![Sample our Law journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5942/TOC-Subject-Sample-2021-Law.jpg"})
Abstract
This paper provides a novel and critical analysis of the necessary and important balance between ‘individual privacy’ and ‘collective transparency’. We suggest that the onset of the Information Revolution has created a dilemma for the National Health Service (NHS) in terms of how it addresses its obligation to use information to improve best practice in healthcare for society (‘collective transparency’) whilst also keeping sensitive personal information confidential (‘individual privacy’). There is clearly a need to consider both whether the NHS is balancing this critically important informational relationship and whether its approach is fit for purpose. We argue that the NHS's ‘proxy-individual’ information guardian role could inadvertently mask individuals' intended roles, effectively circumventing autonomy-based laws by limiting the power of individuals to be autonomous. In this article we have identified three issues – first the prevailing ‘Mindset’ (the ‘M’) of ‘privacy’, which is viewed as individualistic, resulting in an overpowering concept of confidentiality; second, the quality and control of Information (the first ‘I’); and third, the concept of innovation (the second ‘i’), which is being used as a ‘solution’ rather than a vehicle for transparency. Indeed, transparency is our target of ‘best practice,’ and we suggest that individual privacy and collective transparency are best embedded within a complementary privacy framework that offers a better fit than the current split of control between the roles of the NHS and the roles of the individual. It is suggested that when facilitated by transparency, ‘control’ and ‘privacy’ form a continuum, aligning through the desire for choice. Therefore, the choice of control could facilitate control and choice. Together, they could replace the concept of privacy by empowering ‘informed patients’ to support the NHS's ‘No decision about me, without me’ pledge.
Acknowledgements
Many people and institutions have both inspired and assisted us in this endeavour, which began in 2010. The BILETA afforded us the opportunity to present this as a paper at its 2012 Annual Conference, held at the University of Northumbria. Additionally, we wish to thank Philip Leith for invaluable discussion of certain points that appear in the paper. We would also like to thank Abhilash Nair and Richard Jones, editors and colleagues who shared essential insights and expertise and the anonymous reviewers for their insightful and constructive comments on an earlier draft of this article. The views expressed in this article are the authors’ own, as an academic pursuit and do not reflect those of the NHS or any other organisation.
Notes
Department of Health. 2010. Liberating the NHS: An Information Revolution http://consultations.dh.gov.uk/information-revolution/informationrevolution
Proxy-individual' is a term used throughout the paper to reflect the NHS's assumed role of controlling individuals' health records.
NHS Connecting for Health is a pre-existing organisation that supports the NHS in providing better, safer care by delivering computer systems and services that improve the way patient information is stored and accessed. See NHS CFH www.connectingforhealth.nhs.uk
Department of Health. 2010. Liberating the NHS: An Information Revolution http://consultations.dh.gov.uk/information-revolution/informationrevolution
For example, sharing information through the ‘patients like me’ site – www.patientslikeme.com/
Technical Information Governance controls include those that govern access control (Role Based Access Controls (RBAC) Workgroups (WGs) Legitimate Relationships (LRs)) Authentication (Registration Authority/Smartcards) and patient choice (Sealing, locking, s-flagging - whether to have a Summary Care Record (SCR) or not).
See Feinberg, J. 1986. Harm to self, 47. Oxford: Oxford University Press.
See Basu, S. 2012. Privacy protection: a tale of two cultures. Masaryk University Journal of Law and Technology 6, no. 1: 1–34.
See Westin, A.F. 1967. Privacy and freedom. New York: Atheneum; Lyon, D. 2001. Surveillance society: monitoring everyday life. Philadelphia, PA: Open University Press; Beniger, J.R. 1986. The control revolution: technological and economic origins of the information society. Cambridge, MA: Harvard University Press; DeCew, J.W. 1997. In pursuit of privacy: law, ethics and the rise of technology. Ithaca, NY: Cornell University Press.
See Basu, S. 2012. Privacy protection: a tale of two cultures. Masaryk University Journal of Law and Technology 6, no. 1: 1–34.
Westin, A.F. 2003. Social and political dimensions of privacy. Journal of Social Issues 59: 431.
See Aplin, T. 2007. The development of the action for breach of confidence in a post-HRA era. IPQ 19. Courts no longer analyse the action for breach of confidence in the terms of the three-limbed test of Coco v Clark (Coco v A N Clark (Engineers) Ltd [1969] RPC 41). Rather, the key question is whether the information is ‘private’ and, if it is, an obligation of confidence arises. Courts will then engage in a balancing exercise between Arts 8 and 10 of the ECHR
See Margulis, S. 2003. Privacy as a social issue and behavioral concept. 59 JSI, 2, 243.
Such as misuse of a public office as noted by Westin, A. 1967. Privacy and freedom. New York: Atheneu.
Froomkin, A. 2000. The death of privacy? 52 SLR 1461,1462
Warren, C. and Laslett, B. 1977. Privacy and secrecy: a conceptual comparison. 33 JSI43.
See Fredman, S. 2008. Human rights transformed. Oxford: Oxford University Press.
Positive definitions of privacy depend on control by the person who is the subject of the information sharing.
Altman, I. 1975. The environment and social behavior: privacy, personal space, territory, crowding. Pacific Grove, CA: Brooks/Cole.
Westin, A. 1967. Privacy and freedom. New York: Atheneu.
Wacks, R. 1993. Personal information - privacy and the law. Oxford: Clarendon Press.
Ibid. at 26.
Ibid.; Wacks, R. 1989. Personal information: privacy and the law. Oxford: Clarendon Press.
