1 / 29

NIGB

NIGB. Information Governance and Confidentiality Clinical Audit and Improvement Conference 8 - 9 February 2011 Karen Thomson Information Governance Manager. NATIONAL INFORMATION GOVERNANCE BOARD. Starting points NIGB.

alisa
Download Presentation

NIGB

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. NIGB Information Governance and Confidentiality Clinical Audit and Improvement Conference 8 - 9 February 2011 Karen Thomson Information Governance Manager NATIONAL INFORMATION GOVERNANCE BOARD

  2. Starting points NIGB • Patients and the public have an interest in good quality health and care service provision • Clinical audit is a key tool in ensuring the effective provision of good quality healthcare • Informed consent and personal autonomy should underpin the provision of health and social care; NATIONAL INFORMATION GOVERNANCE BOARD

  3. What are we going to cover? NIGB • Information governance • Legal framework • Spectrum – local to national clinical audit • Secure approaches for lawful and ethical processing • Consent • De-identification • Issues • Role of NIGB, ECC & 251 NATIONAL INFORMATION GOVERNANCE BOARD

  4. Information governanceNIGB Information governance is the term used to describe the principles, processes, legal and ethical responsibilities for managing and handling information. It sets the requirements and standards that organisations need to achieve to ensure that information is handled legally, securely, efficiently and effectively. Information Governance Standards Framework ISB 1512 www.isb.nhs.uk NATIONAL INFORMATION GOVERNANCE BOARD

  5. Legal requirements NIGB Legal requirements for processing confidential personal data Common law duty of Confidentiality (CLDC) Data Protection Act 1998 Human Rights Act 1998 NATIONAL INFORMATION GOVERNANCE BOARD

  6. Common Law of Confidentiality NIGB • Obviously private to a reasonable person of ordinary sensibilities if in the same position • Information that is communicated with an expectation that it will be kept confidential • Breach of confidence results in detriment but includes damage to trust NATIONAL INFORMATION GOVERNANCE BOARD

  7. Common Law of Confidentiality NIGB • Confidentiality survives death – Bluck v Information Commissioner • May be limited by • Consent • Statute/Court order • Where the balance of public interests favours disclosure See the NHS Confidentiality Code of Practice NATIONAL INFORMATION GOVERNANCE BOARD

  8. Human Rights Act 1998 NIGB 8(1) Everyone has the right to respect for his private and family life, his home and his correspondence. 8(2) There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others. NATIONAL INFORMATION GOVERNANCE BOARD

  9. Human Rights Act 1998 NIGB • Disclosures must be proportionate based on the particular circumstances of the individual • Tests to be considered • has there been interference with privacy? • Is it in accordance with the law? • is it necessary? • is the justification proportionate to the breach? NATIONAL INFORMATION GOVERNANCE BOARD

  10. Data Protection Act 1998 NIGB DPA defines personal data as “data which relate to a living individual who can be identified from those data, or from those data and other information which is in the possession of, or is likely to come into the possession of the data controller…” In other words if it is identifiable, it’s personal If data are effectively anonymised then they are no longer personal data and can be used without restriction BUT... trade off with utility NATIONAL INFORMATION GOVERNANCE BOARD

  11. Data Protection Act - 8 principles NIGB • Fairly and lawfully; • Obtained for specific purposes and only used for compatible purposes; • Adequate, relevant & not excessive; • Accurate; • Only kept for as long as necessary for the agreed purpose; • In accordance with the rights of the subject; • Organisational and technical measures to protect data; • Only transferred outside European Economic Area (EEA) with equivalent protections. NATIONAL INFORMATION GOVERNANCE BOARD

  12. Key points of lawNIGB • Need to inform patients of the purposes and disclosures before information is used • Disclosure of identifiable data breaches confidentiality unless there is a legal basis • Legal bases for disclosure: • Statute – no specific statutory basis, but S251 • patient consent • public interest – should not be relied on for routine data flows • de-identification NATIONAL INFORMATION GOVERNANCE BOARD

  13. Policy & professional standards NIGB • NHS Confidentiality Code of Practice • GMC guidance • PIAG guidance (2004) – under review • Ethical considerations for the particular circumstances – ethics values autonomy as well as beneficence, non-malfeasance and justice NATIONAL INFORMATION GOVERNANCE BOARD

  14. Spectrum of clinical auditNIGB • Clinical care team / internal to the organisation • Care pathway audit where information shared across providers • Clinical network level audit • Rare conditions audit - specialist centre level / regional level • National audit Different approaches likely to be appropriate for varying circumstances NATIONAL INFORMATION GOVERNANCE BOARD

  15. Approaches for processing NIGB • Consent • De-identification of data prior to use • S251 Which route is appropriate? Depends on the circumstances NATIONAL INFORMATION GOVERNANCE BOARD

