B3 W3: Data protection & confidentiality Flashcards

1
Q

What are the reasons for maintaining confidentiality?

Talk about them in relation to ethical principles

A

CONSEQUENTIALIST ARGUMENT:

  • Impact on the patient (may not go & see Dr again)
  • Impact on other generally (loss of public trust)

AUTONOMY:

  • Self-determination about how information is shared

VIRTUE ETHICS:

  • Promise-keeping/ trustworthiness as virtues

OTHER DUTIES

  • Duty of care (data shared in healthcare teams but not beyond)
  • Patient-Dr relationship
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Give some generalistic reasons for not maintaining confidentiality

Talk about the ethical principles

A

CONSEQUENTIALISM:

  • Impact on specific others (harm of non-disclosure)

OTHER DUTIES:

  • Duty of care (data shared in healthcare team but not outside)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the types of consent?

A

Implied or explicit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Implied consent can be sufficient if all the criteria are met……

A

i) Data is being used to support a patient’s direct care
ii) Information is available to the patient stating how it will be used & how they can object
iii) You have no reason to believe they would object
iv) Satisfied that anyone you disclose to will understand the information has been given in confidence & treat it accordingly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When should you get explicit consent?

A

If you think the patient would be surprised to learn how you were accessing or disclosing their personal information

GMC Confidentiality paragraph 9

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Give examples of secondary uses of patient information

What type of consent should be obtained?

A
  • Research
  • Certain types of audit (eg: financial)
  • Public Health
  • Education
  • Health Service Planning

Explicit consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does the GMC Confidentiality Paragraph 95 say?

A

Seek explicit consent to disclose personal information for purposes other than direct health care/ local clinical audit

UNLESS the information is:

Reuired by law, or is not appropriate or practical to obtain consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

When may you disclose personal information for secondary purposes without breaching duties of confidentiality?

What type of information should be given- identifiable or anonymised?

A

1) Disclosure required by law, including the courts
2) Patient has given consent
3) Disclosure approved through statutory process that sets aside common law duty of confidentiality
4) Disclosure can be, exceptionally, justified in public interest
* Anonymised information is usually suficient for purposes other than direct care*

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When is data considered anonymised?

A

i) Does not directly identify any individual

ii) Unlikely to allow an individual to be identified through combination with any other data

Different types of data have different levels of re-identification risk (Small versus large data set)

Anonymised vs pseudonymised data are NOT the same

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Secondary use of data- disclosing in the public interest what must you consider?

A

i) The potential harm/distress to the patient- will they engage in further Tx/ Dr-Pt relationship
ii) The potential harm to trust in Dr’s
iii) The potential harm to others (specific/public) if not discolsed
iv) The potential benefits to an individual/ society with release of information
v) Nature of the information disclosed & views expressed by the patient
vi) Can the harms/ benefits be avoided without breaching the patient’s privacy. If not, what is the minimum intrusion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

When disclosing information about a patient you should…..

A

a) Use anoymised/ coded information if practical that will serve the purpose
b) Be satisfied that the patient:

  • i) Has access to the information that their personal information may disclosed for the sake of their care, local clinical audit & they can object
  • ii) Has not objected

c) Explicit consent if information is: identifiable, for purposes other than their direct care, local clinical audit, unless the disclosure is justified by law or public interest
d) Keep disclosure to minimum necessary for purpose
e) Keep up-to-date with, observe all relavent legal requirements including common law & data protection law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Notifable disease under the Health Protection Regulations 2010

What are the Acts/ Legislations around this?

Who should be informed?

Give some examples

A

Legislation:

  • Public Health (Infectious Diseases) Act 1998

Public Health England

  • Health Protection Regulation 2010
  • Hospital Infection control- duty microbiologist*

PHE:

  • Diagnosing clinician’s duty to report case to local health protection team
  • Form
  • Notify urgent cases by phone in 24 hours

Eg: Tb, Acute Poliomyolitis, Acute infectious hepatitis, anything the may present significant risk to human health

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the GDPR 6 key principles?

A

(Please Speak About Amy Aquiring Kim’s Data)

Data must be:

1) Processed fairly, lawfully & in transparent manner
2) Collected for specific, explicit, legitimate purpose & not further processed for other purposes incompatible with those purposes
3) Adequete, relavant & limited to what is necessary
4) Accurate and kept up to date
5) Kept in a form that permits identification of data subjects for no longer than is necessary for the purpose of which the data is processed

“Allows identifcation of data so that it is not kept longer that needed for the purpose it is being used for”

6) Processthat ensures appropriate security of personal data including protection against unauthorised/ unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What act allows people to see the health records of deceased people?

A

Access to Health Records Act 1990

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Under what are you allowed to access the health records for all living people?

A

GDPR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Who can access health records?

A
  • Patients
  • Persons with parental responsibility- if not contrary to competent child’s wishes
  • POA (power of attorney if patient lacks capacity)
  • Executor of Will/ Dependants for deceased patients’ records
  • IMHAs/ IMCAs (Independant MH/ Mental Capacity Advocates)
  • Police- by court order
  • Solicitors- with consent of data subject
17
Q

When may there be no access to health records?

A

Acess likely to cause serious harm- mentally or physically to data subject OR other person

When the data would reveal identity of another person

(Does not apply to HCP involved in care of the data subject- unless disclosure would cause them serious harm)