See Bloustein, E. 1964. Privacy as an aspect of human dignity: an answer to Dean Prosser. 39 N YULR 962.
Warren, S. and Brandeis, L. 1890. The right to privacy. 4 HLR 193, 195.
Allen, A. 1988. Uneasy access: privacy for women in a free society. Lanham, MD: Rowman & Littlefield.
See Altman, I. 1975. The environment and social behavior: privacy, personal space, territory, crowding. Pacific Grove, CA: Brooks/Cole.
See European Commission. 2012. Brussels, 25.1.2012, COM, 11 final 2012/0011 (COD) Proposal for a Regulation of The European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). This is beyond the scope of this paper as it deals with the current state where the ethics of consent is discussed, not the mechanics.
See Ovey, C. and White, R. 2006. The European convention on human rights, 51 Oxford: Oxford University Press.
Moller, K. 2009. Two conceptions of positive liberty: towards an autonomy-based theory of constitutional rights. OJLS 757.
Fredman, S. 2008. Human rights transformed. Oxford: Oxford University Press.
Leith, P. 2006. The socio-legal context of privacy. 2 IJLC 2, 105.
Formerly covered in Section 60 of the Health and Social Care Act 2001; referred to hereafter as ‘s.251’.
In overseeing these exceptions to confidentiality, the Secretary of State must consult with the independent NIGB (formerly PIAG).
Moor, J. 1997. Towards a theory of privacy in the information age. 27 CS 3, 27.
In a naturally private situation, privacy can be lost but not violated or invaded because there are no conventional, legal, or ethical norms that could give rights to be protected.
Privacy is also protected by ethical, legal and conventional norms.
Leith, P. 2006. The socio-legal context of privacy. 2 IJLC 2, 105.
Feinberg, J. 1986. Harm to self, 47. Oxford: Oxford University Press.
Von Hannover v Germany (App no 59320/00) (2005) 40 EHRR 1 [50]-[53].
Ibid. [43].
Ibid. [45].
Leith, P. 2006. The socio-legal context of privacy. 2 I JLC 2, 105.
NHS Act 2006.
Department of Health. 2010. Equality and Excellence, Liberating the NHS (White Paper, Cm 7881).
The Health Service (Control of Patient Information) Regulations 2002, SI 2002/1438.
Patient Identifiable Data is defined as patient that can be directly linked back to a living individual.
For example the NHS (Venereal Diseases) 1974 Regulations, SI 1974/29, allows patient anonymity to encourage service uptake. The discloser of information for contact-tracing is supported in the case of sexually transmitted diseases. This disclosure can only be by a Doctor or someone working on instruction. For example GPs are not routinely informed, although patients are encouraged to allow this. There was a legal challenge to this practice at the time of the initial HIV outbreak. For reasons of public good it was agreed that patients could not stop reporting this condition. This has allowed a tracking of the progress of the condition. Likewise, The Health and Social Care Act 2008 allows exemption to consent to be sought through review by the NIGB, for example for a national audit for a disease such as diabetes where without a survey of GP records, an accurate picture cannot be gained from other sources. The survey must be as representative as possible; therefore an s.251 application would be made.
Ashworth Security Hospital -v- MGN Ltd[2001] 1 WLR 515.
Ackroyd v Mersey Care NHS Trust (No.2), [2006] EWHC 107 97 (Tugendhat J).
Ackroyd v Mersey Care NHS Trust (No.2), [2006] EWHC 107 97, (Tugendhat J); see also Mr Justice Tugendhat's reference to Hannover v Germany (2004) 16 BHRC 545 at [57].
Sandland, R. 2007. Case comment freedom of the press and the confidentiality of medical records. MLR 405
The relevance of Article 8 of the Convention was shown in Z v Finland where it was held that ‘the protection of personal data not least medical data, is of fundamental importance to a person's enjoyment of his or her right to respect for private and family life as guaranteed by Article 8 of the Convention.’
Ackroyd v Mersey Care NHS Trust (No.2), [2006] EWHC 107.
Ashworth Hospital Authority v MGN Ltd. [2002] UKHL 29.
(1998) 25 EHRR 371.
Ashworth Hospital Authority v MGN Ltd. [2002] UKHL29 64 (Rougier J) using the concept developed by Lord Woolf in Broadmoor Special Hospital Authority v R [2000] QB 775, 26.
Fredman, S. 2008. Human rights transformed. Oxford: Oxford University Press. Its proponents in the philosophical domain are, among others, Ronald Dworkin and Joel Feinberg, and in the legal domain a related understanding of constitutional rights has been advocated by Letsas, G. 2006. Two concepts of the margin of appreciation. 26 OJLS 705, 717. See also Oliver, D. and Fedtke, J. (eds). 2007. Human rights and the private sphere. London: Routledge-Cavendish, provides a comprehensive comparative study of the horizontal effect of constitutional rights. For an argument to the effect that the different doctrinal devices employed in different jurisdictions are actually irrelevant for the substance of constitutional rights protection in the private sphere, see Kumm, M. and Ferrerez Cornelia, V. 2005. What's so Special about constitutional rights in private litigation? a comparative analysis of the function of state action requirements and indirect horizontal effect. In The constitution in private relations, eds A Sajo and R Uitz, 241. Utrecht: Eleven International Publishing.
Leith, P. 2006. The socio-legal context of privacy. 2 IJLC 2, 105.
Ibid.
See National Treatment Agency for Substance Misuse. 2003. Confidentiality and information sharing. September.
Moore, B. 1984. Privacy: studies in social and cultural history, 274. New York: M E Sharpe.
