The Data Protection Act 1998 is not a barrier for information sharing but an enabler, according to Dawn Monaghan, group manager of strategic liaison at the Information Commissioner's Office.
Speaking today at a Westminster Health Forum focussing on the "technology revolution" in the NHS, Monaghan said there were many myths within the industry on information sharing, and one of them was that the Data Protection Act (DPA) is a barrier.
"The DPA is not a barrier, it is an enabler," she said. "The drive behind it was to free up the market and to be able to use data which is personal in a protected way to enable that data to be shared.
"Not sharing information can often mean people are unprotected. The DPA is all about mitigating risk, but in the health sector the DPA is becoming like the health and safety legislation – an excuse not to do things, not to change."
Monaghan went on to dismiss the idea that civil monetary penalties were served on organisations that shared data, and stated that the ICO has so far not placed a fine on any organisation for data sharing.
"There haven't been any cases where two organisations have shared data and breached the DPA," she said. "There may be cases out there but we haven't found them or fined anyone."
The ICO group manager added that a data sharing agreement does not provide legal indemnity and that under the DPA, NHS trusts do not necessarily need patients' consent to share information.
"There are other ways of doing it around consent, and consent is not informing people, informing should be done whether you have consent or not," she added.