Q:
I keep seeing private information about
COVID-19 patients circulating on social media… is there a law to stop this from
happening?
A:
Interestingly, I have been thinking
about this topic since the Opposition Leader, Kamla Persad-Bissessar, released information on the first COVID-19 related death in Trinidad & Tobago a
couple weeks ago… and then again when apparently that same person’s medical
history was later circulated on social media.
It was clear that the medical
information I’m referring to (and I assume you are as well) could have only originated
from the person’s confidential medical record, and thus shared by a medical
professional. And if that medical professional was a doctor, they would have acted
in breach of the Medical Board of Trinidad and Tobago Code of Ethics in the Practice of Medicine.
In addition to that specific breach
for a doctor, and for any other medical professional who could have released
the information, for privacy laws in Trinidad and Tobago, we have the Data Protection Act 2011:
4. The object of this Act
is to ensure that protection is afforded to an individual’s right to privacy
and the right to maintain sensitive personal information as private and
personal.
Section 2 defines the term “sensitive personal information” to
mean information on a person’s–
(a) racial or ethnic
origins;
(b) political
affiliations or trade union membership;
(c) religious beliefs or
other beliefs of a similar nature;
(d) physical or mental health or condition;
(e) sexual orientation or
sexual life; or
(f) criminal or financial
record;
For a breach of patient
confidentiality by doctor employed at a public institution, a person may be
able to place that liability on the hospital/regional health authority:
40. (1) A public body
shall not process sensitive personal information unless it obtains the consent
of the person to whom that sensitive personal information relates.
But if there’s a breach of the
doctor-patient confidentiality in the doctor’s private capacity, the following
sections should apply:
69. A person who—
(a) collects, retains, manages, uses,
processes or stores personal information in Trinidad and Tobago;
(b) collects personal information from
individuals in Trinidad and Tobago; or
(c) uses an intermediary or telecommunications
service provider located in Trinidad and Tobago to provide a service in
furtherance of paragraph (a) or (b),
shall follow the General Privacy Principles set out in
section 6 in dealing with personal information.
Those General Privacy Principles are:
6. The following
principles are the General Privacy Principles which are applicable to all
persons who handle, store or process personal information belonging to another
person:
…
(c) knowledge and consent of the individual are required for the
collection, use or disclosure of personal information;
…
(e) personal information
shall only be retained for as long as is necessary for the purpose collected
and shall not be disclosed for purposes
other than the purpose of collection without the prior consent of the
individual;
…
(g) personal information
is to be protected by such appropriate safeguards having regard to the
sensitivity of the information;
(h) sensitive personal
information is protected from processing except where otherwise provided for by
written law;
…
With all that being said, these are
the penalties for breaching the provisions of the Act:
95. (1) A person who
commits an offence under this Act is liable upon—
(a) summary conviction,
to a fine of not more than fifty thousand dollars or to imprisonment for a term
of three years; and
(b) conviction on
indictment, to a fine of not more than one hundred thousand dollars or to
imprisonment for a term of not more than five years.
No comments:
Post a Comment
“Knowledge, like air, is vital to life. Like air, no one should be denied it."