1 Medical research and data sharing how open can we be? Dr Renate Gertz AHRC Centre School of Law University of Edinburgh Scotland
3 The uses of health data Primary uses: For clinical care (relatively unproblematic) Secondary uses: Research, epidemiology, public health surveillance, audit and service evaluation The overlap: Clinical trials
4 The types of research Distinguish between two types of research: Clinical trials (for clarity only those conducted as part of healthcare where HCPs = researchers Genetic research, biobank type Different problems arise for both Main legal problems: Data Protection (regulated by statute) Liability (common law mechanism)
5 The current situation: The CHI number 70s: Started life as the local Patient Master Index System in Tayside 80s and 90s: Slowly adopted by all Health Boards Name changed to Community Health Index 8 separate CHI databases Each index contains all patients registered with a GP or who have been the subject of contact with Community & Preventative Care systems CHI database issues numbers from a unique range (= uniquely identifying)
6 CHI number continued BUT: same person several CHI numbers creation of another database Search Index: allocates one CHI number as current one, but does not hold full dataset, rather pointers to relevant records on the CHI databases CHI = a linked series of regional databases Uses: Medical Record Linkage, Cancer registration, Remuneration of GPs, NHS24 may download CHI databases
7 The plan: Electronic Health Record Open data system throughout the health service Improve access to a current health record Prevent the so-called multiple-blood-testsyndrome due to lack of communication between health care providers sometimes even within the same hospital Facilitate research
8 The Legal Provisions
9 The law The Data Protection Act 1998 S 1 (1): personal data means data which relate to a living individual who can be identified- (a) from those data, or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller... Such health data may only be processed, i.e. disclosed, if one condition each of Schedule 2 and 3 of the Act is fulfilled S 2: In this Act "sensitive personal data" means personal data consisting of information as to (e) his physical or mental health or condition,
10 The Law continued The first Data Protection Principle Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless a) at least one of the conditions in Schedule 2 is met, and b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
11 The Law continued Schedule 2 1. The data subject has given their consent to the processing. 4. The processing is necessary in order to protect the vital interests of the data subject. 5. The processing is necessary d) for the exercise of any other functions of a public nature exercised in the public interest.
12 The Law continued Schedule 3 1. The data subject has given their explicit consent to the processing of the personal data. 3. The processing is necessary a) in order to protect the vital interests of the data subject or another person, in a case where (i.) consent cannot be given by or on behalf of the data subject, or (ii.) the data controller cannot reasonably be expected to obtain the consent of the data subject, or b) in order to protect the vital interests of another person, in a case where consent by or on behalf of the data subject has been unreasonably withheld. 8. The processing is necessary for medical purposes (including the purposes of preventative medicine, medical diagnosis, medical research, the provision of care and treatment and the management of healthcare services) and is undertaken by a) a health professional (as defined in the Act), or b) a person who owes a duty of confidentiality which is equivalent to that which would arise if that person were a health professional.
13 Secondary Uses of Data
14 Secondary use of data Research one of the most important secondary uses Problematic issue Controversial and contested: finding ways for secondary use that won t compromise personal privacy Paper records and electronic records different problems
15 Example Biobanks
16 Particularly problematic uses: Example biobanks Biobank: combining and comparing biological tissue samples with genetic and historical patient information Large epidemiological studies biobanks are increasingly making use of patient records Clinical trials often combine research with healthcare, Biobanks: only blood sample, lifestyle questionnaire and questions about familial relationships. Participants give consent for their medical records to be accessed by the biobank staff.
17 The Problems an example The researcher, also a healthcare professional with access to all records, accessed the participants parents health records The researcher is not involved in healthcare. Should she be granted access to all health records to access the participants parents data?
18 Dissecting the problems Would this be wrong? Why? Data protection/confidentiality issues sensitive personal data In the UK, a culture of caution has arisen concerning the Data Protection Act with regard to research. This has taken on alarming dimensions, with some commentators arguing that the law now hinders research
19 Dissecting the problems, continued Currently common practice: always obtain consent Parents have not consented to their data being shared The problem: do we fetishise consent? Aren t there alternatives provided? And is consent practicable anyway in biobank research?
