Mar 28, 2015
Data Protection Act 1998
University Secretary’s [email protected]
2 The Act obliges you to:
• Collect information about people only with their permission, unless there is a legal reason to do so
• Show individuals the information it holds about them if they request it
• Be very careful when giving this information to anyone else
3 Personal Data
• any information• about living people • who can be identified by that
information • or by combining the information
with other data that you have, or are likely to have in the future
4 Examples of Personal Data
• ID number, NI number, NHS number, Postcode
• One or more factors specific to physical, physiological, mental, economic, cultural or social identity
5 The Act
Applies to all records, including:
• Paper, card indexes, microfiche• Electronic records, email • Photographs, visual images• Recordings, audiotape, videotape• CCTV, X-rays
6 Processing
Applies to anything that can be done to records including:
• obtaining/recording • holding • disclosing/publishing • typing/writing• destroying/disposing
7 Rights of Data Subjects
• Subject Access• To prevent processing likely to
cause damage or distress• To object to direct marketing • To object to automated decision
making
8 Rights
• To receive compensation for unwarranted damage or distress
• To ask the Court to order rectification, blocking, erasure, destruction of data
• Other remedies for inaccuracy
9 The Principles
The Act says personal data shall:• be collected and processed fairly
and lawfully (consent!);• be held for specific and lawful
purposes (specified in advance);• only be disclosed to those people
described in the register entry.
10 The Principles
The Act says personal data shall:• be adequate, relevant, and not
excessive;• be accurate, and where
necessary, kept up to date;• be held under secure conditions
for no longer than is necessary for the purpose.
11 What are Sensitive Data?
• Racial or ethnic origin• Political opinions• Religious, or other similar beliefs• Trade Union membership• Physical or mental health or
condition• Sexual life• Convictions or alleged criminal acts
12 Sensitive Data
You must have the specific written permission of the data subject to hold sensitive data
unless you already have a legal requirement to process those data.
13 Sensitive Data
Security must be appropriate to the degree of harm caused by the
misuse of data
14 Definitions
‘recording’ and ‘image’ include:• all types of audio and visual
recordings and images of people • originals or copies • carried out for any purpose
15 ‘Images/Recordings’
NOT included:• Pathology slides containing
human tissue (as opposed to an image of such a slide).
• CCTV recordings of public areas
16 When is consent not required?
• When images cannot, on their own, identify the patient and are suitably anonymised:– Pathology slides– X-rays– Laparoscopic images– Images of internal organs– Ultrasound images
17 Within the clinical setting
• Images made for clinical purposes form part of the medical record
• Images made for treating/ assessing a patient must only be used for the patient’s care or the audit of that care
18 Within the clinical setting
• Guidelines say:Truly anonymous recordings made for treating/assessing patients may be used within the clinical setting for education or research purposes without express consent as long as this policy is well publicised.
19 Within the clinical setting
BUT gain consent if:• images show extreme or unusual
features or injuries that could identify the subject, or
• images illustrate a condition that is so rare that individuals could be identified.
20 However…
• Informed consent must be sought for any form of publication, or for use outside the clinical setting.
21 Anonymising v consent
• Apparently insignificant features may still be capable of identifying the patient to others, such as distinguishing marks, tattoos, body piercings, posture and gait.
• Research shows it is usually impossible to be sure that a patient will not be identifiable from a recording
22 Anonymising v consent
• Therefore no recordings* should be published without patient consent
• Written consent must always be obtained in advance
• Get a signature• Give a contact name and address
23 Consent for publication
Tell the patient:• The possible uses of the images• The purpose for which they are
held• That it will not be possible to
control the use of material once it has been published, especially if it is to be published on the Internet
24 Consent for publication
• Make it clear to the patient:– that s/he can stop the recording at any time– S/he is entitled to view the image in the form in
which it will be shown before deciding whether to allow its use
– If s/he or she does not consent for the image to be used for these purposes it will be safely destroyed
25 Obtaining consent
Ask the patient:• To confirm specifically whether
images can be used for:– Teaching– Research– Publication in books– Publication on the internet
26 Consent
Consent must be meaningful:• Avoid jargon• Use plain language• Never imply consent is expected
27 Suggested Wording
This information will be held and processed for the
following purpose(s):
…………………………………………………….
I agree to the University of Bristol recording and
processing this information about me. I understand that
this information will be used only for the purpose(s) set out
in the statement above, and my consent is conditional
upon the University complying with its duties and
obligations under the Data Protection Act.
Signature……………………….. Date ……….
28 Consent
• Consent is a process, not merely obtaining a signature on a piece of paper
• Do not confuse capacity to give consent with your assessment of the reasonableness of the person’s decision
29 Consent by proxy
It is not possible to obtain consent by proxy
30
• Adults are always assumed to be competent to make decisions unless demonstrated otherwise.
• In England and Wales, no one (not even a spouse) can give consent on behalf of adults who are not capable of giving consent themselves.
Consent and Adults
31 Help people to give consent
Use:• Specialist colleagues such as speech
and language therapists or experts in the field of learning difficulty
• Pictures or communication aids • Appropriate, respectful, plain
language• Advocates
32 Consent and children
• Once children reach the age of 18 no one else can take decisions on their behalf.
• No specific age when a child becomes competent; depends on the child and the complexity of the proposed project (Gillick competence).
33 Consent and children
• If a child cannot consent, seek consent from the person with parental responsibility
• Younger children who can understand can give consent, but it is preferable also to involve their parents.
34 Consent and children
• Seek advice before proceeding if a competent child refuses but a parent agrees
35 Consent and children
• Always seek ethical approval when working with children
• Staff/students working with children should be CRB checked
36 Patients unable to consent
• NEVER research those who do not have the capacity to consent if you can achieve the same results researching those who do.
• If you wish to research those without the capacity to consent you MUST have the approval of an ethics committee.
37 Patients unable to consent
• Guidelines say:– make recording but consent must be
obtained when the person regains capacity
– recording must not be used until consent has been given
– must be destroyed if the patient does not consent to its use
38 Unlikely ever to give consent
• If the patient is unlikely ever to be able to give or withhold consent discuss the matter with those close to the individual.
• The recording should not be used in any way that might be against the best interests of the subject.
• Seek advice from data protection officer/ethics committee.
39 Existing collections
• Since 1997 GMC standards have required clinicians to obtain permission to make any recording that would not form part of the patient’s assessment or treatment, regardless of whether the patient may be identifiable.
40 Existing collections
• Recordings made after 1997 from which a patient can be identified but for which consent cannot be proved must not be used.
41 Pre-1997 collections
• Continue to use truly anonymised recordings
• Replace pre-1997 recordings with similar recordings for which consent has been obtained
• Have a documented, timetabled schedule of replacement.
42 Working with other organisations
• Ensure they have a registration • Gain consent BEFORE giving
them data• Gain consent BEFORE getting
data from them
• (exception – Secretary of State)
43 Summing up
• Plan ahead• Review patient information sheets
and consent forms• Have a confidential waste policy
for paper, tapes, audiotapes• Have a computer disposal policy
with appropriate software
44 Useful Links
Information Commissioner:http://www.dataprotection.gov.uk
The Data Protection Act 1998:http://www.legislation.hmso.gov.uk/acts/acts1998/19980029.htm
Secretary’s Office:
http://www.bris.ac.uk/Depts/Secretary/datapro.htm
45
ANY QUESTIONS?
THANK YOU