NIGB Information Governance and Confidentiality Clinical Audit and Improvement Conference February 2011 Karen Thomson Information Governance Manager NATIONAL INFORMATION GOVERNANCE BOARD

Starting points NIGB Patients and the public have an interest in good quality health and care service provision Clinical audit is a key tool in ensuring the effective provision of good quality healthcare Informed consent and personal autonomy should underpin the provision of health and social care; NATIONAL INFORMATION GOVERNANCE BOARD

What are we going to cover? NIGB Information governance Legal framework Spectrum – local to national clinical audit Secure approaches for lawful and ethical processing Consent De-identification Issues Role of NIGB, ECC & 251 NATIONAL INFORMATION GOVERNANCE BOARD

Information governance NIGB Information governance is the term used to describe the principles, processes, legal and ethical responsibilities for managing and handling information. It sets the requirements and standards that organisations need to achieve to ensure that information is handled legally, securely, efficiently and effectively. Information Governance Standards Framework ISB NATIONAL INFORMATION GOVERNANCE BOARD

Legal requirements NIGB Legal requirements for processing confidential personal data Common law duty of Confidentiality (CLDC) Data Protection Act 1998Human Rights Act 1998 NATIONAL INFORMATION GOVERNANCE BOARD

Common Law of Confidentiality NIGB Obviously private to a reasonable person of ordinary sensibilities if in the same position Information that is communicated with an expectation that it will be kept confidential Breach of confidence results in detriment but includes damage to trust NATIONAL INFORMATION GOVERNANCE BOARD

Common Law of Confidentiality NIGB Confidentiality survives death – Bluck v Information Commissioner May be limited by –Consent –Statute/Court order –Where the balance of public interests favours disclosure See the NHS Confidentiality Code of Practice NATIONAL INFORMATION GOVERNANCE BOARD

Human Rights Act 1998 NIGB 8(1) Everyone has the right to respect for his private and family life, his home and his correspondence. 8(2) There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others. NATIONAL INFORMATION GOVERNANCE BOARD

Human Rights Act 1998 NIGB Disclosures must be proportionate based on the particular circumstances of the individual Tests to be considered –has there been interference with privacy? –Is it in accordance with the law? –is it necessary? –is the justification proportionate to the breach? NATIONAL INFORMATION GOVERNANCE BOARD

Data Protection Act 1998 NIGB DPA defines personal data as data which relate to a living individual who can be identified from those data, or from those data and other information which is in the possession of, or is likely to come into the possession of the data controller… In other words if it is identifiable, its personal If data are effectively anonymised then they are no longer personal data and can be used without restriction BUT... trade off with utility NATIONAL INFORMATION GOVERNANCE BOARD

Data Protection Act - 8 principles NIGB 1)Fairly and lawfully; 2)Obtained for specific purposes and only used for compatible purposes; 3)Adequate, relevant & not excessive; 4)Accurate; 5)Only kept for as long as necessary for the agreed purpose; 6)In accordance with the rights of the subject; 7)Organisational and technical measures to protect data; 8)Only transferred outside European Economic Area (EEA) with equivalent protections. NATIONAL INFORMATION GOVERNANCE BOARD

Key points of law NIGB Need to inform patients of the purposes and disclosures before information is used Disclosure of identifiable data breaches confidentiality unless there is a legal basis Legal bases for disclosure: –Statute – no specific statutory basis, but S251 –patient consent –public interest – should not be relied on for routine data flows –de-identification NATIONAL INFORMATION GOVERNANCE BOARD

Policy & professional standards NIGB NHS Confidentiality Code of Practice GMC guidance PIAG guidance (2004) – under review Ethical considerations for the particular circumstances – ethics values autonomy as well as beneficence, non-malfeasance and justice NATIONAL INFORMATION GOVERNANCE BOARD

Spectrum of clinical audit NIGB Clinical care team / internal to the organisation Care pathway audit where information shared across providers Clinical network level audit Rare conditions audit - specialist centre level / regional level National audit Different approaches likely to be appropriate for varying circumstances NATIONAL INFORMATION GOVERNANCE BOARD

Approaches for processing NIGB Consent De-identification of data prior to use S251 Which route is appropriate? Depends on the circumstances NATIONAL INFORMATION GOVERNANCE BOARD

