NIGB

1. NIGB Information Governance and Confidentiality Clinical Audit and Improvement Conference 8 - 9 February 2011 Karen Thomson Information Governance Manager NATIONAL INFORMATION GOVERNANCE BOARD

2. Starting points NIGB • Patients and the public have an interest in good quality health and care service provision • Clinical audit is a key tool in ensuring the effective provision of good quality healthcare • Informed consent and personal autonomy should underpin the provision of health and social care; NATIONAL INFORMATION GOVERNANCE BOARD

3. What are we going to cover? NIGB • Information governance • Legal framework • Spectrum – local to national clinical audit • Secure approaches for lawful and ethical processing • Consent • De-identification • Issues • Role of NIGB, ECC & 251 NATIONAL INFORMATION GOVERNANCE BOARD

4. Information governanceNIGB Information governance is the term used to describe the principles, processes, legal and ethical responsibilities for managing and handling information. It sets the requirements and standards that organisations need to achieve to ensure that information is handled legally, securely, efficiently and effectively. Information Governance Standards Framework ISB 1512 www.isb.nhs.uk NATIONAL INFORMATION GOVERNANCE BOARD

5. Legal requirements NIGB Legal requirements for processing confidential personal data Common law duty of Confidentiality (CLDC) Data Protection Act 1998 Human Rights Act 1998 NATIONAL INFORMATION GOVERNANCE BOARD

6. Human Rights Act 1998 NIGB 8(1) Everyone has the right to respect for his private and family life, his home and his correspondence. 8(2) There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others. NATIONAL INFORMATION GOVERNANCE BOARD

7. Data Protection Act - 8 principles NIGB • Fairly and lawfully, schedule 2 & schedule 3; • Obtained for specific purposes and only used for compatible purposes; • Adequate, relevant & not excessive; • Accurate; • Only kept for as long as necessary for the agreed purpose; • In accordance with the rights of the subject; • Organisational and technical measures to protect data; • Only transferred outside European Economic Area (EEA) with equivalent protections. NATIONAL INFORMATION GOVERNANCE BOARD

8. Key points of lawNIGB • Need to inform patients of the purposes and disclosures before information is used • Disclosure of identifiable data breaches confidentiality unless there is a legal basis • Legal bases for disclosure: • Statute – no specific statutory basis, but S251 • patient consent • public interest – test balance of public interests - should not be relied on for routine data flows • de-identification NATIONAL INFORMATION GOVERNANCE BOARD

9. Approaches for processing NIGB • Consent • De-identification of data prior to use • S251 Which route is appropriate? Depends on the circumstances NATIONAL INFORMATION GOVERNANCE BOARD

10. Consent NIGB Consent (defined in Directive 95/46/EC) ‘The data subject’s consent’ shall mean any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed. (Article 2(h)) NATIONAL INFORMATION GOVERNANCE BOARD

11. De-identification NIGB • Personal data “data which relate to a living individual who can be identified from those data, or from those data and other information which is in the possession of, or is likely to come into the possession of the data controller…” • i.e. combination of identifying data items or other information available which makes data identifiable and therefore personal. • To cease being personal data all means of identification should be removed prior to disclosure to the point of minimal risk from inference. NATIONAL INFORMATION GOVERNANCE BOARD

12. NIGB & ECC NIGB • Role of NIGB - To promote higher standards for information governance across health and social care • The NIGB’s Ethics and Confidentiality Committee advises Secretary of State on Section 251 and whether activities meet the conditions of S251 • Confidential and for “medical purpose” • Only for 2° use:“Not solely or principally for determining care or treatment to individuals” • Must comply with DPA • Must be no practicable alternative NATIONAL INFORMATION GOVERNANCE BOARD

13. Application of S251 to audit NIGB • NCASP audits • Need to demonstrate that identifiable data is necessary, AND • That consent is not practicable because of scale or retrospective data • PIAG guidance 2004 currently under review by NIGB – working with NCAAG and HQIP NATIONAL INFORMATION GOVERNANCE BOARD

14. IssuesNIGB Culture – implied consent can be perceived as “consent not needed” , lack of information given to patients about how their information is used. Consent - how to get the specificity balance right? Recording to facilitate implementation. De-identification – how ensure effective de-identification when disclose to 3rd parties How safeguard utility whilst also protecting patient confidentiality & the relationship of trust NATIONAL INFORMATION GOVERNANCE BOARD

15. Key messages NIGB • Clinical audit is a secondary use • Patients must be informed • lawful basis for use & disclosure • De-identified data – identifiability is context specific • Consent – specific, informed, capacity, freely given & indicated • S251 • In accordance with rights of subject – opt out NATIONAL INFORMATION GOVERNANCE BOARD

16. Final word… NIGB • Health Bill may bring changes for some? • NIGB working on advice / guidance on clinical audit, with stakeholders NATIONAL INFORMATION GOVERNANCE BOARD

17. NIGB www.nigb.nhs.uk Email: NIGB@nhs.net Email for ECC: ECCApplications@nhs.net Tel: 020 7633 7052 NATIONAL INFORMATION GOVERNANCE BOARD