Do we need patient consent for processing under GDPR?
As long as a Data Processing Agreement is in place between Health Diagnostics and the health and social care organisation then the explicit consent of the patient is not required under GDPR as long as another lawful basis can be used.
The lawful basis for processing under GDPR for our services is:
6(1)(e)’…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; or
9(2)(h)’…medical diagnosis, the provision of health or social care or treatment of health or social care systems…’
More information about GDPR and its relevance to Health and Social care organisations can be found
here