The controversial section 251 clauses that over-ride patient confidentiality will be sidestepped with pseudonymised data, says John Parry
Section 251 is an infamous clause in the Health and Social Care Act 2001, which was re-enacted in the NHS Act of 2006. In summary, section 251 allows the secretary of state for health to make regulations to set aside the common law duty of confidentiality for defined medical purposes.
‘Pseudonymised data is always an alternative to section 251’
The regulations that support the clause are called the Health Service (Control of Patient Information) Regulations 2002. Any references to support or approval given under section 251 actually refer to the approval given under the authority of the regulations.
- Patient records: The dataset with no name
- Case studies: Return to the source
- Service improvement: The exemplar hospital
- Martin Johnson: Continuous improvement
- Download a free PDF of the HSJ/NHS Confederation supplement
Section 251 was established because there were certain activities of the NHS (eg: acute resource planning) and medical research that required the use of linked patient information. As patient consent couldn’t be obtained, there needed to be a legal basis for providing access. The reasoning behind section 251 is that there are occasions where it’s not possible to use anonymised information but seeking consent isn’t practical.
Yet I would argue in cases where some key identifiers are being used, the use of strongly pseudonymised data can always be an alternative to section 251.
So how will strong pseudonymisation at source help?
‘If the use of the NHS number was mandated across all health and care services - including adult social care - section 251 would become redundant’
This technique takes the patient identifier and creