Data Protection and Research – Implications
for a National Out-of-Hospital Cardiac Arrest
Register
NUI Galway Dept of General Practice
Lunchtime seminar
20 November
Gary Davis
Deputy Data Protection Commissioner
1
Presentation Outline
•
•
•
•
Data Protection: Human Right to Privacy
Data Protection Principles
Protecting Personal Health Information
Draft Guidelines on Health Research
2
Survey Results (2005) (1)
• Is privacy important?
important
•
•
•
•
•
Crime Prevention
Personal Privacy
Consumer protection
Workplace equality
Ethics in public office
7%
9%
12%
11%
14%
very important
91%
89%
85%
82%
78%
3
Survey (2): Privacy most
important in relation to1.
2.
3.
4.
Financial records
Medical Records
PPS Number
Credit Card Details
5.
6.
7.
8.
Telephone No
Home Address
Date of Birth
Marital Status
4
Data Protection: a Human Right
• Part of Right to Personal Privacy
• Personal Privacy : necessary in a
Democratic Society
• Not absolute: other necessary Rights on a
Democratic Society ( e.g. Freedom of
Expression, Rights of Others)
5
Constitution
• Implicit Right to Personal Privacy under Article
40.3.1 …The State guarantees in its laws to
respect, and, as far as practicable, by its laws to
defend and vindicate the personal rights of the
citizens
• Court Interpretation: the right to privacy is one of
the fundamental personal rights of the citizen
which flow from the Christian and democratic
nature of the State
6
European Human Rights Convention
• Explicit Right to Personal Privacy under Article 8
of European Convention for the Protection of
Human Rights & Fundamental Freedoms (ECHR)
• ECHR now indirectly part of domestic law due to
ECHR Act 2003
7
ECHR Article 8: Privacy
• (1) Everyone has the right to respect for his private and family life,
his home and his correspondence.
• (2) There shall be no interference by a public authority with the
exercise of this right except as in accordance with the law and is
necessary in a democratic society in the interests of national security,
public safety or the economic well-being of the country, for the
prevention of disorder or crime, for the protection of health or
morals, or for the protection of the rights and freedoms of others
8
EU/EEA Directives
• Directive 95/46/EC Protection of
Individuals with regard to the Processing of
Personal Data and on the Free Movement
of such Data
• Directive 2002/58/EC Privacy and
Electronic Communications
9
EU & Irish Legislation
• Data Protection Directive
95/46/EC
• Electronic Privacy
Directive 2002/58/EC
• EUROPOL etc
• Data Protection Acts 1988
& 2003
• EC Electronic Privacy
Regulations 2003 (SI
535/2003)
• Corresponding Acts
• Good Friday Agreement
• Disability Act 2005
10
Presentation Outline
•
•
•
•
Data Protection: Human Right to Privacy
Data Protection Principles
Protecting Personal Health Information
Draft Guidelines on Health Research
11
Definitions: Personal Data
– “Data relating to a living individual who is or can be
identified either from the data or from the data in
conjunction with other information that is in, or is
likely to come into, the possession of the data controller
“ (DP Act, Section 1)
– Applies to any data that is processed (includes hosting)
using any medium by a legal entity essentially. Paper,
computer, network, web, phone etc.
– Only relates to a living person
12
European Data Protection Rules
1. Fair obtaining &
processing
•
Consent
2. Specified purpose
3. No disclosure
•
unless “compatible”
5.
6.
7.
8.
9.
