“Mom changing stinky diaper to her little daughter on table, holding the diaper far from her with one hand. She touches her nose and does a grimace for disgust” [Caption at source of image]. © Diego Cervo
Here is a delightfully self-incriminating letter to the Information Commissioner’s Office (“ICO”) from Dr Diaper, then-Caldicott Guardian and Medical Director (Quality!) of Southern Health.
In order, Dr Diaper:
- Admits a breach of The Data Protecting Act 1998 (“DPA”) by knowingly contacting the ICO despite that the data subject had withdrawn his consent.
- Claims to have breached the DPA, “So as not to cause additional distress to” the data subject. Codswallop! Why, in writing to the ICO secretively and refusing to take action, does Dr Diaper not realise that he is not doing exactly the opposite?
- Implies the data subject accepted £1,000 for compensation in respect of DPA non-compliance. In fact, the data subject accepted it for just two documents Southern Health firstly denied existed and later admitted to have shredded, ‘accidentally’ – not as compensation for other material breaches of the DPA. Of course, it was a pure coincidence that the ‘accidentally’ shredded papers contained key evidence of misconduct by doctors.
- Implies falsely that a 38-page letter from the data subject is sufficient: the 38-page letter related only to RiO Progress Notes and not to the rest of the data.
- Forgets that, between 26 January and 5 May 2015, The Department of Health wrote to him on 30 March 2015 with a limited number of examples of missing and inaccurate data relating to the data subject and agreeing with the ICO that Southern Health had not taken all reasonable steps to address the data subject’s concerns.
- Refuses to act to comply with the DPA, despite the Department of Health’s intervention.
- Omits to mention that the so-called independent investigator (contrary to written promises) had no legal or medical expertise – and worked on pre-Magna Carta law.
- Dissembles knowingly in stating the GMC had not upheld a complaint of unlawful detention. The GMC did not uphold or reject it: it is not within the remit of the GMC mainly because the GMC does not regulate the agent of the state responsible for detention. However, Dr Diaper omits that the opinion of GMC experts effectively means the responsible official did detain the data subject unlawfully.
- Demonstrates ignorance of the DPA in asserting that Southern Health would not record the data subject’s differing opinions and (incidentally) the opinions of the data subject’s private Consultant Psychiatrist. The 4th Principle of the DPA is explicit: “If the data subject has notified the data controller of the data subject’s view that the data are inaccurate, the data [must] indicate that fact.” Clearly, it is even more important when the data subject’s Consultant’s opinion differs too.
- Fails to mention the ICO itself had told him that Southern Health is obligated to consider challenges to patient data regardless of any other policies that might be in place.
- Refuses to comply with the DPA and related advice from the ICO and the Department of Health.
In short, Dr Diaper admits being in serial breach of the DPA and has no intention of complying with the law. He was part of the conspiracy that led to the data subject waiting circa 882 days for his data: the DPA requires disclosure in 40 days.
It was tempting to redact the logos: we left them in for amusement. Southern Health is:
- “Positive about disabled people” – Sara Ryan and many others would disagree.
- An “Investor in People” – perhaps they should invest in honourable Directors, prepared to accept responsibility when things go wrong.
- The third logo is indistinct but the image of balanced scales implies fairness and justice – if so they must be joking.
NHS England’s Head of Patient Safety (Primary Care) – what else?
And, in commenting on the Mazars Review, Dr Diaper told the BBC:
“As a result of my efforts, rapid and significant improvements were made in the way the trust looked at failures in care.”
Words (or at least polite ones) fail me.
And how precisely is patient safety improved and best served by the NHS processing inaccurate and incomplete patient data?