SECONDARY USE OF DATA
7.50 There are several ways in which the Data
Protection Act 1998 could seriously inhibit legitimate medical
research. For example, because it is impossible to foresee the
full extent of future uses of genetic and other data, the requirement
"that personal data shall be obtained only for
one or more specified and lawful purposes, and shall not be further
processed in any manner incompatible with that purpose or those
purposes"[58]
might, in some circumstances, not be satisfied. In
addition, it is important that the Act's requirement for data
to be kept up to date[59]
does not result in the deletion of medical histories and associated
data.
7.51 As noted in paragraphs 7.8 and 7.9, we distinguish
between primary use of data (collected for a specific purpose
directly either from patients or participants in research projects)
and secondary use of data (use of existing data for purposes
other than those for which they were originally obtained). For
these purposes, 'data' includes data extracted from biological
samples. The primary collection and use of data will always require
individual consents - unless there is a statutory requirement
as, for example, in forensic applications.
7.52 Different considerations apply to the secondary
use of data:
(a) because of the passage of time, it may be
impossible or impracticable to obtain individual consent; and
(b) more significantly, in the interests of the
public good, it will be essential in some circumstances to achieve
as near as possible full coverage of the population.
This is not to say that data may be used freely for
secondary purposes. As noted in paragraph 3.11, such data are
covered by the provisions of the Data Protection Act (although
not after the individual's death). With reference to our definitions
in Box 8 (on page 35), the Act covers 'fully identifiable' and
'de-identified' data - but not those which have been 'permanently
de-linked'.
7.53 There is, as we noted in paragraph 7.42, already
a network of local and regional research ethics committees, overseen
(in terms of policy and operation) by a national body, COREC.
These are concerned mainly with projects involving the primary
collection and use of data but also deal with projects involving
the secondary use of data. Furthermore, we noted also that the
Bellingham Committee oversees security and confidentiality of
the use of certain NHS data for secondary analyses.
7.54 The fact that this complicated
structure seeks to deal with both primary and secondary uses of
data means that, as we noted in Box 7 on page 34, the consent
arrangements for secondary use of data are currently uncertain.
This uncertainty has not been helped by the new GMC guidelines
which, as noted in paragraph 7.29, are seriously jeopardising
the availability of data for secondary use.
7.55 Against that background,
we see the need for action on two fronts. The first need is for
clarity in the operation of the GMC guidelines. As we were finalising
this Report, matters of patient data confidentiality were before
the House of Lords as part of the Health and Social Care Bill.
The problem of reduced flow of essential data to disease registries
that it was seeking to address[60]
would, in our view, be largely resolved if the GMC guidelines
were to be interpreted along the lines indicated by the GMC in
oral evidence to us (see paragraph 7.31). As a matter of urgency,
we recommend that the GMC should make it clear that, as their
representative told us in evidence, doctors are not required to
obtain signed consent before data are passed to disease registries.
Instead, patients need simply to know that data about them may
be used in this way. Such clarification may require a rewording
of the GMC guidelines to put their position beyond doubt.