Accurate, up-to-date
Relevant, not excessive
Retention period
Right of access
Independent Supervisory
Authority
4. Safe and secure
13
Restrictions on disclosure
• General rule – no
disclosure for different
purpose
• Exceptions made, to
balance other interests
of society
• Section 8 exceptions
–
–
–
–
–
Investigation of crime
Collection of taxes
Security of the State
Protect life & limb
Required by Law
• No general “public
interest” test
14
Role of the Data Protection
Commissioner
• Ombudsman Role: resolution of disputes between data
subjects and data controllers or processors
• Enforcer Role: compliance by data controllers &
processors
• Educational Role: Promotes DP rights and good practice
• Registration Authority: obligation on major holders of
personal data to be placed on public register
15
Presentation Outline
•
•
•
•
Data Protection: Human Right to Privacy
Data Protection Principles
Protecting Personal Health Information
Draft Guidelines on Health Research
16
Data Protection & Health Data
• Data on physical or mental health or condition or sexual
life are ‘sensitive personal data’ with special protection
but some leeway for:
– Processing of Data “kept for statistical or research or other
scientific purposes”
– Processing “necessary for medical purposes”(including medical
research) and carried out by a “health professional” or someone
who owes an equivalent duty of confidentiality
• DP and Medical Ethics mutually reinforcing
17
Presentation Outline
•
•
•
•
Data Protection: Human Right to Privacy
Data Protection Principles
Protecting Personal Health Information
Draft Guidelines on Health Research
18
Consultation on Personal Data use for
Health Research
• Try to reach consensus on balanced approach
reflecting Irish conditions
• Seminar November 2006
• Addressed by speakers from different perspectives
(HSE, public health, research)
• EUROSOCAP guidelines (www.eurosocap.org)
19
Draft Guidelines Paper
• Presented July 2007 (on
www.dataprotection.ie)
• Comments up to 21 September
• 11 Submissions received
• Final version in coming weeks
20
Draft Guidelines: Key Points
• Use anonymised/pseudonomised patient data wherever
possible
• Where a health facility (e.g. hospital) anticipates research
use of identifiable patient data, seek patient consent at
earliest possible opportunity, backed by patient leaflet and
research policy approved by ethics committee
• Treat identifiable personal data on “need to know” basis
• Recognises possibility within Acts for research to be
undertaken by the Data Controller itself.
• Makes provision for context for seeking consent including
where a person not in a position to give it.
21
Anonymisation
• Effectively anonymised data not subject to
data protection acts – so anonymise where
possible
• Pseudonimisation, subject to safeguards,
acceptable where full anonymisation not
possible
22
Guidelines Paper: Patient Consent
• “best practice would suggest that allowing
the patient choice and providing them with
information in relation to how their data is
used should be the standard approach. “
23
Guidelines Paper: Patient Consent
• “What is being put forward here is a relatively simple
model that every effort should be made to ensure that the
patient knows what could happen to their data for
purposes unrelated to their treatment and are given an
opportunity to consent or refuse consent for such use. In
this way, if any proposed use of a patient’s data for
purposes unrelated to their treatment would likely come
as a surprise to them, then a new and separate consent
should be sought.”
24
Guidelines Paper: Patient Consent
• “ an informed and explicit consent [should] be sought as
soon as possible after a patient presents at a health facility
…… each data controller [should] consider in a thorough
manner what such potential [research] uses might be and
specifically capturing these in an appropriate consent
supported by an informative patient leaflet
• Additional research initiatives, not envisaged at the time of
seeking the initial consent, involving the use of patient data
would need to be predicated on further specific consents
going forward.”
25
Can anonymised data be used to
achieve the aims of the proposed
project? Yes/No?
Yes – Proceed with proposed project using
data anonymised by the data controller
without requiring consent.
Yes – Proceed with proposed project ensuring that
the key to a person’s identity is retained by the data
controller only and not revealed to third parties.
No – Can pseudonymised data be used
instead with appropriate safeguards?
Yes/No?
No – Patient consent is normally required.
Has consent for research purposes been
secured in relation to the files previously?
Yes/No?
Yes – Is this consent valid (specific enough)
to cover this particular research proposal?
Yes/No?
No – Specific, informed, freely given
consent must be captured from
individuals by the data controller.
Yes – Proceed with research project (subject
to adequate safeguards being in place in
relation to security etc).
Once valid consent is in place, the research
project can proceed (subject to adequate
safeguards being in place in relation to security
etc).
26
OHCAR – KEY POINTS
• Pilot Project limited to one HSE area
• Difficulties in obtaining explicit consent
• Largest part of data was not personal data as
it related to dead persons
• Who is the data controller in this case?
• Attempt through collation of the data to
provide better care to patients
27
OHCAR
• What about data in the private system and
held by GPs?
• Security arrangements for both physical and
systems put in place for access to the data
by OHCAR project manager and personnel
only
• Intended media campaign in relation to
project
28
OHCAR
• From a DP perspective Methodology 1
preferred
• Methodology 2
– No difficulty with OHCAR gathering data from
ambulance service and A+E Depts to identify
surviving persons
– Have to deal with reality that HSE could not be
considered the Data Controller in relation to a
large part of the data
29
Recommendations on
Methodology 2
– Informed consent in unique circumstances of
project
– OHCAR to write to surviving patients outlining
all relevant information in relation to the study
and the safeguards in place for their privacy
– 21 days to raise any concerns and OHCAR to
send reminder if doubt as to receipt
– Any objections must be respected
30
Thank You
• www.dataprotection.ie
• Contact: gdavis@dataprotection.ie
31