Governance and ethics when using clinical information for research Dr Murat Soncul, Head of Information Governance Consent, Ethics and Data Security Workshop 12 June 2014
Governance and ethics when using clinical information for research
Dr Murat Soncul, Head of Information Governance
Consent, Ethics and Data Security Workshop12 June 2014
Bioinformatics and Biostatistics at the NIHR Biomedical Research Centre for Mental Health
www.slam.nhs.uk
- Why do we need clinical information in medical research?
- How to use of clinical information in medical research
- Consent and what if consent is not practicable?
- Health Service (Control of Patient Information) Regulations (section 251 support)
- Summary
Objectives
www.slam.nhs.uk
- To identify prevalence of disorders
- To identify causes of diseases
- To measure outcomes of treatment
- To assess long-term and/or unexpected effects of treatment
- To identify contributing factors in healthcare and outcomes
- To monitor diseases
- Variations by time and place
IntroductionWhy do we need clinical information in research?
www.slam.nhs.uk
ConsentHow to use clinical information in research?
Direct from participants
From health records
Informed consent to participate
Informed consent to access records
Access anonymised data
www.slam.nhs.uk
Research must sometimes use data without informed consent while retaining identifiers
ConsentWhat if consent is not practicable?
Large scale study
Full coverage of cohort is essential
Exclusion of those who do not consent would introduce bias
Identifiers are required to link different datasets
Identifiers contain useful information
Contact for consent is likely to cause distress
www.slam.nhs.uk
The NHS Act 2006 and the Regulations enable the common law duty of confidentiality to be temporarily lifted so that confidential patient information can be transferred to an applicant without the discloser being in breach of the common law duty of confidentiality.
In practice, this means that the person responsible for the information (the data controller) can, if they wish, disclose the information to the applicant without being in breach of the common law duty of confidentiality. They must still comply with all other relevant legal obligations e.g. the Data Protection Act 1998.
Approval also provides reassurance that that the person(s) receiving the information has undergone an independent review of their purposes and governance arrangements.
Section 251 of the NHS Act (2006)Health Service (Control of Patient Information) Regulations
www.slam.nhs.uk
Research (and other activities such as health service audits, evaluations) with a medical purpose that is in the publicinterest,
Should clearly demonstrate that consent is not practicable,
Access to identifiers must be temporary,
Must be compliant with the Data Protection Act .
In other words…
www.slam.nhs.uk
Data protection principles
www.slam.nhs.uk
Fair processing:‘No surprises’ – The need to inform patient what you are doing with their data
- Patient public engagement- Clear and easy to understand information materials - Demonstrate an exit strategy
In line with data subjects rights:- Access to personal data- Enable dissent / opt-out
Secure processing:- Demonstrate compliance with NHS security and governance standards
Data protection principles
www.slam.nhs.uk
The key purpose of the CAG To promote and protect the interests of the patient whilst at the same time facilitating appropriate use of confidential patient information for purposes beyond direct patient care.
CAG provides independent expert advice on whether applications to access patient information without consent should or should not be approved.
Confidentiality Advisory Group (CAG)
www.slam.nhs.uk
Summary
• Access identifiable clinical information with informed consent
• Anonymised clinical information can be accessed without consent
• When consent is not practicable and identifiable patient information is required for research, audit and service evaluation with medical purpose that is in the public interest, seek support to temporarily set aside the common law of duty of confidentiality and access identifiers, provided that:
There is an exit strategy Access is deemed reasonable in public/patient opinion Patients are sufficiently informed and have opportunity to opt-out Conditions of the Data Protection Act are met for secure access, storage and destruction