TY - JOUR T1 - Legal and ethical considerations in processing patient-identifiable data without patient consent: lessons learnt from developing a disease register JF - Journal of Medical Ethics JO - J Med Ethics SP - 302 LP - 307 DO - 10.1136/jme.2006.016907 VL - 33 IS - 5 AU - Charlotte L Haynes AU - Gary A Cook AU - Michael A Jones Y1 - 2007/05/01 UR - http://jme.bmj.com/content/33/5/302.abstract N2 - The legal requirements and justifications for collecting patient-identifiable data without patient consent were examined. The impetus for this arose from legal and ethical issues raised during the development of a population-based disease register. Numerous commentaries and case studies have been discussing the impact of the Data Protection Act 1998 (DPA1998) and Caldicott principles of good practice on the uses of personal data. But uncertainty still remains about the legal requirements for processing patient-identifiable data without patient consent for research purposes. This is largely owing to ignorance, or misunderstandings of the implications of the common law duty of confidentiality and section 60 of the Health and Social Care Act 2001. The common law duty of confidentiality states that patient-identifiable data should not be provided to third parties, regardless of compliance with the DPA1998. It is an obligation derived from case law, and is open to interpretation. Compliance with section 60 ensures that collection of patient-identifiable data without patient consent is lawful despite the duty of confidentiality. Fears regarding the duty of confidentiality have resulted in a common misconception that section 60 must be complied with. Although this is not the case, section 60 support does provide the most secure basis in law for collecting such data. Using our own experience in developing a disease register as a backdrop, this article will clarify the procedures, risks and potential costs of applying for section 60 support. ER -