Uses of brain imaging data: privacy and governance implications Dr. Hester Ward Medical Director, Information Services Division, (ISD) Consultant in Public Health medicine SINAPSE, Glasgow, 2010

Outline Information Services Division (ISD) Privacy Information governance Implications of use of brain imaging data Scottish perspective legal NHS governing bodies

Information Services Division (ISD) National Services Scotland (NSS) –special Health Board National organisation for health information and statistics Health service: patient and activity data – Scottish Morbidity Records (SMRs) Required to operate to highest information governance standards – regulated by UK Statistics Authority

Privacy UK Information Commissioner’s Office (ICO) UK’s independent authority set up to uphold information rights in the public interest Promotes- openness by public bodies data privacy for individuals Scottish Regional Office Ken Macdonald, the Assistant Commissioner for Scotland main focus data protection Scottish Information Commissioner Kevin Dunion regulates Freedom of Information (Scotland) Act

Privacy “ the integrity of the individual…..encompasses many aspects of the individual’s social needs” Consider the privacy of :- – personal information (or data/ information privacy) – the person (or bodily privacy) – personal communications – personal behaviour Personal behaviour- eg. sexual preferences & habits, political/ trade union activities, religious practices – relates to private & public spaces – ? thoughts

Privacy Growing awareness by public High profile losses

Privacy Growing awareness by public High profile losses Media worthy- privacy is a “risk” Risk to individual - rights, personal info (loss, damage, misuse, abuse) organisation - reputational, funding, staff, legal

Governance Information Governance? “A framework that enables information to be handled in a confidential and secure manner to appropriate ethical, legal and quality standards”

Laws & protections European Convention on Human Rights Human Rights Act 1998 Data Protection Act 1998 Common law duty of confidentiality Freedom of Information (Scotland) Act 2002 Professional guidance- BMA/ GMC etc. NHS Scotland guidance Caldicott Guardians

Data Protection Act- principles 1.Processed fairly and lawfully 2.Obtained only for one or more specified and lawful purposes; not be further processed in a manner incompatible with that purpose “function creep” 3.Adequate, relevant and not excessive 4.Accurate and up to date 5.Kept no longer than necessary 6.Processed according to rights of the subject 7.Safeguard the data against unauthorised or unlawful use of the data 8.Not to transfer outside EEC unless adequate levels of protection

Data Protection Act 1989 Data shall be processed fairly and lawfully and, in particular, shall not be processed unless – 1.at least one of the conditions in Schedule 2 is met, and 2. in the case of sensitive personal (including health & mental health) data, at least one of the conditions in Schedule 3 is also met. Schedule 2 Consent Vital interests of subject Public interests, including administration of justice …. Schedule 3 Explicit consent Vital interests of subject or others Necessary for medical purposes, including research Necessary for legal proceedings….

Information Commissioner, 2002 “ the creation of a national system of electronic health records is likely to raise fresh questions about who is responsible for those records and who should be allowed access to them”

Implications for wider societal uses Many potential uses of brain imaging data some unknown Same principles:- rights of individuals use of data for ‘society’

Implications for wider societal uses Issues: ● Ethical ● Social ● Legal Validity of data?- are brain images measuring what we think they are?- thoughts, preferences, prejudices, deception etc Use in law, by employers, by insurers?

Implications for wider societal uses Issues: Consent? Are brain images identifiable? Does Data Protection Act cover social characteristics (eg. individual preferences, deception, social evaluation)?- not physical or mental health Incidental findings?

Implications for wider societal uses Issues: Do all individuals have the right to privacy of their own thoughts? Validity (diagnostic/ predictive) of brain imaging data? Thank you!