Ms Rachel Flynn:

The European Commission conducted a review of the legal framework or information governance frameworks on the sharing of information in European jurisdictions. We have data protection legislation in this area and general data protection regulation, GDPR, is coming down the tracks in 2018. Other jurisdictions have in place at a national level either an information governance framework that is set out in legislation or very specific legislation around the introduction of electronic health records to their system. Usually this legislation deals with matters such as consent and the sharing of information across different entities. The way we are set up in Ireland, we go from public to private. If a person attends a general practitioner, that is a private entity. If he or she then attends a hospital, that is a public entity. If he or she then goes to the pharmacy, that is another private entity. They are all seen as data controllers under data protection legislation. To enhance the protection of data for patients, other jurisdictions have implemented more detailed legislation that allows for the sharing of information based on a sound information governance framework and the principles of data protection legislation.