NIGBInternational Data Sharing Conference

Oxford Tuesday 21st September 2010

National Information Governance Board

Alan Doyle - Director

Karen Thomson - Information Governance Manager

Andrew Harris – Chair Ethics and Confidentiality Committee

NA

TIO

NA

L I

NF

OR

MA

TIO

N G

OV

ER

NA

NC

E B

OA

RD

FO

R H

EA

LT

H A

ND

SO

CIA

L C

AR

EN

AT

ION

AL

INF

OR

MA

TIO

N G

OV

ER

NA

NC

E B

OA

RD

NIGBThe role of the NIGB

• To support improvements in information governance in health and social care;

• To set standards and provide advice and guidance on information governance;

• To advise on the use of powers under section 251 of the NHS Act 2006.

NA

TIO

NA

L I

NF

OR

MA

TIO

N G

OV

ER

NA

NC

E B

OA

RD

FO

R H

EA

LT

H A

ND

SO

CIA

L C

AR

EN

AT

ION

AL

INF

OR

MA

TIO

N G

OV

ER

NA

NC

E B

OA

RD

NIGBNIGB PrinciplesWithin health and social care services:

• The interests of patients and service users come first;

• Informed consent and personal autonomy should underpin the provision of health and social care;

• With patient consent the right information should be available to the right people at the right time to provide individual care;

• Secondary users should seek to use de-identified data;

• The wishes of people who have withheld or withdrawn their consent should be respected.N

AT

ION

AL

IN

FO

RM

AT

ION

GO

VE

RN

AN

CE

BO

AR

D F

OR

HE

AL

TH

AN

D S

OC

IAL

CA

RE

NA

TIO

NA

L IN

FO

RM

AT

ION

GO

VE

RN

AN

CE

BO

AR

D

NIGBNIGB Principles•It is in people’s interests to have:

– Appropriate and accessible care, which promotes health, social welfare and public safety;

– A sound research base on which to build and improve effective services; and

– Well managed and cost effective services.

•The principles of good regulation should be followed. These are proportionality, accountability, consistency, transparency and fairness.

NA

TIO

NA

L I

NF

OR

MA

TIO

N G

OV

ER

NA

NC

E B

OA

RD

FO

R H

EA

LT

H A

ND

SO

CIA

L C

AR

EN

AT

ION

AL

INF

OR

MA

TIO

N G

OV

ER

NA

NC

E B

OA

RD

NIGBNIGB PrinciplesThese principles will sometimes be in tension with each other. In seeking to resolve those tensions it should be noted that:

•Allowing service users appropriate control over and access to their own information, and its use, is central to the role of the NIGB and is a requirement of the Data Protection Act 1998;

•Trust and public confidence in health and social care services should be earned and maintained, and not assumed;

•Patients service users and carers have a right to confidentiality;

•People’s information should be stored and shared in a secure manner.

NA

TIO

NA

L I

NF

OR

MA

TIO

N G

OV

ER

NA

NC

E B

OA

RD

FO

R H

EA

LT

H A

ND

SO

CIA

L C

AR

EN

AT

ION

AL

INF

OR

MA

TIO

N G

OV

ER

NA

NC

E B

OA

RD

NIGBNIGB Principles•Those providing care must comply with legal requirements and professional practice standards and guidance;

•An appropriate balance between individual and public interests must be maintained;

– In accordance with Article 8 of the Human Rights Act 1998, interference with people’s privacy is only permissible where it is in accordance with the law and necessary for a number of specified purposes including public safety, the protection of health and the rights and freedoms of others and is proportionate to the purpose.

•Where decisions are made concerning the balance of individual and professional or public interests those making decisions should be accountable and except where personal details are involved the basis for such judgements should be made public.

NA

TIO

NA

L I

NF

OR

MA

TIO

N G

OV

ER

NA

NC

E B

OA

RD

FO

R H

EA

LT

H A

ND

SO

CIA

L C

AR

EN

AT

ION

AL

INF

OR

MA

TIO

N G

OV

ER

NA

NC

E B

OA

RD

NIGBN

AT

ION

AL

IN

FO

RM

AT

ION

GO

VE

RN

AN

CE

BO

AR

D F

OR

HE

AL

TH

AN

D S

OC

IAL

CA

RE

NA

TIO

NA

L IN

FO

RM

AT

ION

GO

VE

RN

AN

CE

BO

AR

D

The Care Record Guarantees

NIGBThe care record guarantee commitment to patients:

•We will only use your information in ways which respect your rights and contribute to your health and well being

The NHS Constitution sets out patient rights in legislation:

•You have a right to privacy and confidentiality and to expect the NHS to keep your confidential information safe and secure

