B3 W3: Data protection & confidentiality Flashcards
What are the reasons for maintaining confidentiality?
Talk about them in relation to ethical principles
CONSEQUENTIALIST ARGUMENT:
- Impact on the patient (may not go & see Dr again)
- Impact on other generally (loss of public trust)
AUTONOMY:
- Self-determination about how information is shared
VIRTUE ETHICS:
- Promise-keeping/ trustworthiness as virtues
OTHER DUTIES
- Duty of care (data shared in healthcare teams but not beyond)
- Patient-Dr relationship
Give some generalistic reasons for not maintaining confidentiality
Talk about the ethical principles
CONSEQUENTIALISM:
- Impact on specific others (harm of non-disclosure)
OTHER DUTIES:
- Duty of care (data shared in healthcare team but not outside)
What are the types of consent?
Implied or explicit
Implied consent can be sufficient if all the criteria are met……
i) Data is being used to support a patient’s direct care
ii) Information is available to the patient stating how it will be used & how they can object
iii) You have no reason to believe they would object
iv) Satisfied that anyone you disclose to will understand the information has been given in confidence & treat it accordingly
When should you get explicit consent?
If you think the patient would be surprised to learn how you were accessing or disclosing their personal information
GMC Confidentiality paragraph 9
Give examples of secondary uses of patient information
What type of consent should be obtained?
- Research
- Certain types of audit (eg: financial)
- Public Health
- Education
- Health Service Planning
Explicit consent
What does the GMC Confidentiality Paragraph 95 say?
Seek explicit consent to disclose personal information for purposes other than direct health care/ local clinical audit
UNLESS the information is:
Reuired by law, or is not appropriate or practical to obtain consent
When may you disclose personal information for secondary purposes without breaching duties of confidentiality?
What type of information should be given- identifiable or anonymised?
1) Disclosure required by law, including the courts
2) Patient has given consent
3) Disclosure approved through statutory process that sets aside common law duty of confidentiality
4) Disclosure can be, exceptionally, justified in public interest
* Anonymised information is usually suficient for purposes other than direct care*
When is data considered anonymised?
i) Does not directly identify any individual
ii) Unlikely to allow an individual to be identified through combination with any other data
Different types of data have different levels of re-identification risk (Small versus large data set)
Anonymised vs pseudonymised data are NOT the same
Secondary use of data- disclosing in the public interest what must you consider?
i) The potential harm/distress to the patient- will they engage in further Tx/ Dr-Pt relationship
ii) The potential harm to trust in Dr’s
iii) The potential harm to others (specific/public) if not discolsed
iv) The potential benefits to an individual/ society with release of information
v) Nature of the information disclosed & views expressed by the patient
vi) Can the harms/ benefits be avoided without breaching the patient’s privacy. If not, what is the minimum intrusion
When disclosing information about a patient you should…..
a) Use anoymised/ coded information if practical that will serve the purpose
b) Be satisfied that the patient:
- i) Has access to the information that their personal information may disclosed for the sake of their care, local clinical audit & they can object
- ii) Has not objected
c) Explicit consent if information is: identifiable, for purposes other than their direct care, local clinical audit, unless the disclosure is justified by law or public interest
d) Keep disclosure to minimum necessary for purpose
e) Keep up-to-date with, observe all relavent legal requirements including common law & data protection law
Notifable disease under the Health Protection Regulations 2010
What are the Acts/ Legislations around this?
Who should be informed?
Give some examples
Legislation:
- Public Health (Infectious Diseases) Act 1998
Public Health England
- Health Protection Regulation 2010
- Hospital Infection control- duty microbiologist*
PHE:
- Diagnosing clinician’s duty to report case to local health protection team
- Form
- Notify urgent cases by phone in 24 hours
Eg: Tb, Acute Poliomyolitis, Acute infectious hepatitis, anything the may present significant risk to human health
What are the GDPR 6 key principles?
(Please Speak About Amy Aquiring Kim’s Data)
Data must be:
1) Processed fairly, lawfully & in transparent manner
2) Collected for specific, explicit, legitimate purpose & not further processed for other purposes incompatible with those purposes
3) Adequete, relavant & limited to what is necessary
4) Accurate and kept up to date
5) Kept in a form that permits identification of data subjects for no longer than is necessary for the purpose of which the data is processed
“Allows identifcation of data so that it is not kept longer that needed for the purpose it is being used for”
6) Processthat ensures appropriate security of personal data including protection against unauthorised/ unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
What act allows people to see the health records of deceased people?
Access to Health Records Act 1990
Under what are you allowed to access the health records for all living people?
GDPR