Ethics of collecting and using healthcare data

doi:10.1136/bmj.39247.679329.80

BMJ 2007;334:1330-1331 (30 June), doi:10.1136/bmj.39247.679329.80

Editorials

Ethics of collecting and using healthcare data

Primary responsibility lies with the organisations involved,not ethical review committees

Quality assurance is a broad concept that includes activitiestermed audit, quality improvement, and clinical governance. Both quality assurance and research require the systematiccollection and analysis of data from all (relevant) patients. However, whereas research activities are generally requiredto undergo independent ethical review, audit activities areexempt from such review. How can we ensure that quality assuranceactivities are ethical?

Patients using any healthcare system have an ethical responsibilityto help with quality assurance activities,¹ ² ³ and with epidemiologicalresearch based on population-wide databases, such as the UnitedKingdom's new National Health Service programme,⁴ because theywill benefit from such activities. However, involvement inquality assurance and epidemiological research usually involvesusing patients' data without their consent. In return for thisloss of autonomy and potential risk (of disclosing informationthat might harm), patients should expect quality assurance activitiesto be ethically sound, healthcare resources to be committedto quality assurance, and benefits to justify any risks andburdens.

Two national working parties, in the United States and Australia,have considered the ethics of quality assurance activities.²³ The US Hastings Center report considers that research activitiescan be distinguished from quality assurance and suggests thatorganisations take responsibility for the ethics of their ownquality assurance.² ⁵ ⁶ In contrast, the Australian report agreeswith many others that the distinction is not possible, and itsuggests that research ethics committees should be approachedwhen potential ethical problems exist. ³ ⁶ ⁷

Data protection laws make the resolution of this problem urgent.Quality assurance may be stopped,² ⁸ unethical activities mayoccur,⁸ ⁹ and research may be relabelled as quality assuranceto avoid scrutiny, especially because the existing researchethics framework is becoming increasingly overwhelmed, oftendelaying or preventing research.¹⁰

The ethical problem associated with the collection and use ofdata for non-clinical purposes relates to the relationship betweenpatients as a group and organisations (such as clinical teams,whole hospitals). It is assumed that most ethical issues willarise in the context of research, while other activities inhealthcare organisations are automatically ethical. This assumptionhas led to attempts to categorise research separately from otheractivities.¹¹ However, these assumptions are invalid; healthcareorganisations are no more or less likely than researchers topursue ethically dubious activities. We should therefore askourselves how to ensure that the collection and analysis ofdata from patients within health care is carried out ethically.

Collecting and using patient generated data, beyond simply makingan individual clinical decision, is ethically sound only ifthere is (or could reasonably arise) a question to be answered;the methodology (design, data collected, etc) will answer thequestion; and the costs, including both communal healthcareresources and any risks and burden imposed on the participants,justify the benefits to society. Asking the questions in thebox will help to identify the nature and extent of any ethicalconcern.

Questions to ask of any systematic data collection process inhealth care

Design

Will the method answer the question beingasked?

Process

How much will each participant be informedabout the study?

Will each participant be able to choose whetheror not to participate?

Will the method of recruiting participantsbe fair?

Cost

What organisational resources will the projectuse?

What extra burden will be imposed upon the participant(s)?

Whatadditional risks will the participant(s) face?

Benefit

Whatbenefit might accrue to the participant(s)?

What benefit mightaccrue to society?

But who should ask the questions, and who should make the ethicaljudgment? The Hastings Center report argues convincingly thatinstitutional review boards as a single external ethical "hurdle"are an inappropriate way of achieving ethical standards in qualityassurance.²

Instead, the authors recommend that "the primary responsibilityfor the ethical conduct of quality improvement be lodged inindividual organisations . . . [it] should be integrated intonormal supervision and management, with the organisation's leaders[being] responsible for seeing that the integration occurs andis effective." There is no reason why this recommendation couldnot also apply to all activities within health care, includingresearch.¹²

Ethically difficult situations that require independent helpwill still arise. Existing ethical review committees could provideindependent advice,³ but only if their total workload is reduced.This could be achieved if ethical problems were considered inproportion to the importance of the ethical problem.³ ⁶ ⁷ ¹²We need an ethical ladder to lift us over problems, not an ethicalhurdle to hinder people undertaking research. Organisationsshould have internal procedures for ensuring their activitiesare ethical, and they should seek external help only when itis needed.

