The Data Protection Act 1998, came into force in 2000. It legislates for the control and protection personal data generally. The more stringent requirements of the Act do not apply to some kinds of healthcare research (e.g. research using anonymised unlinked data and some epidemiological research) because of an 'exemption' clause research in the Act. Adherence to this law and advice on compliance in the UK is monitored by the Information Commissioner.
Personal data, in written or electronic form must be:
The Research Governance Framework for Health and Social Care incorporates the stipulations of the Data Protection Act and requires that in the research setting, the appropriate use and protection of patient data is paramount. All those involved in research must be aware of their legal an ethical duties in this respect. Particular attention must be given to systems for ensuring confidentiality of personal information and to the security of these systems.
Personal information is all information about individuals, living or dead. For example medical records which are written or held on a computer system, images, recordings, information obtained from samples and opinions expressed about the individual.
Personal data has a narrower definition and is more closely concerned with avoiding the possibility of identification. It is information about living people which in isolation or in combination with other data which may be available, may lead to the identification of the patient.
Confidential information in the context of healthcare, is information about oneself given on the explicit or implicit understanding that it will not be disclosed to others outside the patient's care, without the patient's consent. Both the law and patients assume that this is the case when personal information is disclosed as part of clinical care.
Sensitive information refers to information about individuals which may have particularly deleterious effects if it is disclosed inappropriately. The Data Protection Act 1998 refers to 'sensitive personal data' as including all information about physical or mental health or condition, or sexual life. (Annex3(B)
Coded data is not anonymous data. Identities are disguised by the code but the code can be easily decoded by those in control of the data. For example, an 'alphanumeric code' made up of a patients postcode/initials and date of birth is not anonymous. Informed consent from the participants is required for this situation (except in exceptional situations where the need is waived by applying to the Department of Health).
Anonymised data is data which has been coded by others outside the research team, for example from a national database such as the Cancer Registry or a large pharmaceutical company. Permission for this data to be used in future research should be requested at the time of initial consent to registration or research.
Linked Anonymised data can be decoded by the organisation supplying it to the researchers but not by the researchers themselves. For example a Care Organisation may need to link perhaps unexpected research data to a particular patient in the interests of their care. Informed consent from the patient is sometimes necessary when using linked anonymous data. The Research Ethics Committee should be consulted.
Unlinked Anonymised data describes the situation where the link between the data and the person to whom the it refers has been irreversibly broken. No one could use this data to identify a specific individual. Informed consent is not necessary for research which makes use of unlinked anonymised data.
Research work that makes use of existing data sets (and stored samples) must have permission from the Caldicott Guardian. The Caldicott Principles were the result of the 'Report on the Review of Patient-Identifiable Information' by the Caldicott Committee, Department of Health 1997. The Caldicott Guardian in each Trust is charged with ensuring that these principles are respected and acted upon. The Caldicott Principles apply in addition to the requirements of the Data Protection Act 1998.
Every proposed use or transfer of patient-identifiable information within or from an organisation should be clearly defined and scrutinised, with continuing uses regularly reviewed by an appropriate guardian.
Patient-identifiable information items should not be used unless there is no alternative
Where use of patient-identifiable information is considered to be essential, each individual item of information should be justified with the aim of reducing identifiability.
Only those individuals who need access to patient-identifiable information should have access to it, and they should only have access to the information items that they need to see.
Informed consent for the use of personal data should be sought wherever this is practically possible and will not cause more harm in terms of distress to the patient or their family. This should be balanced against the possibility of contributing to the advancement of medical knowledge. People are usually happy to allow access to their data: it is often the omission to ask which causes offence. There is a need for more research and public debate about the levels of access to personal data the public will allow without consent. Where consent is not sought this should be justified to the Research Ethics Committee.