The idea
Patients should be autonomous – have the freedom to control – the processing of their personal and clinical data/records. They should also be kept fully informed as to the processing of their personal and medical data on a regular basis.
So BEFORE any personal or clinical data can be added to a database/register or other data storage system the patient should be asked to give informed consent. If the patient refuses consent then the data should not be processed (that includes sharing, uploading, accessing and so on).
There should not be any surprises for the patient regarding processing of their personal and clinical data.
Why is it important?
There should not be any surprises when it comes to your own patient records. Giving patients the choice about how their personal and clinical data is processed can avoid the sort of distress and damage that can be caused when data is processed without their knowledge and consent.
A basic list could be regularly provided to patients to inform them of all the databases and so on that they are currently on (having first given their explicit, informed consent). This would not only remind patients of the databases they are on and how their data is being processed but it would also give them the opportunity to review and update their choices.
If we lose the trust between, for example, a GP and his/her patient then we lose the very heart of our healthcare.