Confidentiality
In Scotland, this information is brought together and managed at national level by the ISD part of NHS National Services Scotland (formerly known as the Common Services Agency).
ISD has recently published a leaflet Protecting Personal Health Information - Information Guide for Patients which helps explains our approach. A leaflet explaining the Cancer Registry data we hold is also available
On this page
- Protecting Patient Privacy
- Research using personal data
- Secondary uses of health information
- Patient Confidentiality & Small Numbers
- Links
Protecting Patient Privacy
ISD has developed a number of measures to ensure the protection of patient confidentiality.
Data Protection Act 1998
The work of ISD is included within the entry for the NHS National Services Scotland in the 
register of data controllers maintained by the Information Commissioner. ISD abides by the principles which govern the care and use made of personal data.
Confidentiality rules for ISD staff
ISD have detailed rules which cover the care and release of confidential data. All new staff are required to read these and sign their acceptance of them. Existing staff re-sign every 6 months. Staff also have confidentiality clauses included in their contracts.
PAC
Any release of patient identifiable data out with routine returns of their own data to Operating Divisions, or data relating to the resident population to NHS Boards are carefully controlled. Requests for such releases are examined by the PAC.
PAC was set up to advise the ISD and the General Register Office Scotland (GROS) on the processing and release of patient identifiable data. PAC also advises ISD on linkage of datasets that have not been linked previously, whether or not identifiable data are to be released. PAC Membership .
When wishing to use Scottish Morbidity Records (SMRs) for medical research studies, involving release of information by ISD from which patients can be identified and/or linkage of previously unlinked records; then an application must be submitted to the PAC
Application Form [158KB]- Guidance Notes [120KB]
Completed forms should be returned to Dr Rod Muir, Consultant in Public Health Medicine, Information Services, NHS National Services Scotland, Gyle Square, 1 South Gyle Crescent, Edinburgh EH12 9EB.
Anonymised form of the national database
This is used by ISD staff to perform analyses where patient identifiable information is not required. Access to patient identifiable Data is restricted to a limited number of trained staff, requires special, time-limited permission and all access is recorded and audited.
Protecting Patient Confidentiality: The Confidentiality and Security Advisory Group for Scotland (CSAGS) report "Protecting Patient Confidentiality" was published in April 2002. It recommended improvements in the way NHSScotland protects the privacy of patient data whilst continuing to make data available for essential purposes of patient care, public health improvement and planning. CSAGS recommended that data flows should be anonymised whenever possible and that there should be a central service to anonymise national data. In response to this ISD undertook a fundamental review of its processing of the national data sets. The results of this review and a set of good practice guidelines based on the lessons learned during this work are set out in the following reports.
Managing Patient Identifying Data: Best Practice Guidelines [76KB]- Anonymisation: NHSScotland National Data Sets [164KB]
Audits: Audits of confidentiality and security practice take place regularly within ISD.
Research using personal data
The data held by health organisations is a potentially rich resource for research. ISD has always been keen to provided support to researchers who wish to exploit the data ISD holds. However this has to be done within current ethical and legal guidelines. Many researchers feel the current system puts too many barriers in the way of access to data. A meeting was held in Edinburgh on the 2nd November 2006 to discuss these issues and start looking at possible solutions.
Research Using Personal Data, a report on the discussions.
Secondary uses of health information
NHSScotland collects and uses large amounts of data. Information collected in the course of providing care for individuals is increasingly used in 'secondary' ways that allow us to plan services; track progress in improving health and spot new emerging threats to health. Electronic health information systems have developed to cope with rising demands for more and better information and NHSScotland's 'eHealth' strategy aims to develop this further. Concerns about the impact of this on privacy have required new systems of governance to be put in place. Governance arrangements will continue to evolve alongside changes in health information processing brought about by eHealth developments.
Secondary Uses of Information in NHSScotland, a review of recent developments of secondary use of data in Scotland.
Patient Confidentiality & Small Numbers
Maintaining patient confidentiality is a fundamental principle in ISD's work. We take particular care when providing tabular information which results in small numbers appearing in table cells. We are currently reviewing our procedures with the objective of implementing the Confidentiality Guidance published by the Office of National Statistics (ONS) in October 2006. In the meantime ISD will, when it judges it to be necessary, apply the ONS Confidentiality Guidance and methods when releasing data.
ONS Confidentiality Guidance on maintinaing patient confidenitality.
Links
The Information Commissioner's Web site: www.dataprotection.gov.uk contains a register of data controllers, ISD's entry is included with that for the NHS National Services Scotland
NHSScotland Information Governance:www.isdscotland.org/infogov
:Rod Muir
Printer friendly version
