NIGB
Information Governance and Confidentiality
Clinical Audit and Improvement Conference
8 - 9 February 2011
Karen ThomsonInformation Governance Manager
NA
TIO
NA
L IN
FO
RM
AT
ION
GO
VE
RN
AN
CE
BO
AR
D
Starting points NIGB• Patients and the public have an interest in
good quality health and care service provision
• Clinical audit is a key tool in ensuring the effective provision of good quality healthcare
• Informed consent and personal autonomy should underpin the provision of health and social care;
NA
TIO
NA
L IN
FO
RM
AT
ION
GO
VE
RN
AN
CE
BO
AR
D
What are we going to cover? NIGB• Information governance• Legal framework• Spectrum – local to national clinical audit• Secure approaches for lawful and ethical
processing• Consent• De-identification• Issues• Role of NIGB, ECC & 251
NA
TIO
NA
L IN
FO
RM
AT
ION
GO
VE
RN
AN
CE
BO
AR
D
Information governance NIGB
Information governance is the term used to describe the principles, processes, legal and ethical responsibilities for managing and handling information. It sets the requirements and standards that organisations need to achieve to ensure that information is handled legally, securely, efficiently and effectively.
Information Governance Standards Framework
ISB 1512 www.isb.nhs.uk
NA
TIO
NA
L IN
FO
RM
AT
ION
GO
VE
RN
AN
CE
BO
AR
D
Legal requirements NIGBLegal requirements for processing confidential personal data
Common law duty of Confidentiality (CLDC)
Data Protection Act 1998 Human Rights Act 1998NA
TIO
NA
L IN
FO
RM
AT
ION
GO
VE
RN
AN
CE
BO
AR
D
Common Law of Confidentiality NIGB
• Obviously private to a reasonable person of ordinary sensibilities if in the same position
• Information that is communicated with an expectation that it will be kept confidential
• Breach of confidence results in detriment but includes damage to trust
NA
TIO
NA
L IN
FO
RM
AT
ION
GO
VE
RN
AN
CE
BO
AR
D
Common Law of Confidentiality NIGB
• Confidentiality survives death
– Bluck v Information Commissioner
• May be limited by– Consent – Statute/Court order– Where the balance of public interests favours
disclosure
See the NHS Confidentiality Code of Practice
NA
TIO
NA
L IN
FO
RM
AT
ION
GO
VE
RN
AN
CE
BO
AR
D
Human Rights Act 1998 NIGB8(1) Everyone has the right to respect for his private
and family life, his home and his correspondence.
8(2) There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.N
AT
ION
AL
INF
OR
MA
TIO
N G
OV
ER
NA
NC
E B
OA
RD
Human Rights Act 1998 NIGB
• Disclosures must be proportionate based on
the particular circumstances of the individual
• Tests to be considered
– has there been interference with privacy?
– Is it in accordance with the law?
– is it necessary?
– is the justification proportionate to the breach?
NA
TIO
NA
L IN
FO
RM
AT
ION
GO
VE
RN
AN
CE
BO
AR
D
Data Protection Act 1998 NIGB DPA defines personal data as “data which relate to a living individual who can be identified from those data, or from those data and other information which is in the possession of, or is likely to come into the possession of the data controller…”
In other words if it is identifiable, it’s personal
If data are effectively anonymised then they are no longer personal data and can be used without restriction BUT... trade off with utility N
AT
ION
AL
INF
OR
MA
TIO
N G
OV
ER
NA
NC
E B
OA
RD
Data Protection Act - 8 principles NIGB1) Fairly and lawfully;
2) Obtained for specific purposes and only used for compatible purposes;
3) Adequate, relevant & not excessive;
4) Accurate;
5) Only kept for as long as necessary for the agreed purpose;
6) In accordance with the rights of the subject;
7) Organisational and technical measures to protect data;
8) Only transferred outside European Economic Area (EEA) with equivalent protections.N
AT
ION
AL
INF
OR
MA
TIO
N G
OV
ER
NA
NC
E B
OA
RD
Key points of law NIGB• Need to inform patients of the purposes and
disclosures before information is used• Disclosure of identifiable data breaches
confidentiality unless there is a legal basis• Legal bases for disclosure:
– Statute – no specific statutory basis, but S251 – patient consent
– public interest – should not be relied on for routine data flows
– de-identification
NA
TIO
NA
L IN
FO
RM
AT
ION
GO
VE
RN
AN
CE
BO
AR
D
Policy & professional standards NIGB
• NHS Confidentiality Code of Practice
• GMC guidance
• PIAG guidance (2004) – under review
• Ethical considerations for the particular circumstances – ethics values autonomy as well as beneficence, non-malfeasance and justice
NA
TIO
NA
L IN
FO
RM
AT
ION
GO
VE
RN
AN
CE
BO
AR
D
Spectrum of clinical audit NIGB• Clinical care team / internal to the
organisation• Care pathway audit where information shared
across providers • Clinical network level audit• Rare conditions audit - specialist centre level /
regional level• National audit
Different approaches likely to be appropriate for varying circumstancesN
AT
ION
AL
INF
OR
MA
TIO
N G
OV
ER
NA
NC
E B
OA
RD
Approaches for processing NIGB
• Consent• De-identification of data prior to use• S251
Which route is appropriate?
