NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Confidential Patient Information –
Governance of secondary uses
Dr Andrew Harris
Chair – Ethics and Confidentiality Committee
1
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Information Governance:
“The structures, policies and practice used to ensure the
confidentiality and security of health and social care
records, especially clinical records, and to enable use of
them for the benefit of the individual to whom they relate
and for the public good”
2
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
The legal framework for disclosure of
confidential information
Confidentiality
- Common law duty of confidentiality (CLDC)
Fair Processing
- Data Protection Act 1998 (DPA)
Privacy
- Human Rights Act 1998 (HRA)
3
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Ethics & Confidentiality Committee
• Advises whether disclosures of identifiable data
meet conditions of s 251 NHSA 2006
• Advise SoS - set aside legal risk of breach of CLDD
• Confidential and for “medical purpose”
• Only for 2° use: “Not solely or principally for
determining care or treatment to individuals”
• Must comply with DPA
• Must be no practicable alternative
4
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Data Protection Act
Principles of processing include
Inform patients record may be used for secondary
purpose and can dissent
Docs/trusts must formally authorise disclosure
Must respect law eg CLDC, HRA
Processors’ “equivalent” duty of confidentiality
Conditions for sensitive personal data include
Explicit consent
“Medical purposes”
5
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
The legal categories for disclosure of
confidential information
Court order
Statutory power
Patient consent
Public interest
Anonymisation
For secondary uses only:
s251 statutory power
6
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Consent
• Consent to treat explicit or implied
• Makes disclosure legal, but no right
• Temporary GP staff to anonymise or to get consent –no
implied consent as CLDC
• Impossible sometimes – scale, bias, health
• Variety of guidance in research world
• Not consenting damages trust in doctors/NHS
• Ethics values autonomy – no override
• Diluted: Broad, Group, Opt out, authorisation
• If ID data and cannot consent, safest >>> s251
7
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Public interest
• Common law - to prevent crime or harm
• In Scotland no s251 - some disclosures use this
basis for research
• In England insecure, as s251 exists and ECC
advice will lower risk for patients
• s 251: either improving patient care or PI - “A
system which all reasonable individuals approve”
• Balance benefits and risks:
Exempting from CLDC needs v low risk of harm
8
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Anonymisation
Superficial
Partial
Remove name and address
Also remove number identifiers
Might not identify
immediately but easy with
other data
Cannot identify from data
alone
Clinical, Teaching
Local audit – not 2ry
Plans needing postcode,
Monitor attendance
Train staff, Confidentiality in contracts, Local procedures,
Caldicott advice
9
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Anonymisation or Deidentification
DPA only applies to personal data
Identifiable from data held or likely to come into possession
Adequate anonymisation exempts
ID conceivably possible, but unlikely, with sufficient effort
reasonably used (ICO interpretation DPA)
Risk of ID does not affect professional conscience (CLDC)
Level of security from technological treatment or
handling of data appropriate to harm that might
result from its release (7th data principle)
10
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Levels of Pseudonymisation
Reversible (Disclosive)
Irreversible (linked anon)
/Unlinked
Remove postcode
Key code and encrypt
e.g. sex, disease, hosp, ethnic,
dates diag /episode, birth year
Cannot identify with
ID impossible from published
reasonable effort and resource sources; DPA exempt
National audit
Research, Surveillance
DH, Care quality Commission,
publications
IG of recipient org
Risk assess links
Use of RECs and ECC
Small group data
Inference controls
11
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Deidentification governance
Public sceptism and re-identification risk
NHS pilots and toolkit, Standards Board,
Information Commissioner
Parallel with mainstreaming evidence based
medicine in ‘80s
Apply academic computer science
Health professional Caldicott responsibility
12
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Common law duty of confidentiality
1. Obviously private to a reasonable person of
ordinary sensibilities if in the same position
2. Affects conscience of person who receives info
in knowledge communicated in confidence
3. Detriment including damage to trust
13
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Human Rights Act 1988
• Duties on public bodies to uphold ECHR
• A8 Respect for private, family life, home,
correspondence
• Interference necessary for… protection of
health.. proportionate to harm
• Should not stop disclosures otherwise OK
(if ethical, scrutiny of unique, or v sensitive data,
and inferential risk, even though de-identified)
14
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Legal Framework of information rights
CDC
Confidentiality
Patient data
DPA
Data Protection
HRA
Privacy
+
+
+
Superficial and
partial anon
+
+
+
Reversible key
coded
-
May not
+
Irreversible/ fully
anonymised
-
-
+
15
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Informational Risk Management
Importance of purpose
Nature of data (how sensitive)
Nature of recipient (outside NHS)
Appropriateness of sharing data to recipient
IG of recipient organization (corporate, Caldicott)
Restrictions on usage in contract
Data Sharing Agreements
Scope of data (minimum for purpose)
Legal risk (police, potential harm, A8??)
Adherence to guidelines (GMC, REC, ECC)
16
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
No practicable alternative >> Section 251
• Specific regs: cancer and communicable disease
• Class: anon, to consent, geog, linking, audit/analysis
1. Confidential patient info’ – ID ascertainable even with
other info likely to come into possession of processor
2. Medical purpose necess / expedient in the interests of
improving patient care or in the public interest
3. Only if not reasonably practicable to achieve in other
way, having regard to cost and technology available
4. Maximum anonymity requirement
17
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Public Opinion
• Surveys
Support research but why and integrity
REC+ECC approval 46% never 30% maybe
Need surveys which objectively assess risk
• Find basis for reasonable expectation in CLDC
Can’t imply consent without evidence
Awareness and debate to change opinion
• Trust in doctors: public interest to preserve
18
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Supporting secondary uses
• ECC not regulator but governance and legal advice
• ECC advises SoS - must operate within law
• Interpretation – reas practicable test, equiv duty, PI
• 100 applctns/yr (40/7) Fast track (15 – 20 days)
• ? New regulations - honest brokers, commissioning,
national audit
• More anonymisation; raise IG profile, new standards
• Duty to balance preservation of public trust in records
custodianship with other public needs
19
NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE
NIGB
Ethics and Confidentiality Committee
www.nigb.nhs.uk/ecc
Tel: 020 7633 7052
NIGB
nigb@nhs.net
ECC
eccapplications@nhs.net
Chair ECC chairecc@adrharris.co.uk
20