[ad_1]
THE UK MODEL OF PRIVACY PROTECTION AND ROLE OF THE NATIONAL DATA GUARDIAN
The Data Protection Act 19986 implemented the 1995 European Data Protection Directive. It provides the legal framework for the UK’s data protection procedures. The Data Protection Act 1998 provided an exemption from the general prohibition of processing sensitive data for reasons of substantial public interests, which are specifically identified in statutory instruments. These general exemptions included data processing for research, historical and statistical purposes, subject to suitable safeguards.
Notwithstanding, the legal frameworks and national and professional guidance relating to data security and data sharing still remain complex in the UK. There had been a number of initiatives to summarise these guidance into a set of principles. One of the first and best know are the six Caldicott principles.7 There has also been a code of practice on confidential information,8 and a set of auditable standards for information security, the Information Governance Toolkit.9
Navigating the application processes to access data for research purposes can also be a daunting challenge and results in unwillingness to share data. A second Coldicott report10 added a seventh principle that ‘The duty to share information can be as important as the duty to protect patient confidentiality’ to underline the importance of data sharing for legitimate purposes.
In September 2015, the Secretary of State for Health asked Dame Fiona Caldicott, NDG, to review systems of data security, consent and opt-outs. The report11 of the review (also known as Caldicott 3) was published in June this year.
Whilst general UK citizens trust the NHS to protect confidentiality of information, there have been cases where breaches of security or inappropriate sharing of confidential information occurred, eroding this trust. In response, the UK government updated the NHS Constitution in 201312 and introduced a new right for patients to request that their information is not shared beyond their own care and requested specific items of information not to be shared with others involved in providing their care.
UK National Data Guardian – Consent/Opt-out model
-
Patients’ confidentiality is a principle protected by law
-
Health data and information are essential for high quality care,
-
Information is needed to improve the safety and quality of care through
-
Endorses existing right that patients may, at any time, opt out from their confidential information being shared beyond their own care as guarantee by the NHS Constitution
-
The possibility of opting-out is waived where
-
Consultation on whether the opt-out choice could be in two parts:
-
Opt-out where data are processed for use in NHS and social care system
-
Opt-out model for data processed for research
-
UK National Data Guardian report – leadership and trust
The first sentence of the NDG’s review report read: ‘This is a report about trust’. The report seeks to underpin trust in two ways: (1) Ensuring the security of health and social care data and (2) That implied consent combined with an option to opt out from data sharing.
The report called for two local leadership roles: (1) Senior Information Risk Owner (SIRO) – a senior manager who takes ownership of the organisation’s information risk policy) and (2) Caldicott Guardian – a senior clinician responsible for protecting the confidentiality of patient information and enabling appropriate information sharing.
It describes the leadership obligations in the three ‘pillars’ of information security: (1) people, (2) process and (3) technology (Box 2), underpinned by ten detailed data security standards.
In summary, the UK model is one of National legislation and standards with citizen opt-outs; with the NDG trying to pull these elements together to create a technically secure and trusted environment.
UK National Data Guardian (NDG) – The obligations of leaders – the three pillars
-
People: Ensure staff are equipped to handle information respectfully and safely, according to the Caldicott Principles
The standards within this ‘pillar’ include that all staff will complete appropriate annual security training and pass a mandatory test
-
Process: Ensure the organisation proactively prevents data security breaches and responds appropriately to incidents or near misses
The standards within this ‘pillar’ include: –
-
Confidential data are accessible only to staff who need it for their current role and access is removed as soon as it is no longer required
-
Processes are reviewed at least annually to identify and improve processes which have caused breaches or near misses
-
Cyber-attacks are identified and resisted and security advice is responded to;
-
Continuity plans are in place to respond to threats to data security
-
-
Technology: Ensure technology is secure and up-to-date
The standards within this ‘pillar’ include
-
No unsupported operating systems, software are used; a strategy is in place to respond to threats to data security
-
IT suppliers are held accountable via contracts for protecting confidential data
-
The evolution of Privacy and Data Protection at International and EU levels
Many international instruments recognized privacy as a fundamental human right:
-
1948 Universal Declaration of Human Rights13
-
International Covenant on Civil and Political Rights (ICCPR)14
-
UN Convention on Migrant Workers15
-
UN Convention on Protection of the Child.16
In Europe, the right to privacy was legally enforced by the 1950 European Convention for the Protection of Human Rights and Fundamental Freedoms17; it states:
‘Everyone has the right to respect for his private and family life, his home and his correspondence’. The Convention created the European Commission of Human Rights and the European Court of Human Rights to oversee enforcement.
In the development of privacy protection, the Council of Europe’s ‘Convention for the protection of individuals with regard to the automatic processing of personal data’18 and the Organization for Economic Cooperation and Development’s ‘guidelines governing the protection of privacy and transborder data flows of personal data’19 profoundly influenced the enactment of laws around the world during the 60s and 70s.
The 1995 Data Protection Directive20 includes provisions about the processing of health data. Article 8(3) relaxes the provision of the directive for preventive medicine, medical diagnosis, the provision that restricts the processing of health data where it is for care or treatment and the management of health care services, where data are processed by a health professional subject under national law. Also, Member States may, under Article 8(4), for reasons of substantial public interest, lay down additional exemptions.
The Council of Europe Convention on Human rights and Biomedicine (Oviedo 1997) reinforced the principles that everyone is entitled to the right to privacy and confidentiality of personal medical data and the right to be informed about his/her health.21
The Charter of Fundamental Rights, entered into force on 1 December 2009 as part of the Treaty of Lisbon,22 provided the Union of its own catalogue of rights including:
‘Everyone has the right to the protection of personal data concerning him or her. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. Compliance with these rules shall be subject to control by an independent authority’.
The New EU Data Protection Regulation (2016)
The spread of new technological developments alongside the need to make data available to enable the effective delivery of health and social care have both influenced the new EU Regulations.
Generally, they strengthen individuals’ rights – consent is needed for their data to be processed and similarly they have the right to be forgotten. It also introduces tougher penalties for breeches in security. However, the Regulation also specifically acknowledges pseudonymisation as a privacy protection measures (Box 3).
Definition of pseudonymisation – from http://www.epsos.eu/faq-glossary/glossary.html
Pseudonymisation is the process of disguising patient identity. In contrast to fully anonimized data, pseudonymisation allows future or additional data to be linked to the current data, whereby the identity of the patient remains undisclosed.
The processing of personal health data can occur without consent ‘For reasons of public interest in the areas of public health’ if it is based on the union or member state law. ‘Public health’ is given a very broad definition: ‘All elements related to health, namely health status, including morbidity and disability, the determinants having an effect on that health status, health care needs, resources allocated to health care, the provision of, and universal access to, health care as well as health care expenditure and financing, and the causes of mortality’. This reasonably extends to health research, statistics, monitoring, health system performance and governance. Additionally, data do not have to only be held by health professionals.
States must ‘establish specifications for determining the controller, the type of personal data that are subject to the processing, the data subjects concerned, the entities to which the personal data may be disclosed, the purpose limitations, the storage period and other measures to ensure lawful and fair processing’.
These regulations pave the way for initiatives such as those of the UK’s NDG.
Canada has an overarching Federal act, the Personal Information Protection and Electronic Documents Act (PIPEDA), which governs how private sector organizations collect, use or disclose personal information, including health care data23. PIPEDA is supplemented by public and, in some cases, private sector legislations, in each individual province or territory; some of which directly pertain to health care data (e.g. the Personal Health Information Protection Act in Ontario).
The United States has laws specific to individual sectors with the Health Insurance Accountability and Portability Act24 and the Health Information Technology for Economic and Clinical Health Act25 are the two primary federal acts responsible for protecting personal health care information. Both Canada and the USA struggle with finding the balance between protecting individual data and advancing the greater societal good such as health research and surveillance.26 The consent model for research and purposes other than the reason for data collection is opt out in both Canada and the USA, although certain public health and surveillance activities are granted exceptions.27
International approaches to balancing privacy and health needs2 – Australia
The Australian Privacy Act 1988 ‘governs’ the National Information Privacy Principles,28 which forms the ‘soft law’ that guides the implementation of the elements of the privacy act. The Australian information privacy commissioner has the authority to use and disclose information to appropriate authorities as part of any investigations into alleged contraventions of this and the Personally Controlled Electronic Health Record (PCEHR) Act.
The PCEHR is now called ‘MyHealthRecord (MHR)’. Consent to disclose or use health information from MHR may be waived if there is a serious threat to the safety of the consumer or public, or for law enforcement through a court or tribunal. Participants in the MHR system must not hold or take the records outside Australia if it includes personal and identifying information relating to the consumer and participants in the MHR system.
The MHR system has been poorly adopted by heath care providers and patients alike.29 Reasons include the ‘opt-in’ consent model and poor clinician engagement to ensure usability. The current trials on the ‘opt-out’ consent model in designated areas in Australia are due to report soon, which may provide clarity on the safe use and disclosure of MHR information.
It is left to local initiatives to try to link well-defined geographical neighbourhood to provide insights into clinical indicators and health services use in the context of integrated care.30 Much more needs to be done around the custodianship and stewardship of repositories of EHR data.31
Australia appears to be struggling with low uptake of an opt-in model.
[ad_2]
Source link
