Recognising personal data in healthcare projects

In healthcare projects, personal data could include:

• Socio-economic data, such as household income, and ages and education levels of each household member.

• Electronic health records, such as individual episodes of care including doctor visits, prescriptions supplied, or hospital or day care surgeries.

• Health and wellness tracking from mobile phones, digital watches and other wearable technologies that measure, for example, heart rate, levels of physical activity and sleeping patterns.

• Mobile phone numbers, which often have associated geo-location that could identify an individual.

• Information about employees working in healthcare systems, for example name, address and bank details.

Key actions to take:

• Could the data in your project directly or indirectly identify individuals? If the answer is yes, refer to the section below on minimising risks.

• Consider developing a data protection impact assessment to keep a record of specific risks and mitigations.

• Consider speaking to your data protection officer or seeking legal advice to confirm which data protection laws and regulations will need to be complied with.