Intended for healthcare professionals


Using patient-identifiable data for observational research and audit

BMJ 2000; 321 doi: (Published 28 October 2000) Cite this as: BMJ 2000;321:1031

Overprotection could damage the public interest

  1. Rustam Al-Shahi, MRC clinical training fellow. (ras{at},
  2. Charles Warlow, professor of medical neurology. (cpw{at}
  1. University of Edinburgh Department of Clinical Neurosciences, Western General Hospital, Edinburgh EH4 2XU

    Across the world rapid changes in the law, technology, and society are reshaping the way identifiable information about patients is handled. In Britain, doctors' longstanding common law duty of confidentiality to their patients has been supplemented by restrictions on processing electronic and paper based records in the Data Protection Act 1998, which came into force on 1 March 2000. This month the United Kingdom's Medical Research Council (MRC) is the latest of several professional organisations to respond to these developments by updating its guidance on confidentiality and the use of personal information (see table on BMJ's website).1-4 The MRC has provided invaluable, balanced guidance but there is still a real risk that strict and selective application of the other directives could jeopardise audit, clinical governance, and observational epidemiological research. This would compromise patient care and the public interest.

    Britain has long had the opportunity for high quality observational epidemiology and health services research, using unselected samples of routinely collected data from hospital and general practitioner databases. Important advances in our understanding of aetiology, risk factors, and prognosis have been made through the use of population surveillance, disease registries, longitudinal cohorts, and case-control studies. These have inevitably involved using data about large numbers of people, sometimes without their consent. To our knowledge, there are no cases where researchers or auditors conducting such studies have been accused of breaching confidentiality.

    Ideally, patients in a research study or audit should have given their consent to the use of data that preferably should not identify them directly. This consent can be implicit when a patient is aware of the disclosure and their right to refuse, yet makes no objection.3 Although explicit written consent is essential for most trials of any intervention, it is an unrealistic requirement of observational research and audit, particularly if these rely on huge quantities of previously collected data. Systematic bias could invalidate the findings of observational studies if people were excluded because they did not consent. For example, obtaining consent could be biased by age or gender, and by whether individuals are dead, untraceable, cognitively impaired, or deemed too distressed to be approached for their consent. Anonymised information is often not sufficient because patient-identifiable data are required to avoid duplication and to follow up individuals indirectly. In a recent legal ruling, the disclosure of anonymised data, without consent from every individual, was thought to constitute a breach of the duty of confidence owed to patients. This might have had detrimental implications for observational research and audit,5 had it not been overturned by the Court of Appeal,6 although a further appeal to the House of Lords may be made.

    A blanket requirement for anonymisation of data, as well as informed consent from all individuals to use identifiable data about them, would jeopardise the methodological integrity of research and audit. This would not just hinder the progress of medical knowledge but might lead to completely incorrect conclusions. This would be against the public interest and make the process of clinical governance impossible. Therefore we believe the following changes are necessary.

    Firstly, the law needs to be clarified. The Data Protection Act 1998 has established a schedule of eight principles, accompanied by supplementary schedules of conditions. The third schedule states that any use of identifiable data relating to the “physical or mental health or condition” of a living individual requires either his or her informed consent, or that the “processing is necessary for medical purposes” (schedule 3, paragraph 8). While these “medical purposes” include “medical research,” audit is not specifically mentioned, there is no definition of medical research, and no exceptions to the need for consent are given (section 33). Despite this, a recent British statutory instrument sanctions the processing of patient-identifiable data so long as it is in the public interest, is necessary for research, does not influence decisions made about individuals, and does not damage them (paragraph 9).7 However, it does not mention informed consent. These statutes need clarification, as do the additional implications of common law and recent case law6 on the duty of confidentiality, and to what extent it accommodates public interest.8

    Secondly, some consistent guidance offered by professional organisations would help. Informed consent is required for the use of identifiable information from every individual in any medical research study by the British Medical Association.3 This is not required by other organisations. 2 4 911 The requirements of audit and observational research for informed consent sometimes differ, 2 3 causing yet another unacceptable double standard in distinguishing the two.12

    Thirdly, public consultation is needed to determine the ideal balance between, on the one hand, individual confidentiality and data protection and, on the other, the legitimate use of patient-identifiable data without consent. Patients may not regard their contact with the National Health Service as constituting implied consent to the use of identifiable data about themselves for purposes other than their own medical care. However, there is a public interest in conducting observational research into diseases where little information is available and into audit of medical services which might be inadequate.2 Hindering this process may be unethical.13

    Ambiguous statutory regulations, contradictory guidance, and a vocal minority of objecting patients or those representing them will thwart observational research relying on patient-identifiable data, audit, and clinical governance. Investigators must design studies appropriately and need to know that their use of existing, valuable datasets is legitimate. Ethics committees must review proposals consistently and should not be threatened with court action to determine where the public interest lies. Patients should be made aware of which data about them may be used for purposes which further the public interest and the understanding and management of their own disorder. 10

    We are in a period of transition. In addition to the Human Rights Act 1998, which incorporates most of the European convention on human rights, there may be further implications if Britain signs and ratifies the European Convention on Human Rights and Biomedicine14 and a protocol in preparation which may cover observational research. This is an important time to protect the legitimate use of patient-identifiable data for unbiased observational medical research and audit.


    • Competing interests RAS and CPW have been and are still doing observational research and audit.

    • Embedded Image A list of guidance on the use of personal information is available on the BMJ's website


    1. 1.
    2. 2.
    3. 3.
    4. 4.
    5. 5.
    6. 6.
    7. 7.
    8. 8.
    9. 9.
    10. 10.
    11. 11.
    12. 12.
    13. 13.
    14. 14.
    View Abstract