Ethics of collecting and using healthcare data

BMJ 2007; 334 doi: https://doi.org/10.1136/bmj.39247.679329.80 (Published 28 June 2007) Cite this as: BMJ 2007;334:1330
  1. Derick Wade, professor of neurological rehabilitation
  1. Oxford Centre for Enablement, Oxford OX3 7LD
  1. derick.wade{at}dsl.pipex.com

    Primary responsibility lies with the organisations involved, not ethical review committees

    Quality assurance is a broad concept that includes activities termed audit, quality improvement, and clinical governance. Both quality assurance and research require the systematic collection and analysis of data from all (relevant) patients. However, whereas research activities are generally required to undergo independent ethical review, audit activities are exempt from such review. How can we ensure that quality assurance activities are ethical?

    Patients using any healthcare system have an ethical responsibility to help with quality assurance activities,1 2 3 and with epidemiological research based on population-wide databases, such as the United Kingdom's new National Health Service programme,4 because they will benefit from such activities. However, involvement in quality assurance and epidemiological research usually involves using patients' data without their consent. In return for this loss of autonomy and potential risk (of disclosing information that might harm), patients should expect quality assurance activities to be ethically sound, healthcare resources to be committed to quality assurance, and benefits to justify any risks and burdens.

    Two national working parties, in the United States and Australia, have considered the ethics of quality assurance activities.2 3 The US Hastings Center report considers that research activities can be distinguished from quality assurance and suggests that organisations take responsibility for the ethics of their own quality assurance.2 5 6 In contrast, the Australian report agrees with many others that the distinction is not possible, and it suggests that research ethics committees should be approached when potential ethical problems exist. 3 6 7

    Data protection laws make the resolution of this problem urgent. Quality assurance may be stopped,2 8 unethical activities may occur,8 9 and research may be relabelled as quality assurance to avoid scrutiny, especially because the existing research ethics framework is becoming increasingly overwhelmed, often delaying or preventing research.10

    The ethical problem associated with the collection and use of data for non-clinical purposes relates to the relationship between patients as a group and organisations (such as clinical teams, whole hospitals). It is assumed that most ethical issues will arise in the context of research, while other activities in healthcare organisations are automatically ethical. This assumption has led to attempts to categorise research separately from other activities.11 However, these assumptions are invalid; healthcare organisations are no more or less likely than researchers to pursue ethically dubious activities. We should therefore ask ourselves how to ensure that the collection and analysis of data from patients within health care is carried out ethically.

    Collecting and using patient generated data, beyond simply making an individual clinical decision, is ethically sound only if there is (or could reasonably arise) a question to be answered; the methodology (design, data collected, etc) will answer the question; and the costs, including both communal healthcare resources and any risks and burden imposed on the participants, justify the benefits to society. Asking the questions in the box will help to identify the nature and extent of any ethical concern.

    Questions to ask of any systematic data collection process in health care

    • Will the method answer the question being asked?

    • How much will each participant be informed about the study?

    • Will each participant be able to choose whether or not to participate?

    • Will the method of recruiting participants be fair?

    • What organisational resources will the project use?

    • What extra burden will be imposed upon the participant(s)?

    • What additional risks will the participant(s) face?

    • What benefit might accrue to the participant(s)?

    • What benefit might accrue to society?

    But who should ask the questions, and who should make the ethical judgment? The Hastings Center report argues convincingly that institutional review boards as a single external ethical “hurdle” are an inappropriate way of achieving ethical standards in quality assurance.2

    Instead, the authors recommend that “the primary responsibility for the ethical conduct of quality improvement be lodged in individual organisations . . . [it] should be integrated into normal supervision and management, with the organisation's leaders [being] responsible for seeing that the integration occurs and is effective.” There is no reason why this recommendation could not also apply to all activities within health care, including research.12

    Ethically difficult situations that require independent help will still arise. Existing ethical review committees could provide independent advice,3 but only if their total workload is reduced. This could be achieved if ethical problems were considered in proportion to the importance of the ethical problem.3 6 7 12 We need an ethical ladder to lift us over problems, not an ethical hurdle to hinder people undertaking research. Organisations should have internal procedures for ensuring their activities are ethical, and they should seek external help only when it is needed.

    Finally, we need to check that organisations are taking their ethical responsibilities seriously.2 The professional, personal, and organisational responsibilities for ethical behaviour should be made explicit, and organisations need to incorporate ethical considerations into all management activities. Their performance of this duty should be reviewed by external monitoring and accrediting agencies.2

    In summary, the ethical responsibility of systematic collection and analysis of patient data for any purpose is the responsibility of the people and organisations involved. Internal organisational arrangements should allow most problems to be resolved but when they are complex or difficult, external help should be sought from an accredited source, such as ethics review boards. External accrediting organisations should audit ethical review procedures as they audit other aspects of an organisation.


    • Competing interests: None declared.

    • Provenance and peer review: Commissioned; not externally peer reviewed.


    View Abstract

    Log in

    Log in through your institution


    * For online subscription