Finally, we need to check that organisations are taking theirethical responsibilities seriously.² The professional, personal,and organisational responsibilities for ethical behaviour shouldbe made explicit, and organisations need to incorporate ethicalconsiderations into all management activities. Their performanceof this duty should be reviewed by external monitoring and accreditingagencies.²

In summary, the ethical responsibility of systematic collectionand analysis of patient data for any purpose is the responsibilityof the people and organisations involved. Internal organisationalarrangements should allow most problems to be resolved but whenthey are complex or difficult, external help should be soughtfrom an accredited source, such as ethics review boards. Externalaccrediting organisations should audit ethical review proceduresas they audit other aspects of an organisation.

Derick Wade, professor of neurological rehabilitation

Oxford Centre for Enablement, Oxford OX3 7LD

derick.wade{at}dsl.pipex.com

Competing interests: None declared.

Provenance and peer review: Commissioned; not externally peerreviewed.

References

Hagger L, Woods S, Barrow P. Autonomy and audit—striking the balance. Med Law Int 2004;6:105-16.[Medline]
Baily MA, Bottrell M, Lynn J, Jennings B. The ethics of using QI methods to improve health care, quality and safety. Hastings Center Report 2006;36:S1-40.[CrossRef][ISI][Medline]
Australian Government. When does quality assurance in health care require independent ethical review? Australia: National Health and Medical Research Council, 2003. www.nhmrc.gov.au/publications/synopses/e46syn.htm
Mayor S. NHS IT system must use unique patient identifiers to achieve research potential. BMJ 2007 doi: 10.1136/bmj.39245.392523.DB[Free Full Text]
Lynn J, Baily MA, Bottrell M, Jennings B, Levine RJ, Davidoff F, et al. The ethics of using quality improvement methods in health care. Ann Intern Med 2007;146:666-73.[Abstract/Free Full Text]
Grady C. Quality improvement and ethical oversight. Ann Intern Med 2007;146:677-8.[Free Full Text]
Wade DT. Ethics, audit and research: all shades of grey. BMJ 2005;330:468-73.[Free Full Text]
Lynn J. When does quality improvement count as research? Human subject protection and theories of knowledge. Qual Saf Health Care 2004;13:67-70.[Abstract/Free Full Text]
Ashmore R. A study on how mental health practitioners address ethical issues in clinical audit. J Psychiatr Ment Health Nurs 2005;12:112-20.[CrossRef][Medline]
Warlow C. Clinical research under the cosh again. BMJ 2004;329:241-2.[Free Full Text]
Hughes R. Is audit research? The relationship between clinical audit and social research. Int J Health Care Qual Assur 2005;18:289-99.[CrossRef]
Jamrozik K. Research ethics paperwork: what is the plot we seem to have lost? BMJ 2004;329:286-7.[Free Full Text]

CiteULike

Complore

Connotea

Del.icio.us Add to Digg

Digg

Technorati What's this?

Relevant Articles

Security protection is needed when using USB sticks: Matthew Daunt
BMJ 2007 335: 112. [Extract] [Full Text] [PDF]

NHS IT system must use unique patient identifiers to achieve research potential: Susan Mayor
BMJ 2007 334: 1238. [Extract] [Full Text] [PDF]

Ethics, audit, and research: all shades of grey: Derick T Wade
BMJ 2005 330: 468-471. [Extract] [Full Text] [PDF]

Clinical research under the cosh again: Charles Warlow
BMJ 2004 329: 241-242. [Extract] [Full Text] [PDF]

This article has been cited by other articles:

Morris, P. E., Dracup, K. (2007). Quality Improvement or Research? The Ethics of Hospital Project Oversight. Am J Crit Care 16: 424-426 [Full text]
Daunt, M. (2007). Security protection is needed when using USB sticks. BMJ 335: 112-112 [Full text]

Rapid Responses:

Read all Rapid Responses

Caldicott principles should be sufficient for decisions about patient-identifiable information: D Graham Mackenzie, et al.
bmj.com, 3 Jul 2007 [Full text]
Ethics of collecting and using healthcare data: Michael J Lockwood
bmj.com, 4 Jul 2007 [Full text]
Use of electronic storage of patient data: Matthew W Daunt
bmj.com, 5 Jul 2007 [Full text]
Caldicott guardians are not involved: Derick T Wade
bmj.com, 6 Jul 2007 [Full text]
Identifiable patient information was not the subject of the editorial: Derick T Wade
bmj.com, 6 Jul 2007 [Full text]
Re: Use of electronic storage of patient data: Derick T Wade
bmj.com, 6 Jul 2007 [Full text]
Caldicott function has developed - and is central to the debate: D Graham Mackenzie, et al.
bmj.com, 10 Jul 2007 [Full text]
Re: Caldicott function has developed - and is central to the debate: Derick T Wade
bmj.com, 13 Jul 2007 [Full text]