INF6525 Information Governance and Ethics w3 Introduction to the case


Anonymized data

  • Patient data has been anonymised and the data has been aggregated or

Introduction combined with that of other patients.

Pseudonymised data

to • Data that has been stripped of all features that would identify a patient, such

as name or NHS number, to be replaced by meaningless, fictitious identifying information that still allows data about the same patient to be linked (e.g., study:when he or she uses different services). That said, identifying information such as a patient’s NHS number, postcode, date of birth, ethnicity, gender and GP surgery could be made available to “approved analysts for approved Patient data purposes”, according to NHS England” e.g., NHS and social care staff, researchers, those commissioning NHS services, private companies.

Identifiable personal data

  • g., date of birth, gender, ethnicity, family history, medical diagnoses, prescriptions, blood tests, B=body mass index (BMI), smoking/alcohol habits etc.


  • The project was a UK National

Health Service (NHS) project (2013-16)

Introduction • The aim was to combine and centralize the processing of personally-identifying to the Care. patient data from primary care with currently collected secondary care

data case. hospital episode (statistical) data, in order to: link patients’ discrete interactions with Beginnings. the NHS, identify treatment pathways, to

increase clinical effectiveness, make

economic efficiencies and widen patient choice timeline

Presser, L., Hruskova, M, Rowbottom, H. and Kancir, J. (2015). and access to UK health records: patient privacy and public trust. Available at:

  • The project ran aground and was officially abandoned in 2016 due to insurmountable

difficulties related to the governance and

Introduction ethics surrounding its handling of patient data.

to the Care. • Despite the undoubted value and the

benefits of for medical research and for NHS planning purposes,

data case. complicating factors preventing the fullscale implementation of the project Project included:

  • Legal difficulties with GPs and doctors abandoned at Governance and security concerns on the • Operational project management issues

part of the NHS Health and Social Care an early stage  Information Centre

  • Lack of informed consent from the public
  • Privacy and other medical ethical concerns


•     Caldicott Review (2017) Review of data security,

Introduction consent and opt-outs.

•     Development of an “opt-out model”

to • A shift from informed consent to presumed

study. consent

•     By May 2021 (originally May 2020 because

Postscript.delayed by the pandemic), all GP surgeries will need to have complied with the uploading of their identifiable patient data. case: question

  • The Data case provides a useful context to explore the value and benefits of increased patient data processing to medical research and health service planning, as well as the perceived costs and risks of patient data processing to individual patients and the public alike.
  • Why was the programme unable to govern and balance these competing demands of the value and costs/risks of patient data processing? key resources

  • A good starting-point is: Presser et al. (2015). Available at:
  • You can then draw on the Parliamentary Select Committee Inquiry sources that

took place during the key delay period (2014-15); while also drawing on further supplementary sources. Available at: UK Parliament (2014-15). Commons Select Committee Inquiry into Handling of NHS Patient Data. The

  • The deliberations of the Inquiry provide a retrospective and prospective look at

the problems/opportunities of and the proposed solutions at the time. There were four sessions of evidence: 25 February 2014, 8 April 2014, 1 July 2014, 21 January 2015.


  • Caldicott Committee (1997) Report on the review of patient-identifiable

information. Available at: et/dh_4068404.pdf

  • Carter, P., Laurie, G.T., and Dixon-Woods, M. (2015). “The social licence for research: why ran into trouble”, Journal of Medical Ethics 41 (5) 404-


  • Chuenpagdee, R. & Jentoft, S. (2013). “Assessing governability – What’s next”. In: Bavinck, M., Chuenpagdee, R., Jentoft, S. & Kooiman, J. (2013) Governability of Fisheries and Aquaculture: Theory and Applications, 335-349.
  • Medconfidential (2017)
  • National Data Guardian/Department of Health. (2013). Information: to share or

not to share? The Information Governance Review [Caldicott review]

  • National Data Guardian for Health and Care (2016). Review of Data Security, Consent and Opt-Outs England website. Search ‘’.
  • NHS Digital (formerly the Health and Social Care Information Centre) Search ‘’