PROTECTING PATIENT CONFIDENTIALITY
13 SUMMARY OF CONCLUSIONS AND RECOMMENDATIONS
CHAPTER 3 CONCLUSIONS
- The Data Protection Act 1998 places a legal duty on data controllers to
process data fairly and lawfully, to use no more data than is necessary for
the task and to retain it for only as long as it is needed.
- The Human Rights Act 1998 guarantees respect for a person's private and
family life. Under the terms of the Act, this right to privacy may be overridden,
but only when there is a lawful reason to do so.
- The common law further reinforces the need to obtain patient consent before
- Professional guidelines require clinicians to ensure that patients are informed
about how information about them is used and that consent requirements are
- A substantial organisational framework for protecting the use of patient
identifying information already exists in Scotland.
CHAPTER 4 CONCLUSIONS
- There is a need to weigh-up individual rights and claims to confidentiality
against the rights and claims of individuals and the whole community to better
health and to protection against threats to ill health.
- The use of information about patients is necessary for treatment and for
the operational management of NHSScotland. When used for management purposes
the information can often be provided in a form that does not enable individuals
to be identified.
- Epidemiological research often relies on information derived from very large
numbers of patient records. Such research rarely involves direct contact with
- Health professionals already seek informed consent before enrolling patients
in clinical trials. The consent process covers any use of patient identifying
- The culture of patient-centred care should extend to the use of patient
- There is scope to review many existing information flows to confirm their
compliance with the law and good practice and that they are in the interests
of patients and the public.
- There are differing views on the relative importance of time taken to discuss
uses of information compared with spending time on treating the patient. It
is CSAGS' view that the law requires patients to be informed; the question
is the level of detail that should be given and when should explicit consent
- There is widespread concern amongst health professionals that complying
with the law and other confidentiality requirements will inhibit their ability
to provide the high quality data needed to improve standards of healthcare.
CHAPTER 6 CONCLUSIONS
- NHSScotland staff need to be fully aware of legal, professional and organisational
requirements and procedures. They should also know how to deal with enquiries
- Most patients do not have a full understanding of the ways in which their
information is used. They have a right to know more.
- Methods used to inform patients must be practical and cost effective and
as far as possible integral to their overall care.
- A national awareness campaign would not fully meet the legal obligations
of data controllers but it would help to make uses of patient identifying
information open and accountable.
- When patients come into contact with the NHSScotland, the uses to which
the information gleaned from that episode might be put should be explained.
- Patients should be informed about both specific and more general uses when
using local health care services.
- The Scottish Executive should organise a national awareness campaign for
staff, patients and the public.
- This work should include working with patient and staff representatives
to produce a generic information leaflet on NHSScotland uses of patient identifying
information for use throughout the Service.
- The Scottish Executive should offer guidance to NHSScotland data controllers
on how patient contacts with the NHS should be used to provide fair processing
CHAPTER 7 CONCLUSIONS
- Uses of patient identifiable information can be broadly categorised to provide
guidelines on information and consent requirements.
- These categories allow for implied consent in some circumstances, require
explicit consent in others and recognise specific situations where data can
be used without consent.
- Consent, whether implied or explicit must always be preceded by effective
information for patients.
- Explicit consent is best practice and should become the norm as better informed
patients share in decisions about the uses of information about them.
- There are some circumstances where, even though explicit consent would be
best practice, implied consent can be accepted in the interests of the health
of the population and future health needs and improvements. It is only acceptable
if patients have been clearly informed about the uses to which data may be
put. In addition, data controllers must only use the information needed for
the task in hand and have a strict code of confidentiality in place.
- Patients have the right to 'opt-out' but must be made aware of the implications
for themselves and others and of any operational impediments.
- SEHD should adopt the categorisation set out in paragraph 7.7 and ensure
a review is undertaken of all data flows which need to use patient identifiable
information to ensure compliance with the principles we have proposed.
- SEHD, in consultation with professional bodies, should produce guidance
for NHSScotland staff on the circumstances and procedures in situations where
'legal defence' can be a justification for over-riding consent requirements.
