Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Data Protection and Confidentiality

advertisement 
DATA PROTECTION AND PATIENT
CONFIDENTIALITY IN RESEARCH
Nic Drew
Data Protection Manager
University Hospital of Wales
( 2074 6677
 2074 5626
: nic.drew@wales.nhs.uk
OVERVIEW
What is the Data Protection Act 1998?
 The 8 Principles
 The Principles in practice
 Obtaining a R&D reference number
 Research not involving patient contact
 UHB information resources

WHAT IS THE DATA PROTECTION ACT?

LAW ON THE USE OF PERSONAL INFORMATION

PROVIDES RIGHTS OF PRIVACY

PROVIDES RIGHTS OF ACCESS

COMPLY WITH THE HUMAN RIGHTS ACT

THERE ARE 8 DATA PROTECTION PRINCIPLES
THE EIGHT PRINCIPLES
PERSONAL DATA MUST BE:1.
PROCESSED FAIRLY AND
LAWFULLY + SCHEDULES 2&3
5.
KEPT FOR AS LONG AS IS
NECESSARY AND NO LONGER
2
PROCESSED FOR SPECIFIED
PURPOSES
6
PROCESSED IN LINE WITH
DATA SUBJECTS RIGHTS
3
ADEQUATE, RELEVANT AND
NOT EXCESSIVE
7
SECURE
ACCURATE AND KEPT UP TO
DATE
8
4
ONLY TRANSFERRED TO
OTHER COUNTRIES THAT HAVE
SUITABLE DATA PROTECTION
CONTROLS
PRINCIPLES IN PRACTICE
PRINCIPLE 1

Fair processing – Provide all relevant information in the
Patient Information Sheet, ‘Confidentiality Statement’;
who disclosed to, what disclosed, who will access, how
long kept for, what security employed. Remember,
consent is not valid unless informed consent.

Identifying patients – If you are using initials and DOB as
well as a study number, you must tell patients.
PRINCIPLES IN PRACTICE
PRINCIPLE 1

Lawful processing – specifically the Human Rights Act,
Article 8 and the Common Law Duty of Confidentiality;
NOTE, if you don’t comply with other related legislation
(e.g. Human Tissue Act) you do not satisfy this Principle!

Schedule 3 – Explicit Consent is required where there is
patient communication or contact, unless you have an
exemption under section 251 of the NHS Act 2006
PRINCIPLES IN PRACTICE
PRINCIPLES 2 - 3 - 5
2, Specified purpose – if you wish to contact patients for
subsequent studies you need to tell them and gain
consent.
 3, Not excessive – only collect personal data that is
necessary e.g. if you only need age, don’t ask for date of
birth.
 5, Retention – tell patients how long you will keep their
personal data; usually 5 years or 15 for clinical trials

PRINCIPLES IN PRACTICE
PRINCIPLES 7 - 8

7, Security – Information Commissioner has made it clear
that all patient identifiable data on laptops or portable
media must be encrypted. C&V UHB only permits emails
with patient identifiable data to be sent between email
addresses ending in wales.nhs.uk

8, Outside EEA – specific informed consent required; this
must be endorsed on the Consent Form.
R&D REFERENCE NUMBER

Who recruits the patient? – Legitimate relationship

Disclosure of identifiable data – Initials+DOB+gender

Identifiable data on a computer – Who’s computer? Encryption!

Disclosures outside the EEA? – Specific consent

GP’s informed? – Medical records accessed?
RESEARCH NOT INVOLVING PATIENT
CONTACT, i.e. NO CONSENT
Permitted, but with strict controls to maintain patient
confidentiality
 Access may be granted to patient medical records if you
are a healthcare professional or hold an honorary contract
with the UHB – this will not give direct access to
electronic records
 No data capable of identifying a patient can be recorded
 Only specimens from UHB patients can be anonymised
by the Labs and made available for research; Principle 7

INFORMATION SOURCE

The UHB’s Intranet site has Data Protection information
and guidance available (unfortunately not on the Internetyet)

‘Data Protection Guidance For Researchers’ available on
the Intranet; Data Protection > Guidance > Research, or
from the R&D Department

National Research Ethics Service guide also available
from above link
Related documents
To Whom It May Concern
To Whom It May Concern
Email Consent Form - Mayer and Cope Family Practice
Email Consent Form - Mayer and Cope Family Practice
Preparing Substantive Materials for IRB Review
Preparing Substantive Materials for IRB Review
25: Informed Consent for Counselors
25: Informed Consent for Counselors
Clinical Trial Quality and Compliance: An FDA Perspective
Clinical Trial Quality and Compliance: An FDA Perspective
MULTICENTRE STUDY TO REVIEW INFORMED CONSENT
MULTICENTRE STUDY TO REVIEW INFORMED CONSENT
Confidentiality - LAUSD School Mental Health
Confidentiality - LAUSD School Mental Health
Hanna F. Pitkin
Hanna F. Pitkin
Vocational Rehab Pathway
Vocational Rehab Pathway
MASH presentation 2
MASH presentation 2
Primary Source Asset List
Primary Source Asset List
Consent is Sexy
Consent is Sexy
Research Skills - Northumbria University
Research Skills - Northumbria University
Law and Nursing
Law and Nursing
Donna-Stephenson-A-Consumer-Organisation
Donna-Stephenson-A-Consumer-Organisation
Ethics application `the form`
Ethics application `the form`
Confidentiality & HIPAA - Michigan State University
Confidentiality & HIPAA - Michigan State University
Successfully Navigating the BREB / RISe Human Ethics Online
Successfully Navigating the BREB / RISe Human Ethics Online
Human tissue: the matter of life and death
Human tissue: the matter of life and death
American Psychological Association (APA) 2010
American Psychological Association (APA) 2010
IRB - sped596pbis
IRB - sped596pbis
42 CFR Part 2 The Consent Process
42 CFR Part 2 The Consent Process
Download
advertisement