20 What does the law say the letter of the law approach Schedule 3 of the Act needs to be taken into account: (2) In this paragraph medical purposes includes the purposes of preventative medicine, medical diagnosis, medical research, the provision of care and treatment and the management of healthcare services. Hence, research is expressly included. In addition, s. 33 of the Act provides the so-called research exemption, which permits research on data previously collected, i.e. it permits data processing for a different purpose then the purpose for which the data were originally obtained. One obligation which neither Schedule 3 nor s. 33 obliterate, however, is that the data subjects have to be informed of the processing.
21 The AMS Report Report by the UK Academy of Medical Sciences (AMS) in 2006 examined the problem Conclusion: researchers should have access to personal data if they intend to anonymise said data for the actual research.
22 Conclusion 1 In the current culture of caution, the use of participants parents EHR without their consent would not be acceptable. If, however, we were to follow the letter of the law and the AMS report, the result might be considerably different. A decision is required = the wait for the first court case!
23 Introducing an Electronic Health Record
24 What may change? All healthcare professionals will have access to the EHR Researchers who are clinicians at the same time will have de facto access to everybody s medical record Will new legislation be needed to regulate this access?
25 To opt out or not to opt out Policy in England: patients can opt out of EHR Tension between right to control what happens to information and society s need for access Example cancer registers Germany Reality: very little data processing in the UK done on statutory basis basis of implied consent would fail if large numbers start to opt out
26 A different problem of openness and data sharing: Patient involvement in the EHR and the effect on clinical trials
27 Four models for an EHR The Personal EHR patient as the chief manager and custodian of the record The Shared EHR responsibility between patient and GP The Trustee Model patients enter into contract with trustee, to keep and control the EHR The Interoperable EHR Electronic equivalent to current system
28 Confidentiality issues Personal EHR obviously less confidentiality problems, but: patients might approve access without appreciating wider privacy implications Shared EHR depends where final responsibility lies the more patient involvement, the less confidentiality problems Trustee EHR patient decides what data will be transferred to trustee. But: trustee can break contract and process data depend on the trustworthiness of the fiduciary Interoperable EHR greatest risk of breaches of confidentiality as no patient involvement stringent and enforceable access policy required
29 Liability issues Currently: error in the medical records leads to negative development in patient s health, healthcare professionals responsible for error and subsequent treatment will be held liable larger patient involvement in creating and controlling the record may shift this liability First, liability will need to be explained, as UK system is fairly complex:
30 Liability in UK law Liability = non-contractual civil wrong. Main requirement: negligence Negligence has three requirements: healthcare professional owes patient a duty of care Breach of this duty has occurred (standard of treatment was below the ordinary skill of an ordinary man exercising this particular art) Causation can be proven, (sub-standard treatment led to a legallyrecognised harm) Duty of care has three requirements: Risk of harm is foreseeable Sufficient proximity between healthcare professional and patient Fair, just and reasonable to impose the duty of care.
31 Liability continued If patients are responsible for maintaining the record and error leads to patient s wrongful inclusion in clinical trial with negative outcome shift of liability? Negligence? duty of care must exist not in doubt. Breach of this duty also unquestionable. (only the actual treatment to be considered not record entry)
32 Liability continued Causation = problematic wrong inclusion must have led to patient suffering a legally recognised harm. prima facie: wrong inclusion led to patient being harmed. But: When and where do we need to start looking for causation? At the beginning of the treatment? The hospital doctor consulting the records? Won t that lead further back to where the mistake in the entry occurred? That line of reasoning the rather astonishing conclusion that the patient herself must be held liable for the harm she suffered.
