The Health Research Authority website uses essential cookies

This site uses session cookies and persistent cookies to improve the content and structure of the site.

By clicking “Accept All Cookies”, you agree to the storing of cookies on this device to enhance site navigation and content, analyse site usage, and assist in our marketing efforts.

By clicking 'See cookie policy' you can review and change your cookie preferences and enable the ones you agree to.

By dismissing this banner, you are rejecting all cookies and therefore we will not store any cookies on this device.

See cookie policy

Standard conditions of support

Last updated on 17 Oct 2022

Support to process confidential patient information without consent, given by the Health Research Authority (for research purposes) or the Secretary of State for Health and Social Care (for non-research purposes), is subject to the following standard conditions of support.

The applicant and those processing the information will ensure that:

  1. The specified confidential patient information is only used for the purpose(s) set out in the application.
  2. Confidentiality is preserved and there are no disclosures of information in aggregate or patient level form that may inferentially identify a person, nor will any attempt be made to identify individuals, households or organisations in the data.
  3. Requirements of the Statistics and Registration Services Act 2007 are adhered to regarding publication when relevant, in addition to other national guidance.
  4. All staff with access to confidential patient information have contractual obligations of confidentiality, enforceable through disciplinary procedures.
  5. All staff with access to confidential patient information have received appropriate ongoing training to ensure they are aware of their responsibilities and are acting in compliance with the application detail.
  6. Activities remain consistent with the General Data Protection Regulation and Data Protection Act 2018.
  7. Audit of data processing by a designated agent is facilitated and supported.
  8. The wishes of patients who have withheld or withdrawn their consent are respected.
  9. Any significant changes (for example, people, purpose, data flows, data items, security arrangements) must be approved via formal amendment prior to changes coming into effect.
  10. An annual review report is submitted to the CAG every 12 months from the date of the final support letter, for the duration of the support.
  11. Any breaches of confidentiality around the supported flows of information should be reported to CAG within 10 working days of the incident, along with remedial actions taken / to be taken. This does not remove the need to follow national/legal requirements for reporting relevant security breaches. 

Back to guidance for cag applicants
© Copyright HRA 2024
Site by Big Blue Door