It’s important that when using patient data to develop apps or software, developers and NHS organisations work together to build and maintain patient trust in their use of their data. Understanding the different laws and approvals surrounding access to patient data is crucial, as is working with patients and the public.
It is vital that you establish the purpose of processing the data before any data is transferred. Is the data being used for direct care or is it being used for research?
Direct care is defined in the Information Governance Review as:
The Information Governance Review, March 2013A clinical, social or public health activity concerned with the prevention, investigation and treatment of illness and the alleviation of suffering of individuals. It includes supporting individuals’ ability to function and improve their participation in life and society.
It includes the assurance of safe and high quality care and treatment through local audit, the management of untoward or adverse incidents, person satisfaction including measurement of outcomes undertaken by one or more registered and regulated health or social care professionals and their team with whom the individual has a legitimate relationship for their care.
Use of patient data in research
Using patient data without consent
If it is not feasible to obtain patient consent to the use of their confidential data and your research is of public benefit, you need to apply to the Confidentiality Advisory Group (CAG) for support to access this data.
CAG has a tool to help you decide whether you need to make an application for support. Any research applications made to CAG also require approval from a Research Ethics Committee (REC).