LEGAL BASES FOR DISCLOSING CONFIDENTIAL PATIENT INFORMATION FOR PUBLIC HEALTH: DISTINGUISHING BETWEEN HEALTH PROTECTION AND HEALTH IMPROVEMENT

The disclosure of confidential patient data without an individual's explicit consent should be for purposes that persons have reason to both expect and accept. We do not currently have the required level of clarity or consistency in understanding regarding the disclosure of confidential patient information for public health purposes to support effective public dialogue. The Health Service (Control of Patient Information) Regulations 2002 establish a legal basis in England and Wales for data to be disclosed for public health purposes without patient consent. Under the Regulations, there is more than one potential route towards lawful processing: Data may be processed for public health purposes under both Regulations 3 and 5. The alternatives have different safeguards and conditions attached, and their respective applicability to processing for purposes of public health improvement is currently unclear and subject to review. Beyond the need for clarity regarding the safeguards applicable to processing for particular public health purposes, there are reasons to prefer recognition that Regulation 5 is the most appropriate legal basis for disclosure when the purpose is public health improvement rather than public health protection. Where health improvement, rather than protection, is the aim, there is no justification for discarding the additional safeguards associated with processing under Regulation 5.