Information Commissioner's Office. 2003. Who cares about Data Protection? Data Protection Act: Segmentation Research, 12. The ICO emphasise privacy concerns but most individuals appear unconcerned. Only 1% of the population alter their behaviour to protect privacy, for example there were only three respondents to the Cabinet Office's consultation on data sharing yet data protection law adversely affects consumers. In medical records, ‘privacy’ renders intelligence worthless. For example, registration for cancer registry research falling below 95% would make registries worthless.
R v. Department of Health ex p Sources Informatics Ltd. [1999] 4 AER [185] (Letham LJ).
Ibid.
Bergkamp, L. 2002. The privacy fallacy: adverse effects of Europe's data protection policy in an information-driven economy. 18 CLSR 1.
Wacks, R. 2004. Private facts: is Naomi Campbell a good model? SCRIPT-ed I, no. 3: 460.
This was established in Campbell v MGN Ltd [2004] UKHL 22 [2004] 2 AC 457 where the HoLs failed to clarify privacy as a legal concept.
It is recognised that legally the Secretary of State owns patient records but this prefers ‘theoretically’ to ‘ownership’ as control.
These include technical Information Governance controls that govern access control (Role Based Access Controls (RBAC) Workgroups (WGs) Legitimate Relationships (LRs) Authentication (Registration Authority\Smartcards), patient choice (Sealing, locking, s-flagging – whether to have an Summary Care Record (SCR) or not See NHS CFH, ‘Confidentiality’ www.connectingforhealth.nhs.uk/systemsandservices/infogov/confidentiality.
See Section 7 of the Data Protection Act.
Ironically registration is an IG control in itself.
Dickinson, A. 2010. Qinetiq, ‘A Finer Balance’. www.v3.co.uk/v3-uk/analysis/2004967/uk-tougher-privacy-standards/page/1
Greenhalgh, T. 2008. The Devil's in the detail. Final report of the independent evaluation of the Summary Care Record and HealthSpace programmes: Final Report, 6. https://www.ucl.ac.uk/news/scriefullreport.pdf
Ibid., 6.
Carlisle, D., 2011. IG ‘major block’ on IT projects. eHealth Insider, 13 April 2011. www.ehi.co.uk/news/EHI/6805/ig-'major-block'-on-it-projects
The Working Party on the Protection of Individuals with regard to the Processing of Personal Data, ‘Article 29’ Opinion on Consent. WP131 Working Document on the processing of personal data relating to health in electronic health records (EHR). 13 July 2011. http://ec.europa.eu/justicepolicies/privacy/wpdocs/2011/wp187_en.pdf
Ibid.
Redress is available through the Information Commissioner's Office (see endnote 80 below) specifically relating to the DPA, but an action can be brought by individuals under the HRA, or the common law duty of confidentiality.
Information Commissioner's Office. www.ico.gov.uk. Office responsible for the enforcement of the Data Protection Act 1998.
Thomas, R. 2006. ICO, What price privacy: the unlawful trade in confidential personal information. May 2006. www.ico.gov.uk/news/current_topics/~/media/documents/library/Corporate/Research_and_reports/what_price_privacy.pdf
See European Commission, Brussels, 25.1.2012, COM (2012) 11 final 2012/0011 (COD) Proposal for a Regulation of The European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). This is beyond the scope of this paper as it deals with the current state where the ethics of consent is discussed, not the mechanics.
Aplin, T. 2007. The development of the action for breach of confidence in a post-HRA era. IPQ 19 Courts no longer analyse the action for breach of confidence in the terms of the three-limbed test of Coco v Clark (Coco v A N Clark (Engineers) Ltd [1969] RPC 41). Rather, the key question is whether the information is ‘private’ and, if it is, an obligation of confidence arises. Courts will then engage in a balancing exercise between Article 8 and 10 of the ECHR.
See Caldwell, J. 2003. Protecting privacy post Lenah: should the courts establish a new tort or develop breach of confidence? 26 UNSW LJ 90, 121; see also Morgan, J. 2004. Privacy in the House of Lords, again. 120 LQR 563; see Mulheron, R. 2006. A potential framework for privacy? A reply to Hello! 69(5) MLR 679, 686.
Support includes: the emphasis on whether information is ‘private’ as opposed to ‘confidential’; the falling away of the second requirement of Coco v Clark (Coco v A N Clark (Engineers) Ltd [1969] RPC 41). See Singh, R. and Strachan, J. 2003. Privacy postponed. EHRLR 11, 19.
See Sparks, P. 2008. The impact of the Human Rights Act for patients and accident victims. JPIL97.
A v X (Disclosure: Non-Party Medical Records)[2004] EWHC 447, QBD.
[2001] EWCA Civ 998.
[2000] 1 WLR 1382.
See London Borough Council v Mr and Mrs N (foster carers of the Child) (1), P (A Child by her Guardian Pauline Bennett) [2005] EWHC.
The duty of confidentiality owed to a child has also been decided in favour of the individual's privacy. See R (on the application of Axon) v Secretary of State for Health [2006] EWHC 37. See also Gillick v West Norfolk and Wisbech AHA [1986] AC 112.
Cornelius v De Taranto [2001] EWCA Civ 1511, QBD.
Through Article 10 and 12 of the ECHR.
Sandland, R. 2007. Freedom of the press and the confidentiality of medical records. MLR 40.
[2006] EWHC 107.
[2000] WL 3354.
[2001] 1 WLR 515.
[2002] UKHL 29.
[2007] EWCA Civ 101 at [4].
Ashworth Security Hospital -v- MGN Ltd[2001] 1 WLR 51538.
Goodwin v United Kingdom (1996) 22 EHRR123 39.
