National Health Service (NHS) Act
The NHS Act 2006 contains legal provisions to enable the use of patient identifiable data for research where consent has not been obtained.
One of the objectives of the Data Protection Act 1998 is that individuals (or data subjects) should consent to their personal data being held or processed, but it is recognised that for medical purposes this is not always possible. Section 60 of the Health and Social Care Act 2001 was originally introduced as an interim measure to enable organisations to obtain identifiable information without consent for medical purposes, in circumstance where it was not practicable to obtain informed consent from the patient(s) concerned (for example, where disproportionate or prohibitive effort is required; or because of the sensitivity of a particular research topic where consent is unlikely to be given).
Section 60 allowed the use of patient identifiable data for research where the original collection of the data was for other purposes, and for which the data subject(s) had not given consent or consent was not feasible. Researchers applied via the Patient Information Advisory Board (PIAG) to obtain Section 60 support for the use of such data. Legislators built this scrutiny by the PIAG of the use of Section 60 powers into the legislation to prevent the use of these powers for trivial or inappropriate purposes.
Section 60 of the Health and Social Care Act 2001 has been repealed by the National Health Service (Consequential Provisions) Act 2006 (Chapter 43, Schedule 4) and replaced by s.251 of the National Health Service Act 2006.
National Health Service Act 2006
The National Health Service Act 2006 (the ‘NHS Act’) consolidated health legislation, with Section 60 of the Health and Social Care Act 2001 being repealed and replaced by Section 251 of the NHS Act. There is no real difference between the two sections, with both relating to the same powers regarding patient information. The powers under Section 251 of the NHS Act allow the Secretary of State for Health to set aside the common law duty of confidentiality for medical purposes where it is not possible to use anonymised information and where it is not practicable to seek individual consent (for example, time limited access to patient identifiable information for research to allow linkage between different datasets where consent is not feasible).
The Health and Social Care Act 2008 (Section 158) transferred responsibility for administering the powers under Section 251 from the PIAG to the National Information Governance Board for Health and Social Care (NIGB) on 1 January 2009. Research projects seeking to use patient identifiable data without the data subject’s consent require an application to the NIGB for approval. Evidence that no other reasonable alternative such as anonymisation or consent exists will be assessed via the application process to make sure it is in the interests of the patients concerned and the wider public. All Section 251 applications also undergo a security review to make sure the security measures in place are compliant with those required to process patient identifiable information. All Section 251 applications are reviewed annually.
Further readingHealth and Social Care Act 2001 – Act in full (PDF) (523Kb) Section 60 of the Health and Social Care Act 2001 – Historical guidance note (PDF) (38Kb) National Health Service Act 2006 – Act in full (PDF) (1062Kb)