33 Liability continued Should clinician/researcher check record? Would it be negligent to proceed on basis of record alone? System would lose its efficiency. If record monitored immediately after details are entered health care professionals liable for not spotting mistake If record monitored only in intervals or just before use, maybe no check in emergency
34 Conclusion 2 Several factors to recommend one model over another Logistics which model is most technically feasible Time management issue if patients have a larger role will monitoring be possible Is it in the patients interest to have greater influence over the record Application of IT to healthcare accompanied by legal and ethical problems Questions should ideally be answered before EHR converts from theory to practice in Scotland
26 August 2014 Bill Rogers Competition and Markets Authority Dear Bill Rogers, Draft Order Thank you for meeting my colleague Catherine Thomas to discuss your Order. This letter is our formal response.
Research in the NHS HR Good Practice Resource Pack Acknowledgements The Research Passport system was first developed in Greater Manchester by a partnership of NHS organisations and the University of Manchester.
Consultation Response Medical profiling and online medicine: the ethics of 'personalised' healthcare in a consumer age Nuffield Council on Bioethics Response by the Genetic Interest Group Question 1: Health
Insurance, indemnity and medico-legal support Statutory requirement for doctors to have insurance or indemnity We know doctors work hard to deliver good quality healthcare. But sometimes, things go wrong.
University Hospitals Birmingham NHS Foundation Trust The Trust provides free monthly health talks on a variety of medical conditions and treatments. For more information visit www.uhb.nhs.uk or call 0121
LEGAL ADVISORY COMMISSION PAROCHIAL CHURCH COUNCILS: LEGAL POSITION OF MEMBERS Legal status of a PCC 1. A parochial church council ( PCC ) is a body corporate (see s.3 Parochial Church Council (Powers)
for England 21 January 2009 2 NHS Constitution The NHS belongs to the people. It is there to improve our health and well-being, supporting us to keep mentally and physically well, to get better when we
TORT LAW CONCEPTS FOR REGULATORS What is a Tort? A legal construct only exists when the law says it exists A private or civil wrong or injury Primary purpose is to compensate person injured by the actions
Support USers To Access INformation and Services (Grant Agreement No 297206) Deliverable D5.4 Recommendations on security and privacy issues version 3 Version 1.0 Work Package: WP5 Version & Date: v1.0
1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These
The National Health Service Constitution A draft for consultation, July 2008 NHS Constitution The NHS belongs to the people. It is there to improve our health, supporting us to keep mentally and physically
Data Protection Guidelines on research in the Health Sector 1 Contents: Foreword:...3 1. The Data Protection background...6 2. Data Protection and the use of Patient Information for Research purposes...7
Overview of the national laws on electronic health records in the EU Member States and their interaction with the provision of cross-border ehealth services Contract 2013 63 02 Overview of the national
EU DIRECTIVE ON GOOD CLINICAL PRACTICE IN CLINICAL TRIALS DH & MHRA BRIEFING NOTE Purpose 1. The Clinical Trials Directive 2001/20/EC heralds certain additional responsibilities for the Medicines and Healthcare
DATA PROTECTION CORPORATE POLICY Information Management V1.1 03 July 2012 Not protectively marked This policy must be complied with fully by all Members, Officers Agents and Contractors of Plymouth City
First published in World Data Protection Report (November 2007) Access to Deceased Persons Records under the Freedom of Information Act 2000 The dead can t sue or so the saying goes. But do they have a
HOW WE USE YOUR PERSONAL INFORMATION Information Leaflet Your Health. Our Priority. Page 2 of 9 Introduction This Leaflet explains why the NHS collects information about you and how it is used, your right
Statutory duty of candour with criminal sanctions Briefing paper on existing accountability mechanisms Background In calling for the culture of the NHS to become more open and honest, Robert Francis QC,
Record keeping Guidance for nurses and midwives 1 We are the nursing and midwifery regulator for England, Wales, Scotland, Northern Ireland and the Islands. We exist to safeguard the health and wellbeing
Electronic health records: data protection issues in Europe By Clare Sellars and Dr Amanda Easey IPM&T Group, McDermott Will & Emery UK LLP This article has been published in the April 2008 issue of BNAI
Freedom of information guidance Exemptions guidance Section 41 Information provided in confidence 14 May 2008 Contents Introduction 2 What information may be covered by this exemption? 3 Was the information
and Fife NHS Board Details of complaints Reference No: 201100681, 201100688, 201100795 Decision Date: 5 August 2011 Kevin Dunion Scottish Information Commissioner Kinburn Castle Doubledykes Road St Andrews
CHAPTER 13 Medical records and patient access to information Robert Stevens is an Auckland barrister and a consultant in the management of personal information and privacy. Cite this as Stevens R 2013.
