Legal and ethical considerations in processing patient-identifiable data without patient consent: lessons learnt from developing a disease register
- 1Epidemiology, Stockport NHS Foundation Trust, Stepping Hill Hospital, Stockport, UK
- 2Epidemiology, Stockport NHS Foundation Trust, Stepping Hill Hospital, Stockport, UK
- 3Liverpool Law School, University of Liverpool, Liverpool, UK
- Correspondence to: Dr C L Haynes Epidemiology, Stockport NHS Foundation Trust, Stepping Hill Hospital, Stockport SK2 7JE, UK;
- Received 31 March 2006
- Accepted 8 August 2006
- Revised 1 August 2006
The legal requirements and justifications for collecting patient-identifiable data without patient consent were examined. The impetus for this arose from legal and ethical issues raised during the development of a population-based disease register. Numerous commentaries and case studies have been discussing the impact of the Data Protection Act 1998 (DPA1998) and Caldicott principles of good practice on the uses of personal data. But uncertainty still remains about the legal requirements for processing patient-identifiable data without patient consent for research purposes. This is largely owing to ignorance, or misunderstandings of the implications of the common law duty of confidentiality and section 60 of the Health and Social Care Act 2001. The common law duty of confidentiality states that patient-identifiable data should not be provided to third parties, regardless of compliance with the DPA1998. It is an obligation derived from case law, and is open to interpretation. Compliance with section 60 ensures that collection of patient-identifiable data without patient consent is lawful despite the duty of confidentiality. Fears regarding the duty of confidentiality have resulted in a common misconception that section 60 must be complied with. Although this is not the case, section 60 support does provide the most secure basis in law for collecting such data. Using our own experience in developing a disease register as a backdrop, this article will clarify the procedures, risks and potential costs of applying for section 60 support.
- CVD, cardiovascular disease
- DPA1998, Data Protection Act 1988
- GP, general practitioner
- HRA1998, Human Rights Act 1998
- NHS, National Health Service
- PIAG, Patient Information Advisory Group
Funding: This work was supported by Stockport NHS Foundation Trust R&D.
Competing interests: None.