Under data protection legislation, health information is considered a special category of personal information. This means that it needs some additional controls in place to be able to collect and store it.

There are a number of special categories and health information is one of the most commonly used because we collect it through various channels within our businesses. Today, we’re just going to focus on those companies that collect it because they deal with health information.

Those companies collecting health information need an additional control in place. There are a number of options for the additional control. But generally, depending on the sector you’re working in, you would be looking at explicit consent. Explicit consent is a step up from consent. Effectively, explicit consent says I understand the health information you are going to keep about me and I agree to this. This has to be done at the point you’re collecting that information. It can be done verbally, but you would need to be able to demonstrate that you have captured explicit consent for the information you are collecting. When you need explicit consent, you should take extra care over the wording. Even in a written context, not all consent will be explicit.

If you are in the health arena, a chiropodist, podiatrist, private medical centre, or other organisation collecting health information, we will do a free review of your consent practices.