close

Вход

Забыли?

вход по аккаунту

?

Data Protection and Confidentiality

код для вставкиСкачать
DATA PROTECTION AND PATIENT
CONFIDENTIALITY IN RESEARCH
Nic Drew
Data Protection Manager
University Hospital of Wales
( 2074 6677
п‚ќ 2074 5626
: nic.drew@wales.nhs.uk
OVERVIEW
What is the Data Protection Act 1998?
пѓЏ The 8 Principles
пѓЏ The Principles in practice
пѓЏ Obtaining a R&D reference number
пѓЏ Research not involving patient contact
пѓЏ UHB information resources
пѓЏ
WHAT IS THE DATA PROTECTION ACT?
пѓЏ
LAW ON THE USE OF PERSONAL INFORMATION
пѓЏ
PROVIDES RIGHTS OF PRIVACY
пѓЏ
PROVIDES RIGHTS OF ACCESS
пѓЏ
COMPLY WITH THE HUMAN RIGHTS ACT
пѓЏ
THERE ARE 8 DATA PROTECTION PRINCIPLES
THE EIGHT PRINCIPLES
PERSONAL DATA MUST BE:1.
PROCESSED FAIRLY AND
LAWFULLY + SCHEDULES 2&3
5.
KEPT FOR AS LONG AS IS
NECESSARY AND NO LONGER
2
PROCESSED FOR SPECIFIED
PURPOSES
6
PROCESSED IN LINE WITH
DATA SUBJECTS RIGHTS
3
ADEQUATE, RELEVANT AND
NOT EXCESSIVE
7
SECURE
ACCURATE AND KEPT UP TO
DATE
8
4
ONLY TRANSFERRED TO
OTHER COUNTRIES THAT HAVE
SUITABLE DATA PROTECTION
CONTROLS
PRINCIPLES IN PRACTICE
PRINCIPLE 1
пѓЏ
Fair processing – Provide all relevant information in the
Patient Information Sheet, �Confidentiality Statement’;
who disclosed to, what disclosed, who will access, how
long kept for, what security employed. Remember,
consent is not valid unless informed consent.
пѓЏ
Identifying patients – If you are using initials and DOB as
well as a study number, you must tell patients.
PRINCIPLES IN PRACTICE
PRINCIPLE 1
пѓЏ
Lawful processing – specifically the Human Rights Act,
Article 8 and the Common Law Duty of Confidentiality;
NOTE, if you don’t comply with other related legislation
(e.g. Human Tissue Act) you do not satisfy this Principle!
пѓЏ
Schedule 3 – Explicit Consent is required where there is
patient communication or contact, unless you have an
exemption under section 251 of the NHS Act 2006
PRINCIPLES IN PRACTICE
PRINCIPLES 2 - 3 - 5
2, Specified purpose – if you wish to contact patients for
subsequent studies you need to tell them and gain
consent.
 3, Not excessive – only collect personal data that is
necessary e.g. if you only need age, don’t ask for date of
birth.
 5, Retention – tell patients how long you will keep their
personal data; usually 5 years or 15 for clinical trials
пѓЏ
PRINCIPLES IN PRACTICE
PRINCIPLES 7 - 8
пѓЏ
7, Security – Information Commissioner has made it clear
that all patient identifiable data on laptops or portable
media must be encrypted. C&V UHB only permits emails
with patient identifiable data to be sent between email
addresses ending in wales.nhs.uk
пѓЏ
8, Outside EEA – specific informed consent required; this
must be endorsed on the Consent Form.
R&D REFERENCE NUMBER
пѓЏ
Who recruits the patient? – Legitimate relationship
пѓЏ
Disclosure of identifiable data – Initials+DOB+gender
пѓЏ
Identifiable data on a computer – Who’s computer? Encryption!
пѓЏ
Disclosures outside the EEA? – Specific consent
пѓЏ
GP’s informed? – Medical records accessed?
RESEARCH NOT INVOLVING PATIENT
CONTACT, i.e. NO CONSENT
Permitted, but with strict controls to maintain patient
confidentiality
пѓЏ Access may be granted to patient medical records if you
are a healthcare professional or hold an honorary contract
with the UHB – this will not give direct access to
electronic records
пѓЏ No data capable of identifying a patient can be recorded
пѓЏ Only specimens from UHB patients can be anonymised
by the Labs and made available for research; Principle 7
пѓЏ
INFORMATION SOURCE
пѓЏ
The UHB’s Intranet site has Data Protection information
and guidance available (unfortunately not on the Internetyet)
пѓЏ
�Data Protection Guidance For Researchers’ available on
the Intranet; Data Protection > Guidance > Research, or
from the R&D Department
пѓЏ
National Research Ethics Service guide also available
from above link
Документ
Категория
Презентации
Просмотров
2
Размер файла
1 434 Кб
Теги
1/--страниц
Пожаловаться на содержимое документа