Researchers may get health data under Patient Safety Bill

Draft law envisages role for Data Protection Commissioner in clearing research projects

Researchers could apply for an exemption from the need to have patients’ consent to process their health data, under draft legislative proposals. Photograph: Thinkstock

Researchers could apply for an exemption from the need to have patients’ consent to process their health data, under draft legislative proposals. Photograph: Thinkstock

 

Personal health information could be provided to researchers without the consent of the individuals concerned under recently published draft legislation.

The revised Health Information and Patient Safety Bill seeks to make changes to data protection law which would give certain research projects an exemption from the need to obtain explicit consent from citizens affected.

Explicit consent for the processing of health information, which is classed as sensitive personal data, is a key part of current data protection law.

Pre-approving projects

The new Bill also envisages giving the Data Protection Commissoner a role in pre-approving the research projects that wanted to rely on this so-called consent exemption. The office would charge a fee for such approvals, which it is envisaged would only be granted in certain “strict and limited” circumstances.

It provides that a person proposing to carry out health research may include in their application a request for a decision from the Data Protection Commissioner permitting “the collection and use...of personal data that relate to one or more individuals without the consent of those individuals”.

The person making the proposal will have to demonstrate that their research requires access to the personal data they are asking for, rather than anonymised or ‘de-identified’ data.

The proposed research will also have to be of “sufficent importance that the public interest in it outweighs to a substantial degree the public interest in protecting the confidentiality of the personal data concerned”.

Researchers will also have to guarantee the personal data will not be used in such a way that damage or distress is, or is likely to be, caused to those individuals.

‘Data-matching’ programmes

The Bill also sets out proposals for “data matching” programmes, which would require certain parties to provide the health information of individuals for use in a national programme, for example.

The Health Information and Patient Safety Bill, in tandem with legislation to introduce individual health identifiers to track people through the system from cradle to grave, is a key component of the Government’s health strategy.

There have been tensions around data sharing in the so-called ‘care.data’ programme in the UK in recent years, where GPs were required to submit patient information to a national database. Concerns arose around the information campaign and whether patients were given adequate opportunity to opt out of having their data transferred.

There has also been a debate about health research at EU level during the ongoing negotiations on a new data protection regulation, which is expected to be finalised shortly.