Ashworth Security Hospital -v- MGN Ltd[2001] 1 WLR 515 38.
Ashworth Security Hospital -v- MGN Ltd[2001] 1 WLR 515 29 Per Lord Woolf in Goodwin v United Kingdom (1996) 22 EHRR 123 at [62] ‘The “necessity” for any restriction of freedom of expression must be convincingly established, there must be a ‘pressing social need’ for disclosure, and any order must be proportionate to its aim'1 Ashworth Security Hospital -v- MGN Ltd[2001] 1 WLR 515 3.
Even in 2010 Sheikh felt it necessary to emphasise the need for vigilance in accessing, storing and discussing PID. See Sheikh, A. 2010. Confidentiality and privacy of patient information and records: a need for vigilance in accessing, storing and discussing patient information. 16 (1) MLJI 2.
Ashworth Security Hospital -v- MGN Ltd[2001] 1 WLR 515. In February 2007, the Court of Appeal upheld the decision of the High Court in Robin Ackroyd v Mersey Care NHS Trust (No.2).
Ackroyd v Mersey Care NHS Trust (No.2) [2006] EWHC 107. This case is the sequel to the decisions of the High Court, Court of Appeal and House of Lords in Ashworth v Mirror Group Newspapers (MGN).
The Department of Health. 2010. ‘NHS Information Governance, Guidance on Legal and Professional Obligations’.
See for example Department of Health. 2010. Liberating the NHS: an information revolution http://consultations.dh.gov.uk/information-revolution/informationrevolution.
Department of Health. 2010. Liberating the NHS: an information revolution http://consultations.dh.gov.uk/information-revolution/informationrevolution
See further Sheikh, A. 2010. Confidentiality and privacy of patient information and records: a need for vigilance in accessing, storing and discussing patient information. 16 (1) MLJI 2. Sheikh notes that ‘There are at least 101,272 non-medical personnel working in NHS acute trusts in Britain that have access to confidential medical records (p. 4). For further details of the IG controls see NHS CFH, ‘NHS CFH IG Controls’ www.connectingforhealth.nhs.uk/systemsandservices/infogov/confidentiality/choices
Ackroyd v Mersey Care NHS Trust (No.2) [2006] EWHC 107.
The CRG sets out the rules that govern how patient information is used in the NHS and what control the patient can have over this. It is based on professional guidelines, best practice and the law and applies to both paper and electronic records. Whilst it is not a legal document, the Guarantee can be used as the basis for a complaint.
CRG commitment 11 was termed ‘We will keep a record in the newer electronic record systems of anyone who has accessed a health record or added notes to it’ until the 2011 version, which has added ‘Some of the older computer systems will only record who has accessed a record where they have made changes. Paper records only include where people have made notes in the record and not when someone looks at the record. See further NIGB, ‘Care Record Guarantee’, www.nigb.nhs.uk/pubs/nhscrg.pdf
Warren, S. and Brandeis, L. 1890. The right to privacy. 4 HLR 193, 195, 196.
Posner, R. 1981. The economics of justice. Cambridge, MA: Harvard University Press.
Bork, R. 1990. The tempting of America: the political seduction of the law. New York: Simon and Schuster.
Sheehan, K. 2002. Towards a typology of internet users and online privacy concerns. IS 18, 21.
See Tavani, H. 2000. Privacy security. In Internet ethics, Chap 4, ed. D Langford. London: Macmillan Press. See also Tavani, H. 2000. Privacy and the internet. BCIPTF 041901.
Bok, S. 1982. Secrets: on the ethics of concealment and revelation. New York: Pantheon.
See Allen, A. 1988. Uneasy access: privacy for women in a free society. NJ: Rowman and Littlefield.
Westin, A. 1967. Privacy and freedom. New York: Atheneum.
Margulis, S. 1977. Perceptions of privacy: current status and next steps. 33 (3) JSS 5, 10.
Mills, J.S. 1869. On liberty. London: Longman, Roberts and Green.
Altman, I. 1977. Privacy regulation: culturally universal or culturally specific? 33 (3) JSI66.
Altman, I. 1975. The environment and social behaviour. Pacific Grove, CA: Brooks/Cole.
Ibid. at 18.
Leith, P. 2006. The socio-legal context of privacy. 2 IJLC 2, 105.
Parent, W. 1983. Privacy, morality and the law. 12 PPA 269.
Gavison, R. 1980. Privacy and the limits of law. 89 YLJ 421; see also Allen, A. 1988. Uneasy access: privacy for women in a free society. NJ: Rowman and Littlefield; and Moore, M. 2003. Privacy: its meaning and value. 40 APQ 215.
Schoeman, F. (ed). 1992. Privacy and social freedom. Cambridge: Cambridge University Press.
DeCew, J. 1997. In pursuit of privacy: law, ethics, and the rise of technology. Ithaca, NY: Cornell University Press.
Margulis, S. 2003. Privacy as a social issue and behavioral concept. 59 (2) JSI 243, 259.
Kelvin, P. 1973. A social-psychological examination of privacy. 12 BJSCP 248.
Johnson, C. 1974. Privacy as personal control. In Man-environment interactions: evaluations and applications: part 2, ed. D. Carson, 83. Washington, DC: Environmental Design Research Association.
Ibid.
Tavani, H. 2001. Privacy security. In Internet ethics, ed. D. Langford. London: Macmillan Press; see also Rachels, J. 1975. Why is privacy important? 4 PPA 4.