NA

TIO

NA

L I

NF

OR

MA

TIO

N G

OV

ER

NA

NC

E B

OA

RD

FO

R H

EA

LT

H A

ND

SO

CIA

L C

AR

EN

AT

ION

AL

INF

OR

MA

TIO

N G

OV

ER

NA

NC

E B

OA

RD

Issues NIGB• Boundaries of the clinical care team – what patients expect

• Consent for disclosure for consent

–Practical difficulties

–Lack of support from clinicians

– role for research facilitators? Could still breach confidentiality

• Control subjects

–less likely to be contact with services

– Lack of awareness that their information is also valuable for research

–Least likely to benefit from researchNA

TIO

NA

L IN

FO

RM

AT

ION

GO

VE

RN

AN

CE

BO

AR

D

NIGBDe-identificationIf data have been effectively de-identified then no longer regarded as personal data and can be used more freely. The issue is what constitutes effectively de-identified.

Benefits

-Near 100% data capture-Multiple purposes without needing further consent

-Potential for onward disclosure to collaborators or other researchers without needing further consent

Disbenefits -often a trade off between identifiability and utility

-Some people still feel sense of ownership over their data and therefore potential harm if used for a purpose to which they object

NA

TIO

NA

L IN

FO

RM

AT

ION

GO

VE

RN

AN

CE

BO

AR

D

NIGBConsentIssues lack of clinician engagement and support in contacting patients in order to seek consent, and obtaining meaningful consentBenefits

respectful of individual’s wishes, prevents harm of intrusionpeople have an ongoing relationship with research, facilitates further uses & potentially moneymore extensive information availableFacilitates contact with relatives

DisbenefitsData bias if particular groups either do not respond or refuseTerms of consent can limit uses and require further consentN

AT

ION

AL

INF

OR

MA

TIO

N G

OV

ER

NA

NC

E B

OA

RD

NIGBEngaging with patients & public

General – improving public understanding of use of personal and confidential information for research - transparency improves trust.

Specific – improving individual studies through patient input

Where S251 used to support research provides evidence of patient support for the study even without consent from individuals

NA

TIO

NA

L IN

FO

RM

AT

ION

GO

VE

RN

AN

CE

BO

AR

D

NIGBHonest Brokers:E.g. Information Centre/Research Capability Programme

•To facilitate secondary uses of patient identifiable data in a safe and secure environment;

•To develop and use de-identification techniques to reduce the risk of disclosure;

•To facilitate contact with patients and the public on behalf of approved researchers in order to seek their consent to participate in research either directly or by allowing their personal data or tissue to be used.

NA

TIO

NA

L I

NF

OR

MA

TIO

N G

OV

ER

NA

NC

E B

OA

RD

FO

R H

EA

LT

H A

ND

SO

CIA

L C

AR

EN

AT

ION

AL

INF

OR

MA

TIO

N G

OV

ER

NA

NC

E B

OA

RD

NIGBHonest Brokers – criteria:

•Trusted authoritative source of information;

•Support purposes in the public interest (S251);

•Reduce the need for researchers’ access to identifiable information;

•Demonstrate capability in data quality, linkage and managing cohorts;

•Develop and use techniques in de-identification;

• Operate with robust Information Governance standards;

• Control data delivery via ensuring approvals and agreements are in place.

NA

TIO

NA

L I

NF

OR

MA

TIO

N G

OV

ER

NA

NC

E B

OA

RD

FO

R H

EA

LT

H A

ND

SO

CIA

L C

AR

EN

AT

ION

AL

INF

OR

MA

TIO

N G

OV

ER

NA

NC

E B

OA

RD

NIGBSection 251 & the Health Service (Control of Patient Information) Regulations 2002 [SI 1438] permit the common law duty of confidentiality to be set aside for medical purposes where:

- anonymised data cannot be used- and where consent is not practicable.

• Includes permission to identify relevant patients in order to obtain their consent

• These powers can only be used to improve patient care, or in the public interest.

