Based on evidence presented by the Information Commissioner and the responses from NHS bodies and others to the consultation document, the government believes a compelling case has been made for extending the Information Commissioner’s Office’s powers of compulsory audit to public authority NHS bodies.
This will be done by way of a Designation Order, SI 2014/3282, entitled, ‘Data Protection (Assessment Notices) (Designation of National Health Service Bodies) Order 2014’.
This consultation paper sets out our proposal to extend the powers of the Information Commissioner to carry out compulsory assessments of NHS bodies’ compliance with the Data Protection Act 1998 and its data protection principles. It seeks views from NHS data controllers across the United Kingdom. The proposals are informed by the Information Commissioner’s experience working with NHS bodies to improve their compliance with data protection law.