- The consent of the individuals to whom the data relates. In this case you will need to provide evidence of the consent of the individuals concerned, i.e. the consent form and consent information literature. These will be reviewed by the HSCIC to ensure they are appropriate and, where necessary, approval will be sought from the Data Access Advisory Group (DAAG).
- Approval under section 251 of the NHS Act 2006 In this case you will need to provide evidence of approval under section 251, i.e. a letter from the Health Research Authority Confidentiality Advisory Group (HRA CAG).Or,
- The appropriate statutory regulation covering your organisation for the work required. In this case you will need to provide evidence of the statutory regulation concerned. This will be reviewed by the HSCIC to ensure it is appropriate.
…and now it becomes rather Byzantine. We’re reasonably certain this is how it works, but if you think we’re wrong, please explain it to us and we’ll correct it. We are quoting throughout from the descriptions of each group’s function that appear on their official web pages.
If you apply for a ‘bespoke’ set of data, i.e. information that isn’t contained in the regular statistical bulletins, HSCIC forwards your application to its ‘Independent Advisory Group’ (IAG)
‘Acting as an advisory group to the GPES Business Unit, the IAG will consider requests for information from customers that could be collected and provided by GPES and recommend an appropriate course of action to the Information Centre.’
If you are applying for patient confidential data and you have each patient’s consent, or if there are reasons to believe that individual patients can be identified from the apparently ‘anonymised’ information you are requesting, your application will be passed to the Data Access Advisory Group (DAAG) – also hosted within the HSCIC.
‘The Data Access Advisory Group (DAAG) is an independent group hosted by the Health and Social Care Information Centre that considers applications for sensitive data.
This ensures that the use of patient data for research purposes and for improving patient care is done in a controlled environment where the risk of disclosure is minimised.’
If you are relying on s251 ‘support’, i.e. you have an exemption from seeking patients’ consent (see yesterday’s blog #7), or if DAAG believes the information you are seeking might identify individual patients, your application will go to the Confidentiality Advisory Group (CAG) of the Health Research Authority.
‘CAG has been established to provide independent expert advice to the Health Research Authority (for research applications) and the Secretary of State for Health (for non-research applications) on whether applications to access patient information without consent should or should not be approved’