Professional liability of accountants and auditors This factsheet provides guidance on the liability for professional negligence which members may incur because of an act or default by them (or by their
NHS Constitution Patients and the public your rights and NHS pledges to you Everyone who uses the NHS should understand what legal rights they have. For this reason, important legal rights are summarised
Commissioning Policy (EMSCGP005V2) Defining the boundaries between NHS and Private Healthcare Although Primary Care Trusts (PCTs) and East Midlands Specialised Commissioning Group (EMSCG) were abolished
This guidance note describes the NHS indemnity scheme introduced in January 1990 and alerts members to its limitations. Members are advised to retain defence body membership or take out personal indemnity
You can find the latest version of this guidance on our website at www.gmc-uk.org/guidance. Published 25 March 2013 Comes into effect 22 April 2013 Personal beliefs and medical practice 1 In Good medical
Selling/Closing a Medical Practice This publication is a snapshot of South Carolina laws, regulations and best practices as of July 2009. The material presented is likely to evolve and change from year
ADVISORY GUIDELINES FOR THE HEALTHCARE SECTOR 11 SEPTEMBER 2014 1 PART I... 4 1 Introduction... 4 PART II: APPLICATION OF THE DATA PROTECTION PROVISIONS TO SCENARIOS FACED IN THE HEALTHCARE SECTOR... 5
Standard Operating Procedures for Supporting Research Studies February 2011 SOP Supporting Research Studies Page 1 of 13 1 Document Revision History Date Version Description Compiled by 31/01/11 0.1 First
BIO INFOBK 1492 0410:Layout 1 21/04/2010 15:24 Page 1 INFORMATION LEAFLET You are being invited to take part in a major medical research project called UK Biobank. The purpose of UK Biobank is to set up
Education and Training Committee, 10 March 2011 Professional indemnity insurance Executive summary and recommendations Introduction This paper appeared as a paper to note at the Council meeting on 10 February
USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY CONDITIONS OF USE FOR ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY Between: the Commonwealth of Australia, acting
The code: Standards of conduct, performance and ethics for nurses and midwives We are the nursing and midwifery regulator for England, Wales, Scotland, Northern Ireland and the Islands. We exist to safeguard
National Research Ethics Service Does my project require review by a Research Ethics Committee? This algorithm is designed to assist researchers, sponsors and R&D offices in determining whether a project
Electronic Health Records (EHR): Guidance for Community Pharmacists and Pharmacy Technicians November 2012 This guidance has been produced by the Royal Pharmaceutical Society, the Association of Pharmacy
http://www.privacy.org.au Secretary@privacy.org.au http://www.privacy.org.au/about/contacts.html Background Public Advisory Statement The Personally-Controlled Electronic Health Record Frequently Asked
31a Charnham Street, Hungerford, Berkshire, RG17 0EJ Tel: 01488 682546 Fax: 01488 684473 Email: firstname.lastname@example.org Web: www.bradingcryer.co.uk Standard terms of business The following standard
Justice Committee Apologies (Scotland) Bill Written submission from the Law Society of Scotland Introduction The Law Society of Scotland (the Society) aims to lead and support a successful and respected
Improving the Performance of Doctors Complaints Investigations and Remediation SHARING INFORMATION WITH PATIENTS AND CARERS HAPIA GOOD PRACTICE GUIDE 2014 HEALTHWATCH AND PUBLIC INVOLVEMENT ASSOCIATION
Code of Conduct A Physician Assistant (now associate) (PA) is defined as someone who is: a new healthcare professional who, while not a doctor, works to the medical model, with the attitudes, skills and
Postrefereed, preprint version of the text published at European Journal of Health Law 2013(3)28994. Link to the publisher s website: http://www.brill.com/europeanjournalhealthlaw Sirpa Soini FINLAND ON
Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act
London Stock Exchange Testing Services Order Form For the purposes of the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003, the information provided