  16. Consent NIGB Consent (defined in Directive 95/46/EC) ‘The data subject’s consent’ shall mean any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed. (Article 2(h)) NATIONAL INFORMATION GOVERNANCE BOARD

  17. Consent NIGB Consent tests • Informed • Freely given • Specific • Involves positive indication of wishes These tests need to be met for implied consent as well as explicit NATIONAL INFORMATION GOVERNANCE BOARD

  18. De-identificationNIGB • Anonymisation • Pseudonymisation When is anonymised data anonymous? When is pseudonymised data anonymous? Identifiability is context specific NATIONAL INFORMATION GOVERNANCE BOARD

  19. Anonymisation NIGB • Personal data “data which relate to a living individual who can be identified from those data, or from those data and other information which is in the possession of, or is likely to come into the possession of the data controller…” • i.e. combination of identifying data items or other information available which makes data identifiable and therefore personal. • To cease being personal data all means of identification should be removed prior to disclosure to the point of minimal risk from inference. NATIONAL INFORMATION GOVERNANCE BOARD

  20. De-identifying data NIGB NATIONAL INFORMATION GOVERNANCE BOARD • Strong Identifiers • NHS number • Date of Birth • Date of Death • Postcode • Name • Address • GP practice code • Other Identifiers • Ethnicity • Local patient identifier • Other geographic identifiers • Local Authority area • PCT • Gender Identifiers – data that singly or in combination can be used to identify individuals. BUT rare conditions or procedures intrinsically carry a risk of identification

  21. Is pseudonymised data anonymous?NIGB • Pseudonymised data • data that has been coded so that it is NOT identifiable to the recipient but which can be linked longitudinally and across different sources if a common pseudonym is used. • The pseudonymisation key must NOT be held by the receiving body, otherwise it is still identifiable NATIONAL INFORMATION GOVERNANCE BOARD

  22. Pseudonymised data NIGB • There remains a degree of risk as to the identity of some individuals, therefore still personal data but can be used with safeguards: • data disclosure / sharing contracts which require appropriate third parties / recipients not to seek to identify individuals and not to disclose the data to 3rd parties. • Apply pseudonymisation techniques & evaluate identifiability before release & withhold or redact. NATIONAL INFORMATION GOVERNANCE BOARD

  23. Role of the NIGB NIGB • Established by Health & Social Care Act 2008 • To promote higher standards for information governance across health and social care • Members either publicly appointed or represent Health and Social Care stakeholders • The NIGB’s Ethics and Confidentiality Committee advises Secretary of State on Section 251 • Territorial extent – England, Section 251 England & Wales NATIONAL INFORMATION GOVERNANCE BOARD

  24. Role of ECC NIGB • Advises whether disclosures of identifiable data meet conditions of s 251 NHSA 2006 • Advise SoS - set aside legal risk of breach of CLDC • Confidential and for “medical purpose” • Only for 2° use:“Not solely or principally for determining care or treatment to individuals” • Must comply with DPA • Must be no practicable alternative NATIONAL INFORMATION GOVERNANCE BOARD

  25. NIGB Exemption from the duty of confidentiality Section 251 of the NHS Act 2006, and the Health Service (Control of Patient Information) Regulations 2002 [SI 2002/1438] permit the common law duty of confidentiality to be set aside for medical purposes where: - anonymised data cannot be used - and where consent is not practicable. These powers can only be used to improve patient care, or in the public interest. NATIONAL INFORMATION GOVERNANCE BOARD

  26. Application of S251 to audit NIGB • NCASP audits • Need to demonstrate that identifiable data is necessary, AND • That consent is not practicable because of scale or retrospective data • PIAG guidance 2004 currently under review by NIGB – working with NCAAG and HQIP NATIONAL INFORMATION GOVERNANCE BOARD

  27. IssuesNIGB Culture – implied consent can be perceived as “consent not needed” , lack of information given to patients about how their information is used. Consent - how to get the specificity balance right? Recording to facilitate implementation. De-identification – how ensure effective de-identification when disclose to 3rd parties How safeguard utility whilst also protecting patient confidentiality & the relationship of trust NATIONAL INFORMATION GOVERNANCE BOARD

  28. Key messages NIGB • Clinical audit is a secondary use • Patients must be informed • It needs a lawful basis if it involves disclosure • De-identified data • Consent • S251 • Health Bill may bring changes • NIGB looking at this going forward with stakeholders NATIONAL INFORMATION GOVERNANCE BOARD

  29. NIGB www.nigb.nhs.uk Email: NIGB@nhs.net Email for ECC: ECCApplications@nhs.net Tel: 020 7633 7052 NATIONAL INFORMATION GOVERNANCE BOARD

More Related