Common Law Duty of Confidentiality
What is it?
Common Law Duty of Confidentiality – Common law confidentiality is not codified in an Act of Parliament but built up from case law through individual judgments. The key principle is that information confided should not be used or disclosed further, except as originally understood by the confider, or with their subsequent permission.
Although judgements have established that confidentiality can be breached ‘in the public interest’, these have centred on case-by-case consideration of exceptional circumstances. Common law confidentiality can also be overridden or set aside by legislation, such as Section 251 of the NHS Act 2006.
Section 251 – This legislation provides the Secretary of State for Health with the authority to make regulations that set aside legal obligations of confidentiality (though not other legal requirements). Support can be granted for a specific range of activities, for example anonymising information, accessing records to contact people for the purposes of gaining consent for research, geographical analysis, linkage, validation and clinical audit.
The section 251 application process is very rigorous and is managed by the confidentiality advisory group (CAG).
The powers under the section 251 regulations only provide relief from the Common Law Duty of Confidentiality. Any activity taking place with the support section 251 must still comply in full with the Data Protection Act.
How will it be done?
Confidentiality Advisory Group – This independent group, managed within the Health Research Authority, ensures that any use of identifiable medical record information without consent has the potential to bring significant public benefits and is used in a way which keeps the data safe.
As part of this work the members of the group look closely at how the public will be informed of this work, as well as ensuring the applicants involve the public by seeking their advice to set up public trust. Most applications are for medical research projects, with the rest relating to NHS functions and management.
Applicants must show that the aim of processing is in the public interest, that anonymised information could not be used to achieve the required results and that it would be impractical – both in terms of feasibility and appropriateness – to seek specific consent from each individual affected. For research, the approval of a research ethic committee is also needed.
What will be the outcomes?
Following review by CAG, applicants receive an outcome which informs of the outcome of the CAG review and the next steps needed. The application will receive one of the following outcomes:
- Supported – The application has a legal basis to access identifiable patient information within the boundaries of your application. The application will be subject to standard conditions of support and may also be subject to some specific conditions which will need to be actioned within the period provided in your outcome letter.
- Provisional – further clarification or information is needed before CAG can advise support.
- Deferred – your application does not have enough information for the CAG to advise the decision maker. You may submit a new application for CAG to consider.
- Rejected – your application contains sufficient information and CAG have advised that the activity should not be supported.
CAG publish registers of all applications made to them, the outcomes and conditions put in pace as a result, this can be found here CAG registers - Health Research Authority (hra.nhs.uk)
What has the ICB done and what will it do?
The ICB has already made an application to CAG for the use of confidential data for Risk Stratification purposes, using data from GP records, along with a subset of datasets from the commissioning datasets
The ICB is currently responding to those conditions, this website is the main conduit through which public and patient comms and involvement will be achieved, along with the option for our patients to opt-out of the use of their data.
The ICB is also currently applying to CAG to use confidential patient data for the Commissioning purposes, which includes both Population Health Management (PHM) and sharing of patient level data for analysis by partner health and care organisation with the local system via a process known as Sub-licensing. The information provided to you via this website, including the data opt-out options, will feed into that application, showing how we have engaged with the public whose information we wish to use.
Going forward, the ICB will also be working towards a use for Research purposes application to CAG. We will be working with out Higher Education partners, namely University of Sheffield and Sheffield Hallam University, to make South Yorkshire NHS data available for research projects.