WSIC Integrated Care Record FAQs How your information is shared now Today, all the places where you receive care keep records about you. They can usually only share information from your records by letter,
Written Evidence Apologies (Scotland) Bill The Law Society of Scotland s Response May 2015 The Law Society of Scotland 2015 Introduction The Law Society of Scotland (the Society) aims to lead and support
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
Dear Colleague Arrangements for NHS Patients Receiving Private Healthcare 1. This letter provides revised guidance to NHS Boards covering situations where patients obtain private healthcare in addition
Share trading policy Mortgage Choice Limited ABN 57 009 161 979 2 Share trading policy 1. Introduction 1.1 The shares of Mortgage Choice Limited ABN 57 009 161 979 (the Company) are quoted on the Australian
Questions and answers for custodians about the Personal Health Information Privacy and Access Act (PHIPAA) This document provides answers to some frequently asked questions about the The Personal Health
December 2012 Developing the AMRC response to the consultation on the NHS Constitution The government is updating the NHS Constitution so that it will better reflect the legal rights and responsibilities
www.personalinjury.ffw.com Freephone 0800 358 3848 www.personalinjury.ffw.com Freephone 0800 358 3848 Medical Negligence A client s guide head and shoulders above the rest in terms of skills, experience
Diving into the Data Pool Exploring public views about the way medical data is shared Report from public event on 31 October 2013 Should it be easier for medical data to be shared to help research? What
Business Associate Agreement This Business Associate Agreement (the Agreement ) is made by and between Business Associate, [Name of Business Associate], and Covered Entity, The Connecticut Center for Health,
Website Disclaimer http://www.website-law.co.uk/ourdocumentlicence.html (1) Introduction Disclaimer 1 This disclaimer governs your use of our website; by using our website, you accept this disclaimer in
Chief Medical Officer and Public Health Directorate abcdefghijklmnopqrstu T: 0131-244-2235 F: 0131-244-2989 E: email@example.com Dear Colleague ARRANGEMENTS FOR NHS PATIENTS RECEIVING
HIPAA Privacy Overview General HIPAA stands for a federal law called the Health Insurance Portability and Accountability Act. This law, among other purposes, was created to protect the privacy and security
Healthcare Policy and Strategy Directorate Derek Feeley, Director T: 0131-244 1727 F: 0131-244 2042 E: firstname.lastname@example.org By e-mail To Attached List 12 December 2008 Dear Colleague Arrangements
Interface between NHS and private treatment Guidance from the Ethics Department February 2004 Summary General principles Issues for consultants Issues for general practitioners Advertising Summary Although
IMPORTANT NOTICE PLEASE READ THE FOLLOWING TERMS AND CONDITIONS CAREFULLY. IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT USE THIS APPLICATION. BY USING THIS APPLICATION AND/OR ANY OF
slaughter and may Companies Briefing Paper Act 2006 September 2008 Conflicts of Interest MiFID and the General Law Much has been said and written in recent years about the conflicts of interest that can
Dundee e-health Centre of Excellence 1 Arthritis Research UK, British Heart Foundation Cancer Research UK Economic and Social Research Council Engineering and Physical Sciences Research Council National
Medical Negligence A client s guide What is medical negligence? This note is intended to give you a broad outline about medical negligence (sometimes called clinical negligence) cases. It is not a substitute
QBE European Operations Professional practices update Claims against solicitors - a checklist QBE Professional practices update - Claims against Solicitors - a checklist/jan 2013 1 Claims against solicitors
Accessing Personal Information on Patients and Staff: A Framework for NHSScotland Purpose: Enabling access to personal and business information is a key part of the NHSScotland Information Assurance Strategy
1 Scope of this Agreement (1) Licensor has agreed with Licensee to grant Licensee a license to use and exploit the software set out in the License Certificate ("Licensed Software") subject to the terms
