Summary of the impact

The governance of information and its sharing significantly influences legal decision-making in institutional contexts. This research contrasts this with the social benefits and political desirability of making stakeholders who are the subjects of that information (or intended beneficiaries) participants in decision-making by making them partners in information governance and usage (Grace and Taylor, 2013, and Information Governance Review, 2013).

Through ethical and legal analysis this research seeks to understand the critical factors in practitioner decision-making and in structures of governance (including regulation). The specific impacts of this research have been in the fields of healthcare, and the management and governance of patient information in the NHS in research and commissioning contexts - specifically, the individual rights to reasonable objections, where this is practicable, for patients who feel that NHS healthcare research projects infringe their sense of privacy and confidentiality.

Underpinning research

Research by one researcher from the Unit of Assessment (Mr. Jamie Grace, currently Senior Lecturer in Law) has recently (across 2012 and the first third of 2013) focused on information governance and parallels between patient and offender information sharing (Grace and Taylor [the latter employed by the University of Sheffield], 2013). This research into the disclosure of confidential patient information in the context of the new statutory framework for information governance in the NHS has identified as a research finding the legal and ethical necessity of giving patients the right to reasonable objection to disclosure of medical information for research projects.

As a result of this research the recent Information Governance Review undertaken by the Department of Health cited the published article by Grace and Taylor, and the Review incorporated the argument put forward by Grace and Taylor as the eleventh recommendation in the Review. As a result, the above research finding by Grace and Taylor has proceeded to have a key impact through the development and promulgation of the interim guidance of the NHS Health and Social Care Centre, applicable to all NHS organisations sharing patient data. Furthermore, this impact is also identified by way of the Review's recognition, in relation to patient rights concerning the confidentiality of their identifiable and other sensitive health data, prior to a statutory Code of Practice being published in the future, again by the Health and Social Care Information Centre of the NHS.

Jamie Grace's other key research outputs, which underpinned his piece co-authored with Dr. Mark Taylor, are concerned purely with issues of the socio-legal framework for criminality information sharing as an issue in public protection practices, but thematically, they ultimately led to the research finding described here, through an analysis of key parallel legal themes, and thus the impact described here, below

References to the research

Details of the impact

On April 26th 2013 the Department of Health published the "Caldicott 2" report (formally, the Information Governance Review, 2013) (henceforth, `the Review'), the most recent systemic overview of patient information governance in the NHS.

One member (Richard Wild) of the Steering Group that selected the Panel which in turn conducted the Information Governance Review, has noted in correspondence with Grace and Taylor that:

"Grace and Taylor's work changed the perspective of the review panel on the issue of patient objection to the use of confidential health information for purposes beyond direct care."

The Review, published by the Department of Health, duly highlighted the piece published by Grace and Taylor in the Medical Law Review, stating (p.79):

"The Review Panel noted with interest the argument that the law requires any reasonable objection to the disclosure of personal confidential data to be respected".

This argument was put forward by Grace and Taylor in their published piece, as cited above etc..

The research by Grace and Taylor therefore can be said to have influenced to an extent the Information Governance Review, which included the following pertinent recommendation in relation to the work of the new National Health and Social Care Information Centre:

[Recommendation 11, Information Governance Review, 2013]

"The Information Centre's code of practice should establish that an individual's existing right to object to their personal confidential data being shared, and to have that objection considered, applies to both current and future disclosures irrespective of whether they are mandated or permitted by statute... Both the criteria used to assess reasonable objections and the consistent application of those criteria should be reviewed on an ongoing basis."

In a press release on 26 April 2013, the Department of Health noted that at a conference used to launch the Information Governance Review report, "[Health Secretary] Jeremy Hunt said that while effective sharing of patient information has enormous potential to improve patient care, services and treatments, this can only be done effectively if patients are given a say over how their personal information is used."

"[Hunt] announced that:

• any patient that does not want personal data held in their GP record to be shared with the Health and Social Care Information Centre will have their objection respected
• where personal data has already been shared from a GP practice to the Information Centre, a patient will still be able to have the identifiable information removed..."

With a statutory Code of Practice now under development by the Health and Social Care Information Centre of the NHS, the impact of the research by Grace and Taylor has already affected the legal rights of each and every person whose medical or patient data is held by some part of the NHS (that is, the vast majority of the population in the UK) , but more specifically, it will have benefited the informational privacy of those who seek to object to the proposed, non-consensual use of their sensitive personal data in health research programmes and projects, as follows:

Recently, Grace and Taylor (2013), as mentioned above, influenced the eleventh recommendation of the Information Governance Review report — and this recommendation, centring on the right of patients to object to the sharing of their confidential information where this is feasible, can be acknowledged as now comprising part of Department of Health policy in their response to the Information Governance Review report (Department of Health, 2013, p.29-30).

Whilst the statutory Code of Practice on the use of confidential information in health settings (to be promulgated by the Health and Social Care Information Centre) might not be published within the REF time window for impact (as publication is currently stalled), the Health and Social Care Information Centre has published interim guidance on the issue, to which organisations in the health sector must have regard, and which organisations are now following as a result. The right of patients to object to the sharing of their sensitive confidential information in particular circumstances is described on pp. 24-26 of the main part of the interim guidance, and forms 'Rule 4' within the guidance (Health and Social Care Information Centre 2013a) and in Section 18 of the supplementary interim reference guidance from the Health and Social Care Information Centre (2013b).

Sources to corroborate the impact

J. Grace & M. Taylor, `Disclosure of confidential patient information and the duty to consult: The role of the Health and Social Care Information Centre', Med Law Rev (2013) DOI: 10.1093/medlaw/fwt013

Department of Health (2013a), Information: to Share or Not to Share? The Information Governance Review Report, see: https://www.gov.uk/government/publications/the-information-governance-review (specifically p.79) (Accessed at 08/10/2013)

Department of Health (2013b), Press release on 26 April 2013, as part of the launch of the Information Governance Review report, see: https://www.gov.uk/government/news/health-secretary-to-strengthen-patient-privacy-on-confidential-data-use (Accessed at 08/10/2013)

Department of Health (2012c), Information: To Share or Not to Share — Government Response to the Caldicott Review, September 2013, see: https://www.gov.uk/government/publications/caldicott-information-governance-review-department-of-health-response (Accessed at 27/09/2013)

Health and Social Care Information Centre (2013a), A guide to confidentiality in health and social care, September 2013, see http://www.hscic.gov.uk/confguide (Accessed at 27/09/2013)

Health and Social Care Information Centre (2013b), A guide to confidentiality in health and social care: References — Treating information with respect, September 2013, http://www.hscic.gov.uk/confguideorg (Accessed at 27/09/2013)

Private e-mail correspondence between Grace and Taylor and one member (Richard Wild) of the Steering Group that selected the Review Panel which in turn conducted the Information Governance Review

See also the following Guardian article for some context from the wider media: http://www.guardian.co.uk/society/2013/apr/26/patients-access-medical-records (Accessed on 28 April 2013)