• Permission to use these powers given by SoS via application to NIGB ECCN

AT

ION

AL

INF

OR

MA

TIO

N G

OV

ER

NA

NC

E B

OA

RD

Exemption from the duty of confidentiality

NIGB

www.nigb.nhs.uk

Email: NIGB@nhs.netEmail for ECC: ECCApplications@nhs.net

Tel: 020 7633 7052

NA

TIO

NA

L IN

FO

RM

AT

ION

GO

VE

RN

AN

CE

BO

AR

D

Legal requirements NIGBLegal requirements for processing confidential personal data

Common law duty of Confidentiality

Data Protection Act 1998 Human Rights Act 1998

NA

TIO

NA

L IN

FO

RM

AT

ION

GO

VE

RN

AN

CE

BO

AR

D

Common Law of Confidentiality NIGB• Information must be confidential in nature

• Information that is communicated in confidence as part of the relationship

• Confidentiality survives death

• May be limited by– Consent (Informed, with capacity, freely given)– Statute/Court order– Public interest favours disclosure

See the NHS Confidentiality Code of Practice

NA

TIO

NA

L IN

FO

RM

AT

ION

GO

VE

RN

AN

CE

BO

AR

D

Human Rights Act 1998 NIGB• Right to privacy (Article 8)

• BUT breaches by the state may be justified provided they are “necessary [for]…public safety… [or] the protection of health”

• Disclosures must be proportionate based on the particular circumstances of individuals

• 3 tests considered– has there been interference with privacy?– is there justification?– is the justification proportionate to the breach?N

AT

ION

AL

INF

OR

MA

TIO

N G

OV

ER

NA

NC

E B

OA

RD

Data Protection Act 1998 NIGB DPA defines personal data as “data which relate to a living individual who can be identified from those data, or from those data and other information which is in the possession of, or is likely to come into the possession of the data controller…”

In other words if it is identifiable, it’s personal

If data are effectively anonymised then they are no longer personal data and can be used without restriction.

NA

TIO

NA

L IN

FO

RM

AT

ION

GO

VE

RN

AN

CE

BO

AR

D

Data Protection Act - 8 principles NIGB1) Fairly and lawfully;2) Obtained for specific purposes and only used for

compatible purposes;3) Adequate, relevant & not excessive;4) Accurate;5) Only kept for as long as necessary for the agreed

purpose;6) In accordance with the rights of the subject;7) Kept securely;8) Only transferred outside European Economic

Area (EEA) with equivalent protections.

NA

TIO

NA

L IN

FO

RM

AT

ION

GO

VE

RN

AN

CE

BO

AR

D

NIGBSection 33 provides exemptions for research:

• Further processing for research is to be regarded as a compatible purpose

• But this does not remove onus on NHS bodies to inform patients about the use for research purposes;

• And it only applies where research is a secondary purpose.

• Data can be kept indefinitely

• Exemption from subjects’ access rightsNA

TIO

NA

L IN

FO

RM

AT

ION

GO

VE

RN

AN

CE

BO

AR

DData Protection ActResearch exemptions

Clinical Care team & Confidentiality NIGBEU Art 29 WP Opinion on EHRs 2007 WP 131

Art. 8(3) allows for processing of sensitive personal data by a health care professional where it is “required”

“for the purposes of preventive medicine, medical diagnosis, the provision of care or treatment or the management of health-care services” [Section 6, page 10]

NB. Medical research is not covered under the Directive.

NA

TIO

NA

L IN

FO

RM

AT

ION

GO

VE

RN

AN

CE

BO

AR

D

De-identification NIGBWhen is anonymised data anonymous?• Personal data

“data which relate to a living individual who can be identified from those data, or from those data and other information which is in the possession of, or is likely to come into the possession of the data controller…”– i.e. combination of identifying data items or other

information available which makes data identifiable and therefore personal.

– To cease being personal data all means of identification should be removed prior to disclosure.

NA

TIO

NA

L IN

FO

RM

AT

ION

GO

VE

RN

AN

CE

BO

AR

D

De-identifying data NIGB• Sufficient identifiers should be removed or where they are

needed encrypted so that they are “machine readable” but not “human readable” – still personal & confidential data. NB - This should be done before researcher receives it, where consent is absent.

NA

TIO

NA

L IN

FO

RM

AT

ION

GO

VE

RN

AN

CE

BO

AR

D

Strong Identifiers• NHS number• Date of Birth• Date of Death• Postcode• Name• Address• GP practice code

Other Identifiers• Ethnicity• Local patient identifier• Other geographic identifiers

– Local Authority area– PCT

• Gender

Is pseudonymised data anonymous? NIGB• Pseudonymised data

– data that has been coded so that it is not identifiable to the recipient but which can be linked longitudinally and across different sources if a common pseudonym is used.

• The pseudonymisation key must NOT be held by the receiving body, otherwise identifiable

• There remains a degree of risk as to the identity of some individuals, therefore still personal data but can be used with safeguards:– data disclosure / sharing contracts which require the recipient not

to seek to identify individuals and not to disclose the data to 3rd parties.

• Apply pseudonymisation techniques & evaluate identifiability before release & withhold or redact.

NA

TIO

NA

L IN

FO

RM

AT

ION

GO

VE

RN

AN

CE

BO

AR

D