Consent NIGB Consent (defined in Directive 95/46/EC) The data subjects consent shall mean any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed. (Article 2(h)) NATIONAL INFORMATION GOVERNANCE BOARD

Consent NIGB Consent tests Informed Freely given Specific Involves positive indication of wishes These tests need to be met for implied consent as well as explicit NATIONAL INFORMATION GOVERNANCE BOARD

De-identification NIGB Anonymisation Pseudonymisation When is anonymised data anonymous? When is pseudonymised data anonymous? Identifiability is context specific NATIONAL INFORMATION GOVERNANCE BOARD

Anonymisation NIGB Personal data data which relate to a living individual who can be identified from those data, or from those data and other information which is in the possession of, or is likely to come into the possession of the data controller… –i.e. combination of identifying data items or other information available which makes data identifiable and therefore personal. –To cease being personal data all means of identification should be removed prior to disclosure to the point of minimal risk from inference. NATIONAL INFORMATION GOVERNANCE BOARD

De-identifying data NIGB Identifiers – data that singly or in combination can be used to identify individuals. BUT rare conditions or procedures intrinsically carry a risk of identification NATIONAL INFORMATION GOVERNANCE BOARD Strong Identifiers NHS number Date of Birth Date of Death Postcode Name Address GP practice code Other Identifiers Ethnicity Local patient identifier Other geographic identifiers – Local Authority area – PCT Gender

Is pseudonymised data anonymous? NIGB Pseudonymised data –data that has been coded so that it is NOT identifiable to the recipient but which can be linked longitudinally and across different sources if a common pseudonym is used. The pseudonymisation key must NOT be held by the receiving body, otherwise it is still identifiable NATIONAL INFORMATION GOVERNANCE BOARD

Pseudonymised data NIGB There remains a degree of risk as to the identity of some individuals, therefore still personal data but can be used with safeguards: –data disclosure / sharing contracts which require appropriate third parties / recipients not to seek to identify individuals and not to disclose the data to 3rd parties. Apply pseudonymisation techniques & evaluate identifiability before release & withhold or redact. NATIONAL INFORMATION GOVERNANCE BOARD

Role of the NIGB NIGB Established by Health & Social Care Act 2008 To promote higher standards for information governance across health and social care Members either publicly appointed or represent Health and Social Care stakeholders The NIGBs Ethics and Confidentiality Committee advises Secretary of State on Section 251 Territorial extent – England, Section 251 England & Wales NATIONAL INFORMATION GOVERNANCE BOARD

Role of ECC NIGB Advises whether disclosures of identifiable data meet conditions of s 251 NHSA 2006 Advise SoS - set aside legal risk of breach of CLDC Confidential and for medical purpose Only for 2° use: Not solely or principally for determining care or treatment to individuals Must comply with DPA Must be no practicable alternative NATIONAL INFORMATION GOVERNANCE BOARD

NIGB Section 251 of the NHS Act 2006, and the Health Service (Control of Patient Information) Regulations 2002 [SI 2002/1438] permit the common law duty of confidentiality to be set aside for medical purposes where: - anonymised data cannot be used - and where consent is not practicable. These powers can only be used to improve patient care, or in the public interest. NATIONAL INFORMATION GOVERNANCE BOARD Exemption from the duty of confidentiality

Application of S251 to audit NIGB NCASP audits Need to demonstrate that identifiable data is necessary, AND That consent is not practicable because of scale or retrospective data PIAG guidance 2004 currently under review by NIGB – working with NCAAG and HQIP NATIONAL INFORMATION GOVERNANCE BOARD

Issues NIGB Culture – implied consent can be perceived as consent not needed, lack of information given to patients about how their information is used. Consent - how to get the specificity balance right? Recording to facilitate implementation. De-identification – how ensure effective de- identification when disclose to 3 rd parties How safeguard utility whilst also protecting patient confidentiality & the relationship of trust NATIONAL INFORMATION GOVERNANCE BOARD

Key messages NIGB Clinical audit is a secondary use Patients must be informed It needs a lawful basis if it involves disclosure –De-identified data –Consent –S251 Health Bill may bring changes NIGB looking at this going forward with stakeholders NATIONAL INFORMATION GOVERNANCE BOARD

NIGB for ECC: Tel: NATIONAL INFORMATION GOVERNANCE BOARD