Cord Blood/Cord Tissue Storage Agreement The following definitions are used in this Agreement: child sample you/your SCI/us/we your child from whose umbilical cord the Sample is taken; the sample of cord
School/Unit: Rowan University School of Osteopathic Medicine Vendor: Business Associate Agreement Involving the Access to Protected Health Information This Business Associate Agreement ( BAA ) is entered
Guidance on nominating a consultee for research involving adults who lack capacity to consent Issued by the Secretary of State and the Welsh Ministers in accordance with section 32(3) of the Mental Capacity
LSE Contract Guidance 1. Introduction The purpose of this guidance is to give you, as an employee of the School, a steer on: What is a contract? When do we need a contract? Why do we need a contract? How
Patient Rights (Scotland) Bill Roche Products Ltd Roche is a leading manufacturer of innovative medicines, including in oncology, rheumatology and virology. We have expertise in a wide range of medical
BVI Financial Services Commission Registry of Corporate Affairs User Guides on the BVI Business Companies Act User Guide No. 4 Directors and Their Responsibilities This is one of a series of User Guides
Information for patients and the public and patient information about DNA / Biobanking across Europe BIOBANKING / DNA BANKING SUMMARY: A biobank is a store of human biological material, used for the purposes
PRIVACY AND ANTI-SPAM CODE FOR OUR DENTAL OFFICE Please refer to Appendix A for a glossary of defined terms. INTRODUCTION The Personal Health Information Act (PHIA) came into effect on December 11, 1997,
Compensation Claims Contents Employers' duties What kind of claims may be made? The tort of negligence Tort of breach of statutory duty Civil liability exclusions Conditions to be met for breach of statutory
Why Obtain Student Medical Malpractice Insurance? Important Notice & Disclaimer Please Read! This presentation is for use by Western Washington University (WWU) students only. Neither WWU, nor any officer,
LVM: Session 5 Author: Paul Waldau, D.Phil., J.D. We begin with this fundamental question, What is malpractice? We discuss the basic issues and the legal standard (this subject will be raised again later
Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...
TERMS & CONDITIONS OF BUSINESS 1. Introduction These terms and conditions explain the basis upon which we carry out work for you and charge for our services subject to any variations set out in our engagement
The Care Record Guarantee Our Guarantee for NHS Care Records in England January 2011, version 5 Introduction In the National Health Service in England, we aim to provide you with the highest quality of
Paper NHSE130903 BOARD PAPER - NHS ENGLAND Title: Publication of Directions to Health and Social Care Information Centre for the collection of primary care data Clearance: Tim Kelsey, Director of Patients
Appendix A DIRECTOR OF PUBLIC HEALTH ROLE PROFILE Title: Employing Organisation: Accountable to: Hours: Work base: Key Relationships Director of Public Health London Borough of Tower Hamlets Professionally
Senate Bill No. 292 Senator Roberson CHAPTER... AN ACT relating to civil actions; providing immunity from civil actions for a board of trustees of a school district or the governing body of a charter school
Item11 M/10/20 July 10 Midwifery Committee Review of policy on professional insurance and indemnity For information Issue 1 The paper provides an update on the policy review of professional insurance and
The interface between NHS and private treatment: a practical guide for doctors in England, Wales and Northern Ireland Guidance from the BMA Medical Ethics Department May 2009 Introduction General principles
The following standard terms of business apply to all engagements accepted by Thompson Jenner LLP. All work carried out is subject to these terms except where changes are expressly agreed in writing. 1
Protecting your NHS Trust against litigation Professor Diana Kloss barrister Do your job! Occupational health professionals have a duty to take reasonable care and to act as competent professionals This