PRIVACY ADVISORY COMMITTEE - POLICY DECISIONS AND PRINCIPLES

These Policy Decisons and Principles [76KB] are also avaliable as a PDF.

7 Nov 1990

i.  Studies cannot be changed substantially without another application being submitted.

14 May 1991

ii.  Change of name and address of principal researcher must be notified.

17 Jun 1992

iii.  Ongoing studies should be reviewed every 5 years to check whether the personnel have changed; or the researchers want to continue receiving data.

iv.  Form must be properly completed with respect to:- Medical person responsible for data confidentiality. Local Research Ethics Committees (LRECs) must be consulted for any studies involving access to medical notes.

27 Jun 1996

v. PAC does not require to see applications for release of patientidentifiable data from ISD Scotland in the following circumstances:

1.  When consultants are requesting information relating to their own treated patients. For these releases, a signed letter of request is required from the consultant. When consultants from different boards are working together e.g. on an audit or register then all relevant signatures are required.

2.  When Health Boards are requesting information relating to their resident population. The Director of Public Health or his/her named (medically qualified) deputy must sign ISD's declaration on confidentiality and privacy for each release.

3.  When NHS Trusts are requesting information relating to their own treated patients. The Medical Director (or Clinical Director if only one Directorate is involved) must sign ISD's declaration on confidentiality and privacy for each release. When Boards are working together e.g. on an audit or register then all relevant signatures are required.

For any studies performed using the above data, it is the responsibility of the researchers to obtain ethics committee approval where appropriate. ISD should see a copy of the letter of approval and, when relevant, the information sheet and consent form. Especially sensitive data are considered very carefully.

vi. First contact with non-current patients by researcher should always be by someone whom the patient will recognise as involved in their past or current care. This may be the relevant responsible specialist for the proposed research or the current GP.

14 Dec 2002

vii.  Informed consent is required for flagging or follow-up including linkage to NHS or other records. If consent is not given then list-cleaning or a status check could be carried out

viii.  PAC must see participant information sheet and consent form relevant to request. What is covered by the consent must be ?sufficiently? specific to cover the new application e.g. ?consent to follow up including access to other health records held nationally or locally?.

Jun 2002

ix.  Confidentiality & Security Advisory Group for Scotland (CSAGS) categories should apply.

Dec 2002

x.  a)  Several categories of conditions under which explicit consent for research is not needed should apply. These are (see Appendix):

• Section 33 of the Data Protection Act
• Consent not needed on grounds of disproportionate effort? from the Canadian Institutes of Health Research
• Class support categories from PIAG

b)  It is proposed that these categories should apply also to applications for management (including audit) and public health uses of personal data.

c)  Consent is also not needed:

• If only anonymised (aggregated) data are to be sent out
• If researcher does the analysis within ISD
• If ?refusers? are not identified at any stage

d)  However, unless the historical exemption applies, none of these categories over rides the need to inform in some way.

Since Dec 2002

xi. The exemptions listed above over ride the protection given by the Adults with Incapacity Bill, provided as always that there is information in the public domain and that recovery of competence to consent means that that consent will be sought retrospectively.

From Aug 2004

xii. Flagging

The Privacy Advisory Committee has considered its position regarding flagging again in the light of two recent applications. Neither of these had informed consent and in neither case was this a realistic option. In both cases, it was felt that the potential benefit to the study subjects was significant and the risks of disclosure very small. The committee was not unanimous on this but, on balance, it was decided that these two requests should be approved. In view of this the guidance on flagging is changed; studies which request flagging without informed consent will not be automatically rejected but be considered on their merits.

Appendix

The Data Protection Act 1998 makes it clears that in order to process data on individuals lawfully in most circumstances they must consent to this. Different types of consent are recognised and The Confidentiality and Security Advisory Group for Scotland (CSAGS) set out categories of consent for different uses of data. These are reproduced below.

