The legal requirements and justifications for collecting patient-identifiable data without patient consent were examined. The impetus for this arose from legal and ethical issues raised during the development of a population-based disease register. Numerous commentaries and case studies have been discussing the impact of the Data Protection Act 1998 (DPA1998) and Caldicott principles of good practice on the uses of personal data. But uncertainty still remains about the legal requirements for processing patient-identifiable data without patient consent for research purposes. This is largely owing to ignorance, or misunderstandings of the implications of the common law duty of confidentiality and section 60 of the Health and Social Care Act 2001. The common law duty of confidentiality states that patient-identifiable data should not be provided to third parties, regardless of compliance with the DPA1998. It is an obligation derived from case law, and is open to interpretation. Compliance with section 60 ensures that collection of patient-identifiable data without patient consent is lawful despite the duty of confidentiality. Fears regarding the duty of confidentiality have resulted in a common misconception that section 60 must be complied with. Although this is not the case, section 60 support does provide the most secure basis in law for collecting such data. Using our own experience in developing a disease register as a backdrop, this article will clarify the procedures, risks and potential costs of applying for section 60 support.
- CVD, cardiovascular disease
- DPA1998, Data Protection Act 1988
- GP, general practitioner
- HRA1998, Human Rights Act 1998
- NHS, National Health Service
- PIAG, Patient Information Advisory Group
Statistics from Altmetric.com
If you wish to reuse any or all of this article please use the link below which will take you to the Copyright Clearance Center’s RightsLink service. You will be able to get a quick price and instant permission to reuse the content in many different ways.
Funding: This work was supported by Stockport NHS Foundation Trust R&D.
Competing interests: None.
Read the full text or download the PDF:
Other content recommended for you
- Using patient-identifiable data for observational research and audit
- The social licence for research: why care.data ran into trouble
- Core requirements for successful data linkage: an example of a triangulation method
- Data protection legislation: interpretation and barriers to research
- Legal aspects of records based medical research
- Extracting information from hospital records: what patients think about consent
- Privacy, confidentiality and abortion statistics: a question of public interest?
- Confidentiality and the duties of care
- Consent, confidentiality, and the Data Protection Act
- The Human Rights Act 1998 and medical treatment: time for re-examination