- An independent body with adjudicatory powers should be set up to consider
and rule on any disputes concerning consent requirements which cannot be resolved
within the NHSScotland and SEHD.
CHAPTER 8 CONCLUSIONS
- Consent is not required where information has been acceptably anonymised
but patients should still be informed of its use.
- Even if data may be processed lawfully without consent, they should be anonymised
wherever possible so as to meet the third data processing principle.
- The establishment of a central anonymisation service for national uses of
patient derived data is a challenge but is feasible.
- Local NHS boards should be able to choose whether to use the central anonymisation
service or set up their own local systems using nationally agreed standards.
- One objective of an anonymisation service should be the creation of a supply
of data which meets nationally agreed quality standards and which would be
easily accessible for bona fide health researchers, etc.
- Legislation may need to be considered to support a definition of acceptably
- The Scottish Executive should develop an action plan based on the recommendations
of the recent feasibility study into acceptable anonymisation. We expect this
process to confirm the development of an anonymisation service is both feasible
and necessary. If so, the intention should be to develop a central service
for national information flows with local NHS boards having the option to
either use the national service of develop their own systems. Local systems
should apply the same data standards as the central anonymisation service.
- SEHD's programme of work to establish the CHI number within hospital systems
should continue, as it is vital in supporting direct patient care.
- The CHI number should not be used for other systems or agencies unless it
is with patient consent.
CHAPTER 9 RECOMMENDATIONS
- CSAGS thinks that NHSScotland should introduce IT systems supporting direct
patient care at a local level that offer strong facilities for managing access
to patient identifying information according to agreed clinically managed
protocols. CSAGS supports SEHD's proposal that this is to be achieved progressively
over a three-year period to 2004.
- SEHD should ensure there is a system to allow reports of any breaches and
lessons learned to be shared.
- The Performance Accountability Framework should include performance targets
for Confidentiality/ Caldicott issue, SEHD should help NHSScotland Data Controllers
to achieve them.
CHAPTER 10 CONCLUSIONS
- CSAGS recognises that Scotland is a world leader in the use of information
derived from patient records. We also recognise the important role such information
has in improving the health of the people of Scotland, supporting healthcare
and enabling it to develop. We are acutely aware of the concerns that exist
within the health community that the law as it presently stands is placing
this in jeopardy. We are also aware that many health professionals remain
unconvinced that administrative action alone will resolve the situation.
- We have had to balance these views with those held by others, mainly from
outwith the NHSScotland, who have strong reservations about legislation. In
a patient-centred service, the implications of any legislation which restricts
rights of individual patients and risks a loss of confidence in the service
must be taken seriously.
- CSAGS has moved some way to address the concerns of those within the Service
by proposing the inclusion of many public health and disease registry information
uses within the category for implied consent (section 7 refers) while steps
are being taken to address requirements of patient awareness and re-design
data recording systems. In section 8 we have outlined the potential for anonymising
much of the sensitive data currently being used. In all the circumstances
we remain of the view that legislation is not the favoured solution.
- We note that the Scottish Parliament has the authority to change the law
on consent. It could make these changes on a temporary or permanent basis.
CSAGS has concluded that whilst steps are being taken in other ways to help
NHSScotland comply with the law as it presently stands in Scotland, legislation
should not be pursued, at least until changes in process we have proposed
are implemented and their effectiveness monitored.
- Legislation should not be pursued to change current common law duties of
confidence while the other changes recommended in this Report are being implemented.
- The Scottish Executive should maintain contingency plans to enable legislation
to be brought forward in the event that the ability of NHSScotland to change
its procedures to comply with the law as it presently stands proves to be
- We recommend that the recommendations made in this section are reviewed
in April 2004 to see whether it has proven possible to develop information
systems that are both compliant with the law and that enable the supply of
information in a form which makes it possible for research and other activities
to continue effectively.
CHAPTER 11 RECOMMENDATIONS
- SEHD should be required to promote training and an implementation strategy
for all levels of NHSScotland. An urgent requirement is to issue a new code
of practice on patient confidentiality to all those in NHSScotland.