Background: Routinely collected clinical data is increasingly used for health service management, audit, and research. Even apparently anonymised data are subject to data protection. The relevant principles were set out in a treaty of the Council of Europe and subsequent policy has been based on these. However, little has been written about implementing policy and the role of health informaticians in this process.
Objective: To define the elements of an effective implementation policy; the role of the health informatician in protecting processed clinical data.
Methods: We performed a literature review of bibliographic databases, a manual search of the major medical informatics associations' websites, relevant working groups and an affiliated journal. Fifty-four papers relevant to implementation were identified.
Results: The effective implementation of policy requires consideration of technical, organisational, personnel and professional issues. However, there is no clearly defined formula for successful implementation of data protection policy.
Conclusions: Patients and professionals need a system they can trust, and processes that can be easily incorporated into everyday practice. The lack of a core generalisable theory or strong professional code in health informatics limits the ability of the health informaticians to implement policy.