Department of Health. 2010. An information revolution: a consultation on proposals www.dh.gov.uk/prod_consum_dh/groups/dh_digitalassets/@dh/@en/documents/digitalasset/dh_120664.pdf
See Case, P. 2003. Confidence matters: the rise and fall of informational autonomy in medical law. 208 MLR 1 . The autonomy, control and ‘social good’ balance within NHS medical records has been long debated but action is now necessary due to rapidly changing demographics – an ageing more geographically mobile population – coupled with limited funding for the NHS.
Department of Health. 2010. Liberating the NHS: greater choice and control. A consultation on proposals. 18 October. www.dh.gov.uk/en/Consultations/Liveconsultations/DH_119651
Department of Health. 2010. An information revolution: a consultation on proposals www.dh.gov.uk/prod_consum_dh/groups/dh_digitalassets/@dh/@en/documents/digitalasset/dh_120664.pdf 1, Pg.4
Department of Health. 2010. Liberating the NHS: greater choice and control. A consultation on proposals. 18 October. www.dh.gov.uk/en/Consultations/Liveconsultations/DH_119651 Para 2.2, Pg. 6
See Doran, K. 1997. Medical confidentiality: the role of the doctrine of confidentiality in the doctor-patient relationship. 3 MLJI 21.
Department of Health 2001. NHS Lifehouse Project 9.
McHale, J. 1993. Medical confidentiality and legal privilege, 32. London: Routledge.
General Medical Council. See www.gmc-uk.org/
Paragraph 27 of GMC, Confidentiality: protecting and providing information (September 2000). The relevant provision reads as follows: ‘The automatic transfer of personal information to a registry, whether by electronic means or other means, before informing the patient that information will be passed on, is unacceptable save in the most exceptional circumstances. These would be where a court has already decided that there is such an overwhelming public interest in the disclosure of information to a registry that patients’ rights to confidentiality are overridden; or where you are willing…'
British Medical Association. See bma.org.uk/
BMA, British Medical Association guidance: confidentiality and disclosure of health information (14 October 1999).
MRC. 2000. Personal information in medical research, at para 2.2.2.
Ibid. ‘When consent is impracticable confidential information can be disclosed without consent only if: the likely benefits to society outweigh the implications of the loss of confidentiality, so that it is clearly in the public interest for the research to be done; there is no intention to feed information back to the individuals involved or take decisions that affect them, and; there are no practicable alternatives of equal effectiveness.’
See Turnbull, G. 2001. Cancer registries say informed consent is unworkable. 18(2) BJHCIM11.
See Johnson, C. 1974. Privacy as personal control. In Man-environment interactions: evaluations and applications: part 2 ed. D. Carson, 83. Washington, DC: Environmental Design Research Association.
Department of Health 2010. Equality and excellence, liberating the NHS. White Paper, Cm 7881.
[1978] AC 171 at 175.
[1990] Ch 359.
W v Edgell [1990] Ch 359 361. After first of all stating that the public interest in preserving confidence was a public health issue, Scott J continued to explain that W, a schizophrenic with convictions for manslaughter, was not in the position of an ordinary member of the public. His past conduct meant that Dr Edgell had a duty to the public at large. W was consequently owed a duty of confidence less extensive than the duty that would be owed by psychiatrists to ordinary members of the public.
[2001] QB 424 at [444].
Ibid. at [443].
[1988] 2 AER 648 at [653].
[1990] AC 109.
Attorney General v Guardian Newspapers (No 2) [1990] AC 109 at [256]. See Jones, M. 1990. Medical confidentiality and the public interest. PN 6(1) 16, where the view of Lord Keith is supported.
R v Department of Health ex parte Source Informatics [2001] QB 424 (Brown LJ). See also Douglas v Hello! Ltd [2001] QB 967.
[1967] FSR 211, 220.
Privacy occupied only a residual role in legal protection at the time.
Whalen v Roe, 429 U.S. 589, 1977.
Brin, D. 1998. The transparent society: will technology force us to choose between privacy and freedom? MA: Perseus Books.
See Froomkin, A. 1996. Regulation of computing and information technology. Flood control on the information ocean: living with anonymity, digital cash and distributed databases. 15 JLC 396.
Johnson, C. 1974. Privacy as personal control. In Man-environment interactions: evaluations and applications: part 2, ed. D. Carson, 83. Washington, DC: Environmental Design Research Association.
Ibid.
In line with Principle 2 of the DPA 1998 – ‘Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes’ and Principle 3 DPA 1998 – ‘Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed’.
Marsh, Jr, R. 2009. Legislation for effective self-regulation: a new approach to protecting personal privacy on the internet. 15 M TTLR 543.
See Froomkin, A. 1996. Regulation of computing and information technology. Flood control on the information ocean: living with anonymity, digital cash and distributed databases. 15 JLC 396.
See Froomkin, A. 2000. The death of privacy? 52 SLR 1461.
Marshall, P. 1999. The myth of patient confidentiality. 22 November. http://lists.essential.org/med-privacy/msg00449.html
Sirc, N. 2005. Data protection and the NHS: putting patients first? 2 DPL & P 2 www.e-comlaw.com/dplp/archive/volume_2_issue_5.htm
If the data controller is not a health professional, then the data controller needs to consult with the appropriate health professional. See Brinn, L. 2009. Ownership of electronic health information must be addressed. www.fuqua.duke.edu/news_events/releases/schulman_jama_health_info
Big Brother Watch UK. 2010. Broken records: the worrying lack of security around your medical history, and how it could be changing for the worse. www.bigbrotherwatch.org.uk/brokenrecords.pdf
[1993] DLR 415.
Westin, A. 1976. Computers, health records, and citizen's rights. Washington, DC: United States Department of Commerce.
McInerney v McDonald [1993] DLR 415 422.
