Presentation on theme: "NATIONAL INFORMATION GOVERNANCE BOARD"— Presentation transcript:
1NATIONAL INFORMATION GOVERNANCE BOARD NIGBInformation Governance and ConfidentialityClinical Audit and Improvement Conference8 - 9 February 2011Karen ThomsonInformation Governance ManagerNATIONAL INFORMATION GOVERNANCE BOARD
2NATIONAL INFORMATION GOVERNANCE BOARD Starting points NIGBPatients and the public have an interest in good quality health and care service provisionClinical audit is a key tool in ensuring the effective provision of good quality healthcareInformed consent and personal autonomy should underpin the provision of health and social care;NATIONAL INFORMATION GOVERNANCE BOARDDrawn from NIGB principles
3What are we going to cover? NIGB Information governanceLegal frameworkSpectrum – local to national clinical auditSecure approaches for lawful and ethical processingConsentDe-identificationIssuesRole of NIGB, ECC & 251NATIONAL INFORMATION GOVERNANCE BOARD
4Information governance NIGB Information governance is the term used to describe the principles, processes, legal and ethical responsibilities for managing and handling information. It sets the requirements and standards that organisations need to achieve to ensure that information is handled legally, securely, efficiently and effectively.Information Governance Standards FrameworkISB 1512NATIONAL INFORMATION GOVERNANCE BOARD
5Legal requirements NIGB Legal requirements for processing confidential personal dataCommon law duty of Confidentiality (CLDC)Data Protection Act Human Rights Act 1998NATIONAL INFORMATION GOVERNANCE BOARDGeneral requirementsHealth warning, little in the way of directly relevant case law. Extrapolating from what case law there is so much open to interpretation.But – also have professional standards, policy and ethical dimension to consider.CLDC – obviously private in nature – necessary quality of confidence, imparted with expectation, not in public domain, damage but distress caused by breach of trust sufficent.
6NATIONAL INFORMATION GOVERNANCE BOARD Human Rights Act NIGB8(1) Everyone has the right to respect for his private and family life, his home and his correspondence. 8(2) There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.NATIONAL INFORMATION GOVERNANCE BOARDHuman Rights Act underpins common law duty of confidentialitySchedule 1 – Articles from ECHRArticle 8(2) sets out the derogations and lists a number of purposes.In accordance with the law – means that there should be protections set out in statute for such interferences [Copland v UK 62617/00  ECHR 253 (3 April 2007) URL: ]
7Data Protection Act - 8 principles NIGB Fairly and lawfully, schedule 2 & schedule 3;Obtained for specific purposes and only used for compatible purposes;Adequate, relevant & not excessive;Accurate;Only kept for as long as necessary for the agreed purpose;In accordance with the rights of the subject;Organisational and technical measures to protect data;Only transferred outside European Economic Area (EEA) with equivalent protections.NATIONAL INFORMATION GOVERNANCE BOARDDPA minimum framework / foundation for lawful processing but recognises may be other legal requirements that will need to be met in addition in specific circumstances and contexts. Must also meet at least one of the requirements in both Schedule 2 and at least one in Schedule 3 for confidential /sensitive personal data.
8NATIONAL INFORMATION GOVERNANCE BOARD Key points of law NIGBNeed to inform patients of the purposes and disclosures before information is usedDisclosure of identifiable data breaches confidentiality unless there is a legal basisLegal bases for disclosure:Statute – no specific statutory basis, but S251patient consentpublic interest – test balance of public interests - should not be relied on for routine data flowsde-identificationNATIONAL INFORMATION GOVERNANCE BOARDNo statutory support for clinical auditPublic interest test has a high threshold and should not be relied on – HRA “ in accordance with the law” – common law not generally adequate safeguards should be set out in statute.
9Approaches for processing NIGB ConsentDe-identification of data prior to useS251Which route is appropriate?Depends on the circumstancesNATIONAL INFORMATION GOVERNANCE BOARDNot one answer, horses for courses what is appropriate in the particular set of circumstancesPIAG guidance can be found on DH website
10NATIONAL INFORMATION GOVERNANCE BOARD Consent NIGBConsent (defined in Directive 95/46/EC)‘The data subject’s consent’ shall mean any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed. (Article 2(h))NATIONAL INFORMATION GOVERNANCE BOARD
11De-identification NIGB Personal data“data which relate to a living individual who can be identified from those data, or from those data and other information which is in the possession of, or is likely to come into the possession of the data controller…”i.e. combination of identifying data items or other information available which makes data identifiable and therefore personal.To cease being personal data all means of identification should be removed prior to disclosure to the point of minimal risk from inference.NATIONAL INFORMATION GOVERNANCE BOARDICO technical guidance on personal data. Reduce risk of identification to minimal levelInformation in the possession of likely to come into – disclosures to third parties need to be careful about what other information they may have access to.
12NATIONAL INFORMATION GOVERNANCE BOARD NIGB & ECC NIGBRole of NIGB - To promote higher standards for information governance across health and social careThe NIGB’s Ethics and Confidentiality Committee advises Secretary of State on Section 251 and whether activities meet the conditions of S251Confidential and for “medical purpose”Only for 2° use: “Not solely or principally for determining care or treatment to individuals”Must comply with DPAMust be no practicable alternativeNATIONAL INFORMATION GOVERNANCE BOARDReplaced the Care Record Development Board (CRDB) and the Patient Information Advisory Group (PIAG).Advises NIGB on ethical issues and NHS & SC organisations on ethical dimension of IG issues.MoU with NRES in development
13Application of S251 to audit NIGB NCASP auditsNeed to demonstrate that identifiable data is necessary, ANDThat consent is not practicable because of scale or retrospective dataPIAG guidance 2004 currently under review by NIGB – working with NCAAG and HQIPNATIONAL INFORMATION GOVERNANCE BOARD
14NATIONAL INFORMATION GOVERNANCE BOARD Issues NIGBCulture – implied consent can be perceived as “consent not needed” , lack of information given to patients about how their information is used. Consent - how to get the specificity balance right? Recording to facilitate implementation. De-identification – how ensure effective de- identification when disclose to 3rd parties How safeguard utility whilst also protecting patient confidentiality & the relationship of trustNATIONAL INFORMATION GOVERNANCE BOARDConsent – need to consider both purposes and disclosureConsent for what and consent for who
15NATIONAL INFORMATION GOVERNANCE BOARD Key messages NIGBClinical audit is a secondary usePatients must be informedlawful basis for use & disclosureDe-identified data – identifiability is context specificConsent – specific, informed, capacity, freely given & indicatedS251In accordance with rights of subject – opt outNATIONAL INFORMATION GOVERNANCE BOARD
16NATIONAL INFORMATION GOVERNANCE BOARD Final word… NIGBHealth Bill may bring changes for some?NIGB working on advice / guidance on clinical audit, with stakeholdersNATIONAL INFORMATION GOVERNANCE BOARD
17NATIONAL INFORMATION GOVERNANCE BOARD NIGBfor ECC:Tel:NATIONAL INFORMATION GOVERNANCE BOARD