Re: The thing is...
> I'd like my local GP services and hospitals to be able to access my files if I need them to.
I assume of course that you'd expect/require such access/sharing would occur in compliance with data protection law?
I'm still finding more and more compliance "holes" in the Northern Ireland Electronic Care Record (NIECR) sharing mess.
Today's "fun" document received: one of the local independent (i.e. a registered charity and not part of "The Health Service") hospices has refuted my claim that they've been a Joint Data Controller for NIECR since June 2013 - they say they've only been involved since March 2018. Note they didn't state whether they've been a (Joint) Data Controller or a Data Processor - they're trying to get out of admitting that they've been a Data Controller as the defined "lawful basis" for NIECR participation has (allegedly) been Public Function/Public Task which is only a valid basis to be used by a Public Authority....which an Independence Hospice is not.
They've also said "The hospice does not hold any agreement or contractual documentation on file relating to its participation in the NIECR". Hmm, assuming they'll (eventually) claim to a be Data Processor then it appears they've been in breach of Data Protection law (UK DPA 1998 prior to 25th May 2018, GDPR since then) by not having a written (DPA) contract in place to act as a Data Processor for NIECR.
I'm sure they be very happy when I shortly respond by sending them multiple NIECR documents dating between June 2013 & August 2020 which list them as a Data Controller for NIECR. I'm sure they'll be even happier when I send them a copy of their hospice's signature (dated March 2017) as a Data Controller on a version of the NIECR DSA....what's that? their involvement only started in March 2018 eh? That's strange...
Rewriting history to redefine many of the organisations originally involved as Joint Data Controllers to instead be labelled as Data Processors appear to be all the rage recently for NIECR - what a pity the organisation doing the Soviet Revisionism (i.e. "historical rewrite") is so incompetent that the Data Processing Agreements (DPAs) they had many organisations sign late last year (accompanying letter quote: "Please note failure to agree acceptance to the DPA and return of same may call into question the legal basis...to continue to access NIECR.") are not actually valid DPAs as defined by GDPR (Hint: the DPAs are missing some information that is mandatory for valid Data Processor contracts).