Primary care leaders say "Botched new Data Protection Act could slap £2k bill on small NHS providers"
Primary care leaders have told Government to act now to stop flawed implementation of EU data regulations heaping unnecessary additional burdens on high street health providers.
The British Dental Association (BDA), Optical Confederation and Pharmaceutical Services Negotiating Committee (PSNC), writing on behalf of 40,000 dentists, 11,500 community pharmacies, and 19,000 optometrists and dispensing opticians, have said the Data Protection Bill – due to start its progress through the House of Commons on 5 March – will, as currently drafted, slap significant extra costs on small providers.
In a joint letter, the groups have called on Minister for Digital and Culture Margot James to drop plans to require all NHS providers to appoint a Data Protection Officer – which goes well beyond the requirements of the General Data Protection Regulation (GDPR). The Regulation only requires a body to appoint a statutory DPO if it is a public authority or if it processes certain categories of data, including healthcare data “on a large scale” such as a hospital.
Health leaders have been working closely to lobby for changes for some months, as it became clear that small practices could be forced to hire additional staff or buy in additional services to fulfil this new requirement, at significant extra cost which could eventually have to be met by the NHS or patients.
Based on analysis of potential activities and contractor services currently covered by the Bill the BDA estimated the set up and annual costs could effectively add a further £2,000-3,000 to the already stifling £22,000 compliance bill for single-handed dentists – who make up 1 in 5 of the NHS workforce. Compliance cost for dentists have skyrocketed by over 1000% in the last decade. DPO costs would easily exceed the costs of core overheads such as professional indemnity and registration.
BDA Chair Mick Armstrong (top) said: “Failure to get these regulations right will further undermine the sustainability of high street health providers.
“Single-handed family practitioners serve millions of patients, and are already under huge financial pressure. Treating them like large corporates and slapping on another £2,000 bill serves no one, and goes well beyond the intentions of the GDPR.
“We urge Ministers to urgently rethink their plans. Neither the NHS nor our patients should have to pay the price for badly drafted legislation.”
Fiona Anderson, Chair of the Optical Confederation, said: “We strongly share the BDA's concern about the impact of the Bill. The new requirement would not provide any practical benefit for patients. And it would create a new and unnecessary regulatory burden and cost for optical practices. We therefore hope Ministers will exempt primary care providers from these requirements."
 The BDA has estimated compliance costs based on analysis of 22 potential service delivery points requiring over 35 man hours to deliver, covering application, documentation, on-site audit and ongoing support, provided by a range of administrators, data protection advisors and specialists.
 See http://www.nasdal.org.uk/assets/press-releases/Cost%20of%20compliance%20rockets%20-%2012-09-16.pdf