It is paramount that all information about an individual is treated as confidential and held with strict security and access measures in place, especially when this information can identify an individual. It is a requirement of the Data Protection Act that the level of security, and the cost and effort involved, should reflect the nature of the information and the harm that might result from a breach of confidentiality through unauthorised disclosure or loss. Where identifiable data is required from the NHS (e.g. for data linking purposes) confidentiality should be maintained through the use of Safe Havens (see ORGANISATIONS-data repositories and services below).
It is also necessary in some circumstances (i.e. when using data and/or tissue samples without consent) that these samples are anonymised in order to comply with legislation (i.e. transfer of data under the Data Protection Act, Human Tissue Act consent exemptions).
When patients seek health care they are informed through a Privacy Notice made publicly available by the NHS that when they consent to treatment their data will be processed for the purpose of their health care, including research. The Data Protection Act also permits the use of “sensitive personal data” for medical purposes (including medical research) without consent, provided the user is subject to the same duty of confidentiality as a healthcare professional.
Despite these provisions, it is generally held that explicit consent should be obtained to use identifiable personal data for medical research, particularly for multicentre or secondary research when people who are not part of the original clinical team need access to the data. However, explicit consent cannot always be gained for new research uses of pre-existing data.
There are a number of terms that have quite specific legal meanings that might be slightly different to the meanings we give them in every day speech. It is important to understand and use them correctly:
Confidential information, in the context of healthcare, is personal information given on the understanding that it will not be disclosed to others without consent.
Personal data has a narrower definition than personal information. It is information about a living person which may lead to the identification of the person
Data subject is an individual who is the subject of personal data
Data controller is a person, company or organisation who determines the purposes for which and the manner in which any personal data are, or are to be, processed
Processing means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including – organisation, adaptation or alteration; retrieval, consultation or use; disclosure by transmission, dissemination or otherwise making available; alignment, combination, blocking, erasure or destruction of the information or data
Personal information is all information about individuals, living or dead.
Sensitive information is information about individuals which could cause some sort of harm if it is disclosed inappropriately. It includes all information about physical or mental health or condition, or sexual life, as well as information about race or ethnicity, political opinions, religious or similar beliefs, Trade Union membership, and Criminal Offences.
The best way to make use of data without causing harm or infringing the rights of the data subject is to ensure that the person cannot be identified. There are a number of types of “de-identification”, some of which are stronger than others.
Identifiable data is information that allows a specific individual to be identified without any other steps being required.
De-identified or pseudo-anonymised data still refers to a specific individual, but that person cannot be immediately identified because the identifiers have been removed or coded/encrypted in some way.
Coded data uses a code to disguise identifiers but this can easily be broken by whoever controls the data
Linked Anonymised data uses a code to replace identifiable information such as a name. It is anonymous to the people who receive and hold it (e.g. a research team), but contains information or codes that would allow others (e.g. those responsible for the individual’s care) to identify people from it.
Unlinked Anonymised data describes the situation where the link between the data and the person to whom it refers has been irreversibly broken. No one could use this data to identify a specific individual.
Click for more details on the DPA, including how data should be handled and the rights of those whose personal data is being stored.
Under the Common Law duty of confidentiality, the general position is that if information is given in circumstances where it is expected that a duty of confidence applies, that information cannot normally be disclosed without the information provider’s consent.
The UK Policy Framework for Health and Social Care Research regulates the use of personal health data for research. This document lays out the 19 principles of good practice in research are for those who manage and conduct health and social research in the UK.
Information Services Division(ISD) ISD provides health information, health intelligence, statistical services and advice that support the NHS
National Data Catalogue (NDC) The NDC details the full list of datasets that are held by ISD (Information Services Division - Scotland).
National Records of Scotland(NRS) The purpose of NRS is to collect, preserve and produce information about Scotland's people and history and make it available to inform current and future generations.
Scottish Primary Care Information Resource(SPIRE) is a service which will simplify and standardise the process for extracting data from GP practice systems for a number of purposes SPIRE also assists GPs by providing tools for practices.
SHARE is an NHS Research Scotland initiative created to establish a register of people interested in participating in health research and who agree to allow SHARE to use the coded data in their various NHS computer records to check whether they might be suitable for health research studies.
Safe Havens: NHS data for research is maintained within either the national or one of four regional “Safe Havens”. Working to agreed principles and standards these Safe Havens provide access to health data and services to enable research while protecting the confidentiality of the data. Data remains under the control of the NHS and complies with legislative and NHS policies.
• National Safe Haven - eDRIS
• Grampian - DaSH
• Tayside - HIC
• Lothian - HSRU
• Greater Glasgow and Clyde
NHS Research Ethics Committees review research proposals and act as the participants’ advocate. This review is intended to confirm that everyone involved in the research is properly protected and that the benefits outweigh the risks. In most cases, a single REC Favourable Opinion covers all research sites across the UK
NHS R&D approval Each Health Board taking part in the research must review the study to confirm their local capacity and capability to take part. They will issue formal approval when it is determined that the site will definitely take part. NHS R&D approval must be obtained separately from each NHS site, although there are centralised review processes to reduce duplication of effort.
Public Benefit and Privacy Panel for Health and Social Care Panel to review applications to use NHS Scotland originated data.
electronic Data Research and Innovation Service (eDRIS) Single point of contact to assist in the completion of applications to the Public Benefit and Privacy Panel.
UK Policy Framework for Health and Social Care
https://www.gov.uk/data-protection
NHS Service Contacts:
Research & Development Department, Queen Margaret Hospital, Dunfermline, NHS Fife
Tel: 01383 623623 ext 20955
Email: fife.randd@nhs.scot