Recognising personal data in healthcare projects

In healthcare projects, personal data could include:

  • Socio-economic data, such as household income, and ages and education levels of each household member.

  • Electronic health records, such as individual episodes of care including doctor visits, prescriptions supplied, or hospital or day care surgeries.

  • Health and wellness tracking from mobile phones, digital watches and other wearable technologies that measure, for example, heart rate, levels of physical activity and sleeping patterns.

  • Mobile phone numbers, which often have associated geo-location that could identify an individual.

  • Information about employees working in healthcare systems, for example name, address and bank details.

Key actions to take:

  • Could the data in your project directly or indirectly identify individuals? If the answer is yes, refer to the section below on minimising risks.

  • Consider developing a data protection impact assessment to keep a record of specific risks and mitigations.

  • Consider speaking to your data protection officer or seeking legal advice to confirm which data protection laws and regulations will need to be complied with.

PreviousData protection regulationsNextImpacts from use of healthcare data

Last updated