THE PATIENT’S
RIGHT TO PRIVACY and THE NEED TO REPORT SUSPICIONS OF CHILD SEX ABUSE.
The right to
privacy is contained in the European Convention on Human Rights which was fully
incorporated into UK with the Human Rights Act (1998) . Questions of the
balance between one right and another is normally decided in the lower courts,
but disputes can go to the Supreme Court in London if the point in law is
serious. Even if the Supreme Court makes a decision which one side does not
agree with, the case can go to the European Court of Human Rights (ECHR) in
Strasbourg as a petition to the Court. That Court’s decision is final. Things
do not normally get as far as that.
Article 8 of the
ECHR is the primary source of the right to privacy. It reads:
1. Everyone has the right to respect for his private and family life, his home
and his correspondence.
2. There shall be no interference by a public authority with the exercise of
this right except such as is in accordance with the law and is necessary in a
democratic society in the interests of national security, public safety or the
economic well-being of the country, for the prevention of disorder or crime, for
the protection of health or morals, or for the protection of the rights and
freedoms of others.
Article 8 clearly provides a right to be free of unlawful searches, such as you
may be encountering. It is often quoted as being a protection for "private and
family life".
Most articles of the ECHR stop the State from interfering with people’s rights,
Article 8 is different – in that it also has positive obligations. This means
that the State must be active and do something in order to protect people from
suffering a violation of article 8. For example, the State must interfere in
order to enforce access for a divorced father to his child.
This last point may be of importance in this argument, for disclosing records
may not only infringe a patients’ rights under Article 8, but also the
clinician’s right to privacy. It may be argued that the State must ensure that
such cannot happen.
There are no doubt many cases which centre on the balance between the right to
privacy and the other needs or rights. The case that many recall is a rather
unsavory one, but perhaps it demonstrates the principle. This is Mosley v
News Group Newspapers [2008] In
this case, Max Mosley took on the News of the World. They had exposed his
participation in a Nazi-themed sadomasochistic sex act with several female
prostitutes. One of the women took a video of the incident and sold it to the
News of the World, who then published it. Mosley objected, citing article 8 and
won. He was awarded something like £60,000.
Article 8 insists that no government can ban homosexual acts in private. This
principle extends to what Mosley did. It may be disreputable, even outrageous,
but in private it is lawful. Investigation to learn the truth about the incident
would also require serious evidence in order to be lawful.
The taking of
notes and forming a record by a clinician is perfectly lawful and , if such is
agreed, is private.
However, with
Child Sex Abuse there are other articles of the ECHR to take into account.
Article 8 actually includes: “in
the interests of national security, public safety or the economic well-being of
the country, for the prevention of disorder or crime, for the protection of
health or morals, or for the protection of the rights and freedoms of others.”
This brings
another article to mind. Article 5.
“Everyone has the right to liberty and security of person. Liberty and security
of the person are taken as a "compound" concept – security of the person has not
been subject to separate interpretation by the Court.” The
right to liberty is subject only to lawful arrest or detention under certain
circumstances, such as arrest on reasonable suspicion of a crime or imprisonment
in fulfillment of a sentence.
Bearing in mind “the prevention of disorder or crime, for the protection of
health or morals,” (part of article 8) , “Reasonable suspicion of
a crime” ( Article 5) might mean that investigation of the potential of a
crime having been committed is allowed, indeed encouraged, as a consequence of
article 8 and a proactive element of article 5. In
other words, protection of the liberty of the individual may require the
investigation of potential threats from others to that person’s liberty –
because such investigations would be a part of “the prevention of disorder or
crime, for the protection of health or morals”. The
question would be – which is the more important article in such an argument –
eight or five? Is ensuring the security and liberty of a child more important
than ensuring that the privacy of a confidential relationship with a paedophile
or other child sex offender is preserved?
That would be for the Court to decide. But
then, there is article 34. This sets out
criteria for the admissibility of individual applications to the European Court
of Human Rights in Strasbourg. It seeks to ensure that the right to lodge
individual applications can be exercised freely. This
may not seem relevant – until one considers the implications. The
entire article 34 reads:
“The Court may receive applications from any
person, non-governmental organisation or group of individuals claiming to be the
victim of a violation by one of the High Contracting Parties of the rights set
forth in the Convention or the protocols thereto. The High Contracting Parties
undertake not to hinder in any way the effective exercise of this right. “
and it is the last part of this that may be of importance here. The
UK is one of the “High Contracting Parties” to the ECHR. It therefore has
undertaken not to hinder ( in any way) the effective exercise of the right to
claim a violation of a person’s rights. In
other words, the UK cannot introduce a law, a blanket regulation or rule either
by governmental means, or through one of its agencies, which might hinder
someone claiming their right to privacy, not only in Strasbourg, but in the UK
Supreme Court, and down through the courts to the magistrates court around the
corner.