[1928] SCR 125.
Halls, ibid. 127 (Duff J) and Knoppers, B. 1982. Confidentiality and accessibility of medical information: a comparative analysis. 12 RDUS 431, 431.
[1993] 137 SJ 153 (QBD).
McInerney v McDonald [1993] DLR 415.
R v Mid-Glamorgan FHSA and South Glamorgan Health Authority, ex parte Martin [1993] 137 SJ 153 (QBD) 415 (Popplewell J) referring to Sidaway v Bethlehem Hospital [1984] I AER 1018 1020.
For example, avoiding a threat to patient's physical or mental health in the doctor's opinion.
Feenan, D. 1996. Common law access to medical records. 59 MLR 101.
Rights of access to personal data are central to the DPA. However, if the personal data concerns physical or mental health or condition, the provisions are modified by the Data Protection (Subject Access Modification) (Health) Order 2000, SI 2000/214. See in particular Article 5 ‘Exemptions from section 7’ Under the Data Protection Act 1998 there are certain circumstances in which the record holder may withhold information. Access may be denied, or limited, where the information might cause serious harm to the physical or mental health or condition of the patient, or any other person, or where giving access would disclose information relating to or provided by a third person who had not consented to the disclosure. It is these circumstances the NHS must foresee this and exclude it from the ‘MIi’ and ‘WIi Fit’ portals in order to safeguard patients and allow them to exercise positive freedoms.
Summary Care Record.
Newdick, C. 2002. NHS governance after Bristol: holding on, or letting go? MLR 111.
For an existing guide see ICO, Health www.ico.gov.uk/for_the_public/topic_specific_guides/health.aspx
See also Department of Health. 2007. Building a safer NHS for Patients: Implementing an Organisation with a Memory, para. 52. 8 February.
See the story of Helen Wilkinson, incorrectly labelled an alcoholic on her record, who had to leave the NHS altogether to have her record deleted: Evans, R. 2006. The woman falsely labelled alcoholic by the NHS. The Guardian, London, 2 November. www.guardian.co.uk/society/2006/nov/02/health.epublic. This contravenes principle 4 of the DPA – ‘Personal data shall be accurate and, where necessary, kept up to date.’
The Royal Colleges are already working on such standards. See for example Royal College of Physicians. ‘The case and the vision for patient-focused records’ (published 2009), ‘Generic medical record-keeping standards’ (published 2007) and ‘A clinicians guide to records standards for the structure and content of medical records’ (published 2008); Royal College of General Practitioners, ‘Shared record professional guidance’ (published 2009) and ‘Enabling patients to access electronic health records: guidance for health professionals’ (published 2011).
Section 60(1) Health and Social Care Act 2001 ‘(i) does the application concern a medical purpose necessary or expedient in the interests of improving patient care or in the public interest?’ It can include identification of subject population, distortion of results and a temporary measure as a precursor to anonymisation.
The NIGB considers: Section 60(3) of the Health and Social Care Act 2001: (ii) ‘is there no reasonably practicable alternative to bypassing consent?’
Department of Health. 2001. Health and Social Care Act 2001: Sections 60 and 61, Background Information gives an indication of situations that may give rise to this, including the number of patients in the sample as affecting practicability.
National Information Governance Board for Health and Social Care (replaced the PIAG – the Patient Information Advisory Group).
Hansard, H.L. vol.635 col. 744 (21 May 2002).
Sec. 7 (1) (d) DPA 1998 is enacted through The Data Protection (Subject Access) (Fees and Miscellaneous Provisions) Regulations 2000, SI 2000/ 191. These Regulations make miscellaneous provision in respect of the exercise of the right of access to personal data conferred in section 7 of the DPA 1998.
Patient Identifiable Data is defined as patient that can be directly linked back to a living individual. .
Except perhaps the broadly phrased section 7(1)(d) of the DPA 1998.
The ECC are part of the decision making process to bypass consent through s.251 applications. This role would be a role which to a certain degree the individual could contribute to through the ‘MIi Fit’ portal.
GMC. 2000. Patient information in medical research, para 34. September.
MRC. 2000. Personal information in medical research, para. 2.2.2. The Medical Research Council also involves research ethics committees in the procedure stating that the ‘judgement that consent is impracticable is never that of the researcher alone: unless an ethics committee concurs, and health professionals agree to participate in the study on this basis, the research cannot take place.’
Please note the ECC is soon to be abolished but a body with similar responsibilities will form.
Foster, C. and Peacock, N. 2000. Clinical confidentiality, 16. Sudbury: Monitor Press.
[2002] All ER 780, 788.
Some legislative provisions require tweaks to reconsider the breadth of information available and the spectrum of people with access. In cancer research for example, it allows: (1) ‘patients referred for the diagnosis or treatment of neoplasia’ and (2) any patient where processing is ‘with a view to diagnosing communicable diseases and other risks to public health’, recognising trends and risks in such diseases and the management and monitoring of such (the Public Health Service Laboratory (PHLS) provisions).
Regulation 3(3) (c) The Health Service (Control of Patient Information) Regulations 2002, SI2002/1438. The supposed safeguard is that anyone in receipt of such information is bound by confidentiality.
Ackroyd v Mersey Care NHS Trust (No.2) [2006] EWHC 107.
Subject to the work of cancer registries and protection of the public from communicable diseases. See Hansard, H.L. vol 635, col. 730 (21 May 2002).
Section 4, The Health Service (Control of Patient Information) Regulations 2002, SI2002/1438.
