Some GPs risk violating GDPR by signing up to changes in childhood health data sharing

As many as 3,300 GP practices in England risk violating data protection laws if they sign up to changes in a data sharing agreement for childhood vaccination. Changes to the Child Health Information Service (CHIS), used by general practitioners in the West Midlands, parts of London and the South West of England, may have rendered it non-compliant with the EU's General Data Protection Regulation (GDPR). GPs offered to register to a new data extraction system, which feeds childhood vaccination and immunisation data into a centralised database, should wait until these concerns are addressed, the British Medical Association (BMA) said in a newsletter on Friday. The BMA told IT Pro the advice centres around concerns the new system does not meet the principle of 'data minimisation' outlined in GDPR and the Data Protection Act 2018.