european standards on confidentiality and privacy in healthcare
TRANSCRIPT
European Standards on Confidentiality and Privacy in
Healthcare
www.eurosocap.org
‘Spheres’ of protection of healthcare information
Confidentiality
Law & Ethics
Privacy Data Protection
www.eurosocap.org
Right to Privacy
Article 8 of the European Convention on Human Rights
1. Everyone has the right to respect for his private and family life, his home and his correspondence.
2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
www.eurosocap.org
Right to PrivacyEU Charter of Fundamental Rights
Article 7 Respect for private and family life
Everyone has the right to respect for his or her private and family life, home and communications.
Article 8 protection of personal data
1. Everyone has the right to the protection of personal data concerning him or her.2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of accessto data which has been collected concerning him or her, and the right to have it rectified.3. Compliance with these rules shall be subject to control by an independent authority.
www.eurosocap.org
Data Protection
Data Protection Directive Article 8 (1)
Member states shall prohibit the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life.
www.eurosocap.org
Data Protection
Data Protection Directive Article 8 (3)Paragraph 1 shall not apply where processing of the data is required for the purposes of preventive medicine, medical diagnosis, the provision of care or treatment or the management of healthcare services, and where those data are processed by a health professional subject under national law or rules established by national competent bodies to the obligations of professional secrecy or by another person also subject to an equivalent obligation of secrecy. [Emphasis added]
www.eurosocap.org
‘Spheres’ of protection of healthcare information
Confidentiality
Law & Ethics
Privacy Data Protection
www.eurosocap.org
European Standards on Confidentiality and Privacy in Healthcare
www.eurosocap.org
Aims of the European Standards
• establish the ethical and legal framework and principles supporting the protection of confidentiality and informational privacy of people in healthcare;
www.eurosocap.org
Aims of the European Standards
• establish the ethical and legal framework and principles supporting the protection of confidentiality and informational privacy of people in healthcare;
• delineate the ethically necessary protections of confidential information and those circumstances where the use or disclosure of private or confidential information may be legitimate;
www.eurosocap.org
Aims of the European Standards
• establish the ethical and legal framework and principles supporting the protection of confidentiality and informational privacy of people in healthcare;
• delineate the ethically necessary protections of confidential information and those circumstances where the use or disclosure of private or confidential information may be legitimate;
• provide Guidance on best ethical practice for healthcare professionals and policy Recommendations for provider institutions.
www.eurosocap.org
Categories of Protection
• general considerations;
www.eurosocap.org
Categories of Protection
• general considerations;• protections, uses, and disclosures of patient
information for their healthcare (Section 3.2);
www.eurosocap.org
Categories of Protection
• general considerations;• protections, uses, and disclosures of patient
information for their healthcare (Section 3.2);• protections, uses, and disclosures of patient
information for healthcare purposes not directly related to their healthcare (Section 3.3);
www.eurosocap.org
Categories of Protection
• general considerations;• protections, uses, and disclosures of patient
information for their healthcare (Sect. 3.2);• protections, uses, and disclosures of patient
information for healthcare purposes not directly related to their healthcare (Sect. 3.3); and
• obligations and justifications for the disclosure of patient identifiable information for purposes not related to their healthcare (Sect. 3.4).
www.eurosocap.org
Protection, Use and Disclosure of Patient Information—General Considerations
• Patient consent. • Circumstances where a patient is unable to
consent.• Disclosure to protect interests that override the
patient’s right to confidentiality• Disclosure after a patient’s death; • Patient access to a patient’s healthcare records.
www.eurosocap.org
Protection, Use and Disclosure of Patient Information for their Healthcare
• Keeping patients informed.
• Consent to the use and disclosure of patient information.
• Clinical audit.
• Disclosure to a patient’s carers.
• Multidisciplinary and Inter-agency working.
• Dual roles and obligations.
www.eurosocap.org
Protection, Use and Disclosure of Patient Information for Healthcare Purposes not directly
related to their Healthcare
• Keeping patients informed about secondary uses
• Consent for secondary use or disclosure of confidential patient information
• Maintaining the information in a form which protects the identity of the patient
• Use of information for teaching purposes• Anonymisation and research uses• Research databases containing personal
identifiable information.
www.eurosocap.org
Disclosure of Patient Identifiable Information for Purposes not Related to their Healthcare
• Legal obligations to disclose
E.g. notifiable disease
• Justifications to disclose
E.g. to protect third party from death
www.eurosocap.org
European Standards on Confidentiality and Privacy in
Healthcare and the use of confidential patient information
for healthcare purposes not directly related to their
healthcare
www.eurosocap.org
Ethical Boundaries to Confidentiality
• ‘None of the ethical arguments lead to the conclusion that the healthcare professional’s duty of confidentiality is absolute.’ (Sect. 2.3.3)
• ‘The confidentiality requirement exists within a wider social context in which healthcare professionals have other duties, which may conflict with their duty of confidentiality.’ (Sect. 2.3.3)
www.eurosocap.org
Legitimising Public Health Uses of Confidential Information
‘Many uses of confidential healthcare information not directly related to the healthcare of the patient are legitimate for limited and specified healthcare purposes provided certain criteria are met.’
(Sect. 3.3)
www.eurosocap.org
Legitimising Public Health Uses of Confidential Information
‘All health service organisations must have policies for informing patients and/or their legal representative of the protections, uses and disclosures of their information for secondary purposes.’ (Sect. 3.3.1)
www.eurosocap.org
Legitimising Public Health Uses of Confidential Information
• ‘Express consent from the patient or their legal representative should wherever possible be obtained before any proposed secondary uses of patient personal information.’ (Sect. 3.3.2)
• ‘Where there is agreement to disclosure, only the minimum necessary patient identifiable information should be used for each legitimate healthcare purpose.’ (Sect. 3.3.2)
www.eurosocap.org
Legitimising Public Health Uses of Confidential Information
‘A possible exception to the requirement of gaining consent for a particular secondary use would be where a legal obligation to disclose for that purpose exists.’
(Sect. 3.3)
www.eurosocap.org
Legitimising Public Health Uses of Confidential Information
‘In general, any use or disclosure of confidential healthcare information without consent:
• ‘should clearly serve one of the purposes specified in international human rights law as being a legitimate limitation on the right to privacy.’
• ‘Such disclosures must also meet the criteria of being proportionate to the legitimate aim of the disclosure’; and
• must be ‘in accordance with (domestic) law.’(Sect. 1)
www.eurosocap.org
Legitimising Public Health Uses of Confidential Information
‘Personal information should wherever possible be maintained in a form that protects the identity of the patient.’
(Sect. 3.3)
www.eurosocap.org
Criteria necessary to justify disclosure
• Patients must always be informed
AND
• Consent must be obtainedOR• A statutory gateway must be created which is:
– Human Rights compliant– Must be proportionate to the aim– Must be in accord with domestic law
OR• Information must be held securely in a form which protects the
identity of the patient
www.eurosocap.org
Ethical Standards
• ‘Ethical standards may be different from the legal standards of a particular jurisdiction.’ (Sect. 2.1)
• Similar considerations of the primacy of patient consent, and the necessity and proportionality of disclosure apply in ethical decision-making as in legal decision–making.
• ‘Where the ethical standards require greater protection for patient confidentiality and privacy than the legal standards, then healthcare professionals should follow their ethical obligations and work to promote the protections required by ethics.’ (Sect. 2.1)
www.eurosocap.org
www.eurosocap.org