CLARIFYING DEFINITIONS
There is much confusion over the concepts of consent, anonymisation and acceptable anonymisation in both legal and healthcare circles. Part of this arises from confusion over definitions. What is required is a set of definitions onto which stakeholders can map their own definitions and uses of terms. The following table provides a set of such definitions which may need to be refined through discussion and consultation.
GLOSSARY OF TERMS
|
Term |
Meaning |
Notes |
|
Acceptably anonymised data |
Data from which in practice the patient cannot be identified by the recipient of the information, and where the theoretical probability of the patient's identity being discovered is extremely small |
This comes close to the GMC's definition of 'anonymised data'. |
|
Anonymised data |
Data from which there is no theoretical or practical risk that a patient could be identified by the recipient of the information. |
Perfect anonymisation with zero risk of identity being revealed. |
|
Consent directions |
Directions expressed by the patient indicating the terms on which their personal information may be disclosed, and what and where data may not be disclosed. |
|
|
Data disclosure |
Any access to personal information given to an individual, whether it be access to a data flow or stored records, or within an organisation or across organisation boundaries. |
|
|
Express consent |
Agreement which is expressed orally or in writing (except where patients cannot write or speak, when other forms of communication may be sufficient). |
GMC definition. |
|
Implied consent |
Assumption that circumstances allow disclosure of information without seeking express consent. |
|
|
Informed patient consent |
Express consent, plus situations where it is acceptable to rely on implied consent because the patient has been informed and has not used available mechanisms to refuse consent. |
The Information Commissioner is understood to consider 'opt out' methods to be acceptable, as long as the patient is informed and has a mechanism to refuse. |
|
Patient identifying information |
A data set which may include some or all of the following: a picture of the patient, the patient's name, address, full post code or date of birth. |
'Personal data' is the term used in the Data Protection Act 1998. The Act treats much health information as 'Sensitive Personal Data' - with additional protections |
|
'Predictable' or'expected' data use |
Circumstances where it is reasonable to assume that the patient anticipates and accepts that their data will be disclosed because, for example, they have already consented to treatment. |
One example would be a referral data being sent to a hospital after the referral for treatment had been agreed with the patient. |
|
Public interest |
The interests of the community as a whole, a group within the community, or an individual other than the patient. |
If judged to be sufficiently strong (such as matters of life and death), this can be grounds for acting without consent to disclosure. |
GLOSSARY OF TERMS DATA PROTECTION ACT 1998
Term Definition
|
Term |
Definition |
| Data Subject | An individual who is the subject of personal data, ie a living individual who can be identified from data, including data which relate to expressions of opinion |
|
Data Controller |
Person(s) who determines the purposes for which and manner in which any personal data (or are to be) processed |
|
Data Processor |
Person(s) (other than an employee of the Data Controller) who processes (eg obtains, holds, records or analyses) data on behalf of the Data Controller |
|
Recipient |
Person(s) to whom data are disclosed |
|
3rd Party |
Persons other than
|