Each case would need to be decided on its merits. To
put it another way - the NHS, being a Government agency, cannot introduce a
regulation or rule which might stop someone claiming the right to privacy. The
NHS therefore has no right to intrude into such confidentiality without
reasonable cause – which involves debate or discussion (and agreement) of the
reasons why such intrusion should take place. There can be no blanket rule that
intrudes into the privacy of the confidential arrangement between clinician and
patient. In
simple terms, the NHS could not have a man standing on the door of the hospital
who told all patients who entered “ you can only come in for treatment if you
allow the NHS to tell the newspapers, TV or whoever, everything about you that
is learned here”. Such a rule would potentially hinder the person’s right to
petition the courts concerning a breech of article 8.
Worse would be if such a NHS manager told patients “Come in – everything that
happens here is completely confidential – unless we decide differently”.
Moreover, because of the proactive aspect of Article 8, the NHS must ensure that
such intrusion should be hampered, even ruled out, by rules and regulations to
ensure that there is no blanket breech in any way. In
other words, the NHS must ensure that each case shall be decided on its merits.
In general, they would have to show “reasonable cause”. It
is questionable therefore if the NHS management can simply demand that a
clinician hand over all the files on a patient without first showing “just
cause”.
Management cannot walk into a clinician’s office and take such files. They may
claim that they own the files – but it is not their right to privacy that
is being violated in such an incident, it the right of the patient and the
clinician that is being violated.
They may claim that they are instructed by government – perhaps most notably by
the Children Act, to report any suspicions of child sex abuse – and pursue such
investigations as they see fit. This would not give them a prima facie right to
violate the patient’s right to privacy - a court would need to balance the right
under article 8 against other rights that the NHS might claim to support their
actions. Indeed the government should have instituted rules or regulations to
ensure that privacy is not invaded randomly and without reasonable cause.
If
lawyers find the above somewhat tenuous and even obscure, then they need only
refer to the The General Data Protection Regulation (GDPR) which is enforceable
fro May 25th 2018.
The DP Bill will become law when enacted as the Data Protection Act 2017. It
will explicitly bring provisions of the GDPR in to UK law and establish
continuity of the GDPR in the UK post Brexit. The Act will legislate in areas
where the GDPR allows flexibility at national level. It will also introduce
legislation on processing for law enforcement purposes (in support of the EU Law
Enforcement Directive) and by the intelligence services, and make provision for
the Information Commissioner (the UK regulator).
·
The
GDPR introduces a duty on all organisations to report certain types of personal
data breach to the relevant supervisory authority. You must do this within 72
hours of becoming aware of the breach, where feasible.
·
If the
breach is likely to result in a high risk of adversely affecting individuals’
rights and freedoms, you must also inform those individuals without undue delay.
·
You
should ensure you have robust breach detection, investigation and internal
reporting procedures in place. This will facilitate decision-making about
whether or not you need to notify the relevant supervisory authority and the
affected individuals.
·
You
must also keep a record of any personal data breaches, regardless of whether you
are required to notify.
·
You
are likely to be able to rely on vital interests as your lawful basis if you
need to process the personal data to protect someone’s life.
·
The
processing must be necessary. If you can reasonably protect the person’s vital
interests in another less intrusive way, this basis will not apply.
·
You
cannot rely on vital interests for health data or other special category data if
the individual is capable of giving consent, even if they refuse their consent.
·
You
should consider whether you are likely to rely on this basis, and if so document
the circumstances where it will be relevant and ensure you can justify your
reasoning. to
come into effect (EU)
2016/679 is a
regulation in
EU law on
data protection and privacy for all
individuals within the
European Union. It addresses the
export of personal data outside the EU. The GDPR aims primarily to give control
back to citizens and residents over their personal data and to simplify the
regulatory environment for
international business by unifying the
regulation within the EU.[1]
When the GDPR takes effect, it will replace the 1995 Data Protection Directive (Directive
95/46/EC).[2] It
was adopted on 27 April 2016. It becomes enforceable from 25 May 2018[3],
after a two-year transition period.
Unlike a
directive, it does not require
national governments to pass any enabling legislation and so it is directly
binding and applicable.[4]
We
cannot retain your information on your computer without your express consent.
Everyone has to opt in.
Ther
eis a duty on the NHS to treat all those who require treatment.
Consent requires a
positive opt-in. Don’t use pre-ticked boxes or anyother method of consent by
default.
•Explicit consent
requires a very clear and specific statement of consent.
•Keep your consent
requests separate from other terms and conditions.
•Be specific and
granular. Vague or blanket consent is not enough.
•Be clear and
concise.
•Name any third
parties who will rely on the consent.
•Make it easy for
people to withdraw consent and tell them how.
Remember – you don’t
always need consent. If consent is too difficult, look at whether another lawful
basis is more appropriate.
This may apply when it is thought that a crime may be or have been committed –
such as the sexual abuse of a child.
< |