UN forum to which a group of HIFA followers are presenting. However it is an opportunity for UNWDF delegates to hear HIFA views and for UNWDF delegates to hear and perhaps adopt HIFA views - especially the public and civil society's requirements for simple, clear, transparent and open information sharing about how their personal health data is processed. 1
Citizens need information about their "confidential" *** 2 personal health data processing. Who processes the data? Who can see it? and who can use the data? What are the financial contracts for processing the data, including costs? Who has actually seen their personal health data (audit trails exist in digital notes for provenance and governance reasons) and what is the actual content of the data that is being controlled, processed and shared? Who is controlling their personal health data? What are data
controllers, data processing, data subjects. data?
Here is a little background on persona health data processing for any one considering listening to any of the live UNWDF workshops:
(*** 1 General Data Protection Regulation (GDPR) – Official Legal Text (gdpr-info.eu) <https://gdpr-info.eu/>
“Key issues are - consent - right of access - right to be forgotten - right to be informed -
1. This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.
2. This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.
3. The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.
“A data subject means any identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“Personal data” means any information relating to an identified or identifiable natural person.
“‘Processing”’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Data controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
“Data processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
*** 2 Confidentiality: good practice in handling patient information - ethical guidance - GMC (gmc-uk.org)
Wikipedia - Breach of confidence in English law[edit]
Main article: Breach of confidence in English law
The "three traditional requirements of the cause of action for breach of confidence"[3]: [19] were identified by Megarry J in Coco v A N Clark (Engineers) Ltd (1968) in the following terms:[4]
In my judgment, three elements are normally required if, apart from contract, a case of breach of confidence is to succeed. First, the information itself, in the words of Lord Greene, M.R. in the Saltman case on page 215, must "have the necessary quality of confidence about it." Secondly, that information must have been imparted in circumstances importing an obligation of confidence. Thirdly, there must be an unauthorised use of that information to the detriment of the party communicating it.
The 1896 case featuring the royal accoucheur Dr William Smoult Playfair showed the difference between lay and medical views. Playfair was consulted by Linda Kitson; he ascertained that she had been pregnant while separated from her husband. He informed his wife, a relative of Kitson's, in order that she protect herself and their daughters from moral contagion. Kitson sued, and the case gained public notoriety, with huge damages awarded against the doctor.[5]
HIFA profile: Richard Fitton is a retired family doctor - GP. Professional interests: Health literacy, patient partnership of trust and implementation of healthcare with professionals, family and public involvement in the prevention of modern lifestyle diseases, patients using access to professional records to overcome confidentiality barriers to care, patients as part of the policing of the use of their patient data Email address: richardpeterfitton7 AT gmail.com
[*Note from HIFA moderator (NPW): Thanks Richard. I think it was I who named this thread "HIFA & United Nations World Data Forum, Hangzhou, China, 24-27 April 2023". The intention was to draw attention to HIFA's engagement with the Forum, as was clear in the content, but I can see how the subject line might have been open to misinterpretation if read alone. It would have been clearer to say "HIFA at..." This engagement is of great interest to all of us and we thank Richard and others for promoting the HIFA vision in Hangzhou. I have sent Richard HIFA flyers and look forward to welcoming many new members over the coming weeks.]
