Data privacy question. Billing done through billing agents obviously involves the doctor submitting sensitive patient personal details and health information (indirectly by way of item numbers claimed) to the agent to facilitate the claim process. Is patient consent required for this in theory? Do hospital admission templates (signing the form to be a private patient) account for patient consent in this regard? What if the patient withdraws consent? On the other side of this equation, how long do the billing agents keep sensitive patient data (is there a legal requirement?).