See Metlay, D. 1999. Institutional trust and confidence: a journey into conceptual quagmire. In Social trust and the management of risk, eds G. Cvetkovich and R. Lofstedt, 32. London: Earthscan, regarding inconsistency between words and actions as a major cause of public distrust.
The Secondary Uses Services. See NHS Connecting for Health, ‘Secondary Uses Service’ www.connectingforhealth.nhs.uk/systemsandservices/sus/background
SUS comprises the development, implementation and management of a related set of systems and services, being implemented within a consistent IG model, which ensures the security and confidentiality of PID through RBAC, encrypted pseudonyms and statistical rules. These datasets contain patient information without any form of de-identification.
See NHS. Summary Care Records. http://www.nhscarerecords.nhs.uk/optout
See for example Department for Business Innovation and Skills and Department for Culture, Media and Sport, Digital Britain: the final report (June 2009) www.culture.gov.uk/images/publications/digitalbritain-finalreport-jun09.pdf; Cabinet Office, Transformational government – enabled by technology (November 2005) www.cabinetoffice.gov.uk/media/141734/transgov-strategy.pdf
Principle 4 of the Data Protection Act 1998 – ‘Personal data shall be accurate and, where necessary, kept up to date.’
Patients would not be able to unilaterally change their record. It would need checks and balances by professionals as part of their safeguarding duties in line with legislative safeguards.
A v X(Disclosure: Non-Party Medical Records) [2004] EWHC 447, QBD.
Von Hannover v Germany (App no 59320/00) (2005) 40 EHRR 1, [50]-[53].
For example, the court in A London Borough Council v Mr and Mrs N (foster carers of the Child) (1), P (A Child by her Guardian Pauline Bennett) [2005] EWHC 1676 had to weigh the importance of disclosure and the right of a parent to know about any health risk to which their child was exposed. The local authority had no duty to inform the parent as it would impinge upon the foster parent's right to respect for his family life and breach the duty owed to him not to disclose confidential details relating to his health.
Allen, A. 1988. Uneasy access: privacy for women in a free society. Lanham, MD: Rowman and Littlefield.
Bloustein, E. 1964. Privacy as an aspect of human dignity: an answer to Dean Prosser. 39 NYULR 962.
Mills, J. 1869. On liberty. London: Longman, Roberts and Green.
Posner, R. 1981. The economics of justice. Cambridge, MA: Harvard University Press.
Department of Health. 2010. Equality and excellence, liberating the NHS (White Paper, Cm 7881); Department of Health. 2010. An information revolution: a consultation on proposals. 18 October www.dh.gov.uk/prod_consum_dh/groups/dh_digitalassets/@dh/@en/documents/digitalasset/dh_120664.pdf Para. 2.7. The options here provide a stark contrast to the definition the Department of Health assume of ‘control’ as ‘access’.
Allen, A. 1988. Uneasy access: privacy for women in a free society. Lanham, MD: Rowman and Littlefield.
Altman, I. 1977. Privacy regulation: culturally universal or culturally specific? 33 (3) JS I 66.
I v Finland Application no. 20511/03, October 17, 2008.
Margulis, S. 1977. Perceptions of privacy: current status and next steps. 33 (3) JSS 5, 10.
Johnson, C. 1974. Privacy as personal control. Man-environment interactions: evaluations and applications: part 2, ed. D Carson, 83. Washington, DC: Environmental Design Research Association.
Thomson, J. 1975. The right to privacy. 4 PPA 295.
Warren, S. and Brandeis, L. The right to privacy. 4 HLR 193.
Parent, W. 1983. Privacy, morality and the law. 12 PPA 269.
For example, there is no consensus as to whether privacy is a property right or a personal one.
Warren, S. and Brandeis, L. 1890. The Right to privacy. 4 HLR 193.
Moor, J. 1997. Towards a theory of privacy in the information age. 27 C&S 3, 27.
Warren, S. and Brandeis, L. 1890. The Right to privacy. 4 HLR 193.
Parent, W. 1983. Privacy, morality and the law. 12 PPA 269.
Altman, I. 1975. The environment and social behavior: Privacy, personal space, territory, crowding. Pacific Grove, CA: Brooks/Cole.
Moor, J. 1997. Towards a theory of privacy in the information age. 27, C&S, 3, 27.
See Zakaria, N. 2008. The social dynamic of health disclosure: who do patients tell and when? (1) CIS 1.
Schoeman, F. (ed). 1992. Privacy and social freedom. Cambridge: Cambridge University Press.
Personal Health Records could facilitate this. Some Trusts have already implemented Personal Health Records, for example South London and Maudsley, which allow patients to input to and share records as they feel appropriate. See South London and Maudsley Primary Care Trust, ‘SLaM Electronic Personal Health Records’ www.slam.nhs.uk/media/254920/microsoft-maudsley%20faqs.pdf
Greenhalgh, T. and others. 2008. The Devil's in the detail: Final report of the independent evaluation of the SummaryCare Record and HealthSpace programmes, 6. |www.ucl.ac.uk/|openlearning/|documents/|scrie2008.pdf
See Zakaria, N. 2008. The social dynamic of health disclosure: who do patients tell and when? (1) CIS 1.
Warren, S. and Brandeis, L. 1890. The Right to privacy. 4 HLR 193.
Prosser, W. 1960. Privacy. 48 CLR 383, 389.
Bok, S. 1982. Secrets: on the ethics of concealment and revelation. New York: Pantheon.
See Gavison, R. 1980. Privacy and the limits of law. 89 Y LJ 421; Allen, A 1988. Uneasy access: privacy for women in a free society. Lanham, MD: Rowman and Littlefield; Moore, M. 2003. Privacy: its meaning and value. 40 APQ 215.
