Confidentiality and data protection are very important to our Centre, our Hospitals, and our University. We try not only to protect all patient data using UK standards, but also to serve as an example of how to best do this, and to ensure that research aiming to enable the best future care for our patients can be carried out using data from patient health visits. We use a many-sided approach to ensuring data protection and confidentiality: by complying with all legal data requirements; by securing ethical approval for the work that we do; by establishing guidance, policy and oversight; by using computing security and automated methods for anonymization; and by considering activities from a personal perspective.
The use of patient data from medical visits, laboratory tests, procedures and prescriptions is regulated in the UK by the Data Protection Act 1998 (for more details and full act please see: https://www.gov.uk/data-protection/the-data-protection-act). Guidance and policy on use is also provided by the Information Commissioner’s Office (https://ico.org.uk/) and the Health and Social Care Information Centre (http://www.hscic.gov.uk/), which was renamed NHS Digital in April 2016. We follow all legal regulations and guidance provided by these laws and bodies.
How this works in practice
- CUH (Addenbrooke’s and Rosie Hospitals) safeguards patients’ personal information (such as names, addresses and birth dates) and clinical information (such as medical procedures and treatments) that are collected when they become our patients. This also applies to patient samples sent for testing in our laboratories, and referrals for patients that we do not see.
- As part of these safeguards, we enable patient information to be shared with the healthcare workers who look after that patient, as this is critically important to ensuring the best quality care.
- Patient information is also used for ensuring that patients receive the best quality care and that we can change and advance care. This is done in the following ways:
- Supporting the quality of care by conducting reviews of medical notes/electronic medical records to show national agencies and clinicians their performance.
- Investigating new ways to improve care by developing different ways to use and process patients’ clinical data. This may include developing new tools that process data to give predictions of how patients will progress and suggesting different pathways of treatment for different patients with the same condition. This is called decision support.
- Conducting research studies to understand health problems better using clinical data without any personal data included, and only when these studies have been approved by a Research Ethics Committee (please see below for more details).
- For all types of patient data use, there are strict rules in place to ensure confidentiality.
- We only use the minimum amount of data required to carry out any of the processes for which data are used.
- All organisations holding patient data (clinical and/or personal) require either:
- Explicit consent (or agreement) from a patient to do so in writing (this usually applied to research studies) or
- A special accreditation known as, information governance toolkit level 2 (IGT2) accreditation.
- CUH, as with all NHS Trusts holds IGT2 accreditation, as does the University of Cambridge for the use of anonymised clinical data on patients.
- All research in the UK involving humans requires ethical approval.
- While ethical approval is not always required for use of data on NHS patients collected from health records, we believe that it is important to have our work reviewed by a human ethics committee (or Research Ethics Committee) to ensure that we are working to the best ethical standards.
- Gaining ethical approval for the use of healthcare data in research is another of the ways that ensure patients’ clinical information is handled with the greatest of care and confidentiality.
How Ethical Approval is Conducted
- In the UK there are different types of ethical review bodies, and the one that looks after patients in the NHS is called the National Research Ethics Service (NRES). The NRES is overseen by a body call the Health Research Authority (HRA) – please see http://www.hra.nhs.uk/ for information on the HRA and the ethics service.
- The NRES has approximately 69 Research Ethics Committees (RECs) across the country.
- Each of these committees includes members who are involved in patient healthcare, or who conduct research or who are lay members (lay members are people who do not have healthcare or research expertise and represent the general public).
- Members of RECs are trained by the HRA in identifying ethical concerns in research.
- Each month the RECs review a set of applications submitted by researchers intending to conduct research with human participants. They discuss the applications amongst themselves and with the researchers and recommend changes to help researchers achieve the most ethical study that they can run. Sometimes the RECs indicate to researchers that they cannot give a favourable opinion to a study, as it has too many ethical concerns.
Establishing Guidance, Policy and Oversight
In order to ensure that we stay up to date on all requirements and that all of our research activities are maintained in line with University and Trust policies and legal requirements, we have established an Oversight Committee involving key members of the University and Trust. We also carry out a number of other activities to help ensure that data are handled in the most acceptable and appropriate ways.