Depends on the circumstances
NA
TIO
NA
L IN
FO
RM
AT
ION
GO
VE
RN
AN
CE
BO
AR
D
Consent NIGBConsent (defined in Directive 95/46/EC)
‘The data subject’s consent’ shall mean any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed. (Article 2(h))
NA
TIO
NA
L IN
FO
RM
AT
ION
GO
VE
RN
AN
CE
BO
AR
D
Consent NIGBConsent tests• Informed• Freely given• Specific• Involves positive indication of wishes
These tests need to be met for implied consent as well as explicit
NA
TIO
NA
L IN
FO
RM
AT
ION
GO
VE
RN
AN
CE
BO
AR
D
De-identification NIGB• Anonymisation• Pseudonymisation
When is anonymised data anonymous?
When is pseudonymised data anonymous?
Identifiability is context specific
NA
TIO
NA
L IN
FO
RM
AT
ION
GO
VE
RN
AN
CE
BO
AR
D
Anonymisation NIGB• Personal data
“data which relate to a living individual who can be identified from those data, or from those data and other information which is in the possession of, or is likely to come into the possession of the data controller…”– i.e. combination of identifying data items or
other information available which makes data identifiable and therefore personal.
– To cease being personal data all means of identification should be removed prior to disclosure to the point of minimal risk from inference.
NA
TIO
NA
L IN
FO
RM
AT
ION
GO
VE
RN
AN
CE
BO
AR
D
De-identifying data NIGB• Identifiers – data that singly or in combination
can be used to identify individuals.• BUT rare conditions or procedures
intrinsically carry a risk of identification
NA
TIO
NA
L IN
FO
RM
AT
ION
GO
VE
RN
AN
CE
BO
AR
D
Strong Identifiers• NHS number
• Date of Birth
• Date of Death
• Postcode
• Name
• Address
• GP practice code
Other Identifiers• Ethnicity
• Local patient identifier
• Other geographic identifiers
– Local Authority area
– PCT
• Gender
Is pseudonymised data anonymous? NIGB• Pseudonymised data
– data that has been coded so that it is NOT identifiable to the recipient but which can be linked longitudinally and across different sources if a common pseudonym is used.
• The pseudonymisation key must NOT be held by the receiving body, otherwise it is still identifiable
NA
TIO
NA
L IN
FO
RM
AT
ION
GO
VE
RN
AN
CE
BO
AR
D
Pseudonymised data NIGB• There remains a degree of risk as to the
identity of some individuals, therefore still personal data but can be used with safeguards:– data disclosure / sharing contracts which
require appropriate third parties / recipients not to seek to identify individuals and not to disclose the data to 3rd parties.
• Apply pseudonymisation techniques & evaluate identifiability before release & withhold or redact.N
AT
ION
AL
INF
OR
MA
TIO
N G
OV
ER
NA
NC
E B
OA
RD
Role of the NIGB NIGB• Established by Health & Social Care Act 2008
• To promote higher standards for information governance across health and social care
• Members either publicly appointed or represent Health and Social Care stakeholders
• The NIGB’s Ethics and Confidentiality Committee advises Secretary of State on Section 251
• Territorial extent – England, Section 251 England & Wales
NA
TIO
NA
L IN
FO
RM
AT
ION
GO
VE
RN
AN
CE
BO
AR
D
Role of ECC NIGB• Advises whether disclosures of identifiable
data meet conditions of s 251 NHSA 2006• Advise SoS - set aside legal risk of breach of
CLDC• Confidential and for “medical purpose” • Only for 2° use: “Not solely or principally for
determining care or treatment to individuals” • Must comply with DPA• Must be no practicable alternative
NA
TIO
NA
L IN
FO
RM
AT
ION
GO
VE
RN
AN
CE
BO
AR
D
NIGBSection 251 of the NHS Act 2006, and
the Health Service (Control of Patient Information) Regulations 2002 [SI 2002/1438]
permit the common law duty of confidentiality to be set aside for medical purposes where:
- anonymised data cannot be used
- and where consent is not practicable.
These powers can only be used to improve patient care, or in the public interest.
NA
TIO
NA
L IN
FO
RM
AT
ION
GO
VE
RN
AN
CE
BO
AR
DExemption from the duty of confidentiality
Application of S251 to audit NIGB• NCASP audits• Need to demonstrate that identifiable data is
necessary, AND• That consent is not practicable because of
scale or retrospective data• PIAG guidance 2004 currently under review
by NIGB – working with NCAAG and HQIP
NA
TIO
NA
L IN
FO
RM
AT
ION
GO
VE
RN
AN
CE
BO
AR
D
Issues NIGBCulture – implied consent can be perceived as “consent not needed” , lack of information given to patients about how their information is used.
Consent - how to get the specificity balance right? Recording to facilitate implementation.
De-identification – how ensure effective de-identification when disclose to 3rd parties
How safeguard utility whilst also protecting patient confidentiality & the relationship of trust
NA
TIO
NA
L IN
FO
RM
AT
ION
GO
VE
RN
AN
CE
BO
AR
D
Key messages NIGB• Clinical audit is a secondary use
• Patients must be informed
• It needs a lawful basis if it involves disclosure– De-identified data– Consent– S251
• Health Bill may bring changes
• NIGB looking at this going forward with stakeholdersN
AT
ION
AL
INF
OR
MA
TIO
N G
OV
ER
NA
NC
E B
OA
RD
NIGB
www.nigb.nhs.uk
Email: [email protected]
Email for ECC: [email protected]
Tel: 020 7633 7052
NA
TIO
NA
L IN
FO
RM
AT
ION
GO
VE
RN
AN
CE
BO
AR
D