CONSENT CATEGORIES

1. CONSENT NOT REQUIRED

Category	Information Need
a. Legal Requirement e.g. notifiable diseases; Abortion Act	Normally Inform (specific)
b. Legal Defence e.g. to protect life or prevent serious injury; notification to DVLA	Inform where appropriate (specific)
c. Anonymised e.g. personal identifiers removed	Always Inform (generic/specific)

2. IMPLIED CONSENT ACCEPTABLE

Category	Information Need
a. NHSS Patient Care e.g. GP referral & hospital care	Inform (generic) assume consent (but act on refusals and ensure patient aware of consequences*).
b. NHSS Operational Management & Public Health (maintaining quality and probity) e.g. planning; managing; funding and auditing; where identifiable data cannot be anonymised	Inform (generic - but give relevant detail) Assume consent (but act on refusals)
Multiple uses (If cannot be anonymised) e.g. disease registries; epidemiology; national data banks	Inform (generic and specific) Assume consent (but act on refusals)

* (There is a duty on clinicians to make a record but patients have a right to consent over its use)

3. PRIOR CONSENT REQUIRED

Category	Information Need
a. Multi-agency care e.g. sharing data with Social Work; referrals to Nursing Homes	Inform (specific / generic) Explicit consent (developing protocols will provide for generic information and a wide ranging consent)
b. Research using identifiable data e.g. Clinical Trials	Inform (specific) Explicit consent (exceptions only within provisions of Data Protection Act, section 33 and approval of Caldicott Guardians, and Ethics Committees)
c. Education & Training e.g. identifiable patient records used to lecture medical students	Inform (specific / generic) Explicit Consent

Source: Confidentiality and Security Advisory Group, Scotland 2002

4. Data Protection Act, Section 33: consent for research not needed

• When the purpose is not to support measures or decisions relating to particular individuals
• When substantial damage or distress is unlikely to be caused to any data subject

Allows:

• Purpose not considered incompatible with original
• May be kept indefinitely
• Subject access not essential as long as subject not identifiable

However, 1st and 2nd principles still apply:

• Current and proposed new records must have consent
• Existence of project should be in public domain.

5. Various bodies have interpreted the Act in respect of their own interests and responsibilities. Some examples are given below.

a. The Caldicott Principles - see Caldicott Guardians

1. Justify the pupose for which the information is required
2. Don't use patient-identifiable information unless it is absolutely necessary
3. Use the minimum necessary patient-identifiable information
4. Access to patient-identifiable information should be on a strict need to know basis
5. Everyone with access should be aware of their responsibilities
6. Understand and comply with the law

b. GMC Research Guidance

Research without consent - The GMC research guidance (para 32) specifies that:

Where it is not practicable for the person who holds the records to either obtain express consent to disclosure, or to anonymise records, data may be disclosed for research, provided participantshave been given information about access to their records, and about their right to object. Any objection must be respected. Usually such disclosures will be made to allow a person outside the research team to anonymise the records, or to identify participants who may be invited to participate in a study. Such disclosures must be kept to the minimum necessary for the purpose. In all such cases you "must be satisfied that participants have been told, or have had access to written material informing them:

• That their records may be disclosed to persons outside the team which provided their care;
• Of the purpose and extent of disclosure, for example, to produce anonymised data for use in research, epidemiology or surveillance;
• That the person given access to records will be subject to a duty of confidentiality;
• That they have a right to object to such a process, and that their objection will be respected, except where the disclosure is essential to protect patients, or someone else, from risk of death or harm.

c. Privacy Information Advisory Group (PIAG), England & Wales:

'Class support' = PIAG approval not required (only REC):

• For 'making the patient in question less readily identifiable from that information'
• For identifying past or present geographical locations of patients - such as during some exposure or episode
• To'enable a lawful holder of that information to identify and contact patients for the purpose of gaining consent:
  1. to participate in medical research;
  2. to use the information for medical purposes; or
  3. to allow the use of tissue or other samples for medical purposes'
• 'The audit, monitoring and analysing of the provision made by the health service for patient care and treatment'
• 'The granting of access to confidential patient information in one or more of the above circumstances'

d. Canadian Institutes of Health Research

www.cihr-irsc.gc.ca/e/186.html

Conditions in which there would be 'disproportionate effort' to obtain consent for research:

• The size of the population being searched
• The proportion of individuals likely to have relocated or died since the time the personal information was originally collected
• The risk of introducing potential bias into the research thereby affecting the generalisability and validity of the results
• The risk of creating additional threats to privacy by having to otherwise de-identified data with normal identifiers in order to contact individuals to seek their consent
• The risk of inflicting phychological, social or other harm by contacting individuals or families with particular conditions or certain circumstances
• The difficulty of contacting individuals directly when there is no existing or continuing relationship between the organisation and the individuals
• The difficulty of contacting individuals directly through public means, such as advertisements and notices
• Whether, in any of the above circumstances, the requirement for additional financial, material human, organisational, and other resources needed to obtain such consent will impose undue hardship on the organisation.