Stephen Donnelly (Wicklow, Fianna Fail) | Oireachtas source

Part 2 of the Bill provides for the duty to share and contains sections 7 to 9, inclusive. Section 7 places a statutory duty on health service providers to share personal health data with other health services providers for the purposes of patient care and treatment. In keeping with data protection principles, such sharing must be necessary, relevant and proportionate. Section 8 introduces a legal obligation on health services providers to forward a patient's personal health data to another health services provider at the patient's request. Section 9 places an obligation on health services providers who intend to stop providing health services to notify their patients.

Part 3 provides for digital health records and contains sections 10 to 20, inclusive. Section 10 empowers the HSE to create and assign to each person a digital health record. Section 11 sets out the information to be contained in the digital health record. Section 12 provides who may access a digital health record. Section 13 provides that a patient can restrict access to information in his or her record so that it cannot be seen by health services providers. Section 14 provides that a patient has the right to obtain information on access to their digital health record. The HSE will be required to put in place the appropriate logging and auditing functions to enable a patient to know what information has been accessed, by whom and when. Section 15 sets out the Minister's regulation-making power in relation to the accessing of digital health records. Section 16 provides that digital health records may be used by health services providers for the purposes of care and treatment. Under the Bill, the HSE can use this data for important public interest purposes relevant to its statutory remit.

Section 17 provides that the HSE may enter into a reciprocal agreement with equivalent bodies in non-EU countries on the electronic exchange of information in digital health records for the purposes of care and treatment. Section 18 sets out the manner in which the HSE is to request the provision of personal health data into digital health records. All health services providers are in scope, including private and voluntary providers, and must comply with such requests. Section 19 sets out the process in the event of non-compliance. Section 20 provides for HSE guidelines in relation to the Act and the persons who must be consulted in this regard, including health practitioners and patient groups.

Part 4 of the Bill addresses the provision of health information to the HSE for secondary-use purposes relevant to its statutory remit. Section 21 sets out that Part 4 provisions are without prejudice to existing legislation on the provision of information to the HSE. Overall this section empowers the HSE to request the provision of health information from a relevant person, which is defined as, "(a) a body established by or under an enactment to perform functions in relation to health services," such as a public hospital, "(b) a person with whom the Executive has entered into an arrangement under section 38 or 39 of the Health Act 2004," which could, for example, be one of the voluntary hospitals, or "(c) a person, other than a person referred to in paragraph (b), with whom the Executive has entered into an arrangement to provide health services", which could, for example, be a private provider.

Sections 21 and 23 provide for a number of processing and procedural safeguards on the HSE’s use of this power to mandate the provision of health information. Section 22 sets out the process required in the event of non-compliance with the request.

In conclusion, I look forward to the debate today. This is a technical Bill. It will spend time at committee. It will be interrogated as it must. It lays the legal foundation for what will, in time, be one of the most important transformations of patient care in the country. All of us here today speak with healthcare workers who talk about their frustration at having to use paper files. In our community health services, there are little to no digital records. We have people literally carrying paper files around the community with them. It is simply no way for this to be. This law will be important.

I think it will help to bring about a change in culture in our health services. Parts of it are excellent but I had a case recently where a patient was seeking their own information from a public hospital and they were told they could apply for it under GDPR and it would take six weeks to give it to them. That is not required. We do not need this law for that. The culture in the hospital should be such that the only response to that person would be, "Of course. We will email it straight over to you." Some providers do that very well. Others have a way to go on that. This will provide the statutory underpinning. We are putting much money, effort and resources into e-health. We need to work right across the healthcare space in hospitals, community, general practice and pharmacies to make sure there is a culture of sharing information, protecting the information and making it available in a way that provides the patient with the best possible care in the quickest possible time.

See this speech in context