The Health Information & Quality Authority (HIQA) recently published their Standards for Health Identifier Operators which will form the basis for the implementation of Health Identifiers in the Irish Health Service.
Since then, the European Court of Justice has issued two cases with potentially significant implications for the data privacy governance of Health Identifiers, and the EU Data Protection Supervisor has issued an Opinion on Ethics in Big Data which also raises issues to be considered in the context of the rollout of Health Identifiers in Ireland.
Castlebridge has conducted a line by line review of the Health Identifiers Act 2014 and the HIQA standards in both their draft and final form. Our review has looked at the Information Governance and Data Protection issues, challenges, and opportunities in the implementation of Health Identifiers. This edition of the Report reviews that analysis again in the context of the CJEU rulings in Bara and Schrems, and the EDPS opinion on Ethics.
This edition consists of approximately 20% additional content, including an assessment on a section by section basis of the implications of Schrems and Bara on the effective operation of the Health Identifiers Act 2014.
Topics we address include:
- A section by section analysis of the legislation and the practical impacts on current work practices in Health Care providers
- A theme by theme review of the HIQA standards, including an analysis of sections that were included in the Draft standards but have been removed from the final standard
- The potential for Information Governance confusion with multiple roles being defined in the Standards that are potentially duplicating effort or muddying lines of accountability.
- The importance of objective standards for measuring the effectiveness and appropriateness of training for Information Governance and Data Protection.
- The impact of CJEU rulings on the practical implementation of information governance for the Health Identifiers Act 2014
- An overview of a model for aligning ethics with Information Governance
- The increased importance of Privacy Impact Assessments, and the optimum time in the Information Asset Life Cycle to conduct them.
In addition, we reference how our 3DC framework for Information Stewardship and our 11-Box Model for Information Strategy alignment can help organisations and Healthcare professionals prepare for the implementation of Health Identifiers.