Oversight involves following activities conducted by Cambridge Clinical Informatics, with respect to the use of data on CUH patients, and reviewing reports produced by Cambridge Clinical Informatics. This will include information on research and discoveries, as well as public and patient recommendations. The Committee will also check that new and current policies and procedures and research activities are in harmony.
Consent versus Anonymous Use of Patient Records
Cambridge Clinical Informatics conducts and supports research for studies that use identifiable data by agreement of the patient (i.e., consent) and anonymous data on patients. Anonymous data and identifiable data that have been consented for use are handled in different ways.
- Consented Identifiable Data – Consented data are shared as part of a research study that a patient has signed up for. In this situation the patient and a researcher have agreed to what data will be used and how it will be handled. Cambridge Clinical Informatics provides clinical data to researchers in the way they have agreed with the patient. The head researcher is responsible for the care of those data.
Please note that whilst it is important for the researcher to know who these data belong to, when they are stored in a University computing environment they must be stored without any identifiable information. This is University policy.
- Anonymous Data – These are data from hospital visits that do not have any patient identifiable data attached to them. The researcher conducting the study will not know who the data are from. This is important, as the patient has not specifically signed up to be a part of this study. This is because the study does not involve doing anything to the patient. It involves looking at how many patients together are doing with respect to certain conditions or treatments. This type of study happens in most hospitals worldwide that have electronic medical record systems.
When the researcher is completed analysing the data, the data are returned to CUH (Addenbrooke’s and Rosie Hospitals) for safe keeping. The researcher is not allowed to keep the data.
Please see below for further computer security for this type of data.
Research Data Governance Committee
Any researcher from who wants to use any type of data, must put in a request.
All requests are reviewed by the Research Data Governance Committee (RDGC) to ensure that the researcher is suitably qualified, that the data being requested is appropriate for the study, and that all legal, ethical and policy requirements are met.
The RDGC includes medical doctors, nurses and pharmacists from CUH (Addenbrooke’s and Roise Hospitals), researchers and medical doctor researchers from the University of Cambridge and two community lay members (people who are not healthcare workers or researchers).
Data are only shared with researchers from CUH or the University of Cambridge.
Patient and Public Involvement
In addition to being involved in the RDGC, we regularly hold focus groups and other activities to communicate our work and get advice from our community.
Patients and the public are very important in guiding our research activities and how we handle data.
If you are interested in joining our patient and public activities, please visit our Patient and Public Involvement Sign-Up page to contact us.
Computing Security and Anonymisation
Within our framework, we also use computer technology to protect patient privacy and confidentiality. We can both secure and automate the way we handle electronic data in order to prevent any individual from seeing a patient’s personal information. We can also ensure that only the researcher who is meant to receive the anonymous data does.
We use an automated anonymisation computer script based on the principles of OpenPseudonymiser (https://www.openpseudonymiser.org/) to remove all identifiable data from a patient record and replace it with a number unique to the patient, but unknown to anyone.
This is done by writing a ‘script’ or series of commands in a computer language and then getting the computer to carry out the activity.
As data in our electronic system are very structured, it is possible to get a computer to complete all of this work so that no one has to look at the clinical data before they are anonymised.
Sharing only the data required to carry out an activity is part of CUH policy and recommended by the Information Commissioner’s Office, and is therefore how we conduct research.
When we share patient clinical data with researchers, we only provide the information that is necessary to answer the research question.
This is often a very small part of a patient’s clinical information.
Secure Data Spaces
Anonymous patient clinical data for research is only allowed to be handled in extra secure data spaces, these include:
- The CUH computing space, where the data are normally stored, and
- A secure space at the University that conforms to NHS computing standards.
Within the University secure space, data can be analysed by researchers, but can never be copied or removed, except by the computing team.
The reason that we are so secure with these anonymised data is that there are more and more modern methods of re-identifying people just from information, for example dates of care. We take this seriously and make sure we know where all data are and who has access to them at all times.
All members of Cambridge Clinical Informatics and many of their family members are also patients (or eligible to become patients) at Addenbrooke’s and Rosie Hospitals. Our data are included in studies conducted by researchers at the University and in the Hospitals. We consider how we would like our data used. Therefore we handle your data the way we would want our data and the data of our loved ones to be handled.