See DeCew, J. 1997. In pursuit of privacy: law, ethics, and the rise of technology. Ithaca, NY: Cornell University Press.
Moor, J. 1997. Towards a theory of privacy in the information age. 27 C&S 3, 27.
GMC. 2000. Patient information in medical research, September, para 34.
MRC 2000. Personal information in medical research, para 2.2.2.
The Medical Research Council also involves research ethics committees in the procedure stating that the ‘judgement that consent is impracticable is never that of the researcher alone: unless an ethics committee concurs, and health professionals agree to participate in the study on this basis, the research cannot take place.’
Foster, C. and Peacock, N. 2000. Clinical confidentiality, 16. Sudbury, UK: Monitor Press.
Moor, J. 1997. Towards a theory of privacy in the information age. 27 C&S 3, 27.
See Lord Woolf's warnings in Daniels v Walker [2000] 1 WLR 1382.
R v Department of Health ex parte Source Informatics [2001] QB 424.
I v Finland Application no. 20511/03, October 17, 2008.
Ackroyd v Mersey Care NHS Trust (No.2) [2006] EWHC 107.
Ashworth Security Hospital -v- MGN Ltd [2001] 1 WLR 515.
[2002] EWCA Civ 274; [2002] 2 Lloyd's Rep 229.
Ackroyd v Mersey Care NHS Trust (No.2) [2006] EWHC 107.
Ashworth Security Hospital -v- MGN Ltd [2001] 1 WLR 515 35.
Leith, P. 2006. The socio-legal context of privacy. 2 IJLC 2, 105.
The ‘proxy-sociological’ perspective is a term created to explain a viewpoint taken that starts from the perspective of society as a whole, facilitated by the ‘WIi Fit’ view of collective transparency.
Miola, J. 2008. Owning information – anonymity, confidentiality and human rights 3(3) CE 116.
Intellect. 2001. NHS Chief Executive innovation review – the ICT industry's response. August.
Please see for a continual update and further information; NHS, ‘Summary Care Record: Your Emergency Care Record’ www.nhscarerecords.nhs.uk/faqs
Kablenet, 2008. Lib Dems call for new NHS data security rules. The Register, 28 November, www.theregister.co.uk/2008/11/28/lib_dem_nhs
See Sheikh, A. 2010. Confidentiality and privacy of patient information and records: a need for vigilance in accessing, storing and discussing patient information. 16 (1) MLJI, 2, 5 ‘If custodians cannot be trusted to protect the personal health information stored on a simple portable device such as a USB key, how will they ever manage to protect the massive amounts of personal health information that will eventually reside within complex systems of interoperable electronic health records?’
Everyone registered with the NHS in England has their own unique NHS number – this could be used as a unique identifier. For further details see NHS Choices, ‘The NHS Number’, www.nhs.uk/NHSEngland/thenhs/records/Pages/thenhsnumber.aspx
This is currently underused by patients, see the ICO website at www.ico.gov.uk/for_the_public.aspx
Rodin, J. 1990 Control by any other name: definitions, concepts and processes. In Self directedness: cause and effects throughout the life course, eds J. Rodin, C. Schooler, and K. Schaie, 1. Hillsdale, NJ: Erlbaum.
Spiekermann, S. 2005. Perceived control: scales for privacy in ubiquitous computing. 10th International Conference on User Modelling, July 2005. www.isr.uci.edu/pep05/papers/UM05_Spiekermann_final2.pdf
Warren, S. and Brandeis, L. 1890. The right to privacy. 4 HLR 193, 195.
Spiekermann, S. 2005. Perceived control: scales for privacy in ubiquitous computing. 10th International Conference on User Modelling, 7, July 2005. www.isr.uci.edu/pep05/papers/UM05_Spiekermann_final2.pdf
Weiser, M. 1991. The computer for the 21st century. 265(30) SA 94.
Margulis, S. 2003. Privacy as a social issue and behavioral concept. 59 (2) JSI 243, 259.
Langer, E. 1983. The psychology of control, 37. Thousand Oaks, CA: Sage Publications.
Ibid.
Mazlish, B. 1976. The fourth discontinuity. 8 TC 1.
Wacks, R. A very short introduction. Oxford: Oxford University Press.
Garfinkel, S. 2000. Database nation: the death of privacy in the 21st century. Sebastopol, CA: O'Reilly Media.
Posner, R. 1978. The right of privacy. 12 GLR 393, 394.
Froomkin, A. 2000. The death of privacy? 52 SLR1461, 1461.
Brin, D. 1998. The transparent society: will technology force us to choose between privacy and freedom? MA: Perseus Books.
See Mell, P. 1996. Seeking shade in a land of perpetual sunlight: privacy as property in the electronic wilderness. 11 BTLJ 1. See also Litman, J. 2000. Information privacy/information property. 52 SLR, 1283; Murphy, R. 1996. Property rights in personal information: an economic defence of privacy. 84 GLJ 2381.
For example s.251 NHS Act 2006.
Johnson, C. 1974. Privacy as personal control. In Man-environment interactions: evaluations and applications: part 2, ed. D Carson, 83. Washington, DC: Environmental Design Research Association.
See Froomkin, A. 1996. Regulation of computing and information technology. flood control on the information ocean: living with anonymity, digital cash and distributed databases. 15 JLC 396.
A pledge of the Information Revolution Consultation. See Department of Health. 2010. An information revolution: a consultation on proposals, 18 October, p. 3. www.dh.gov.uk/prod_consum_dh/groups/dh_digitalassets/@dh/@en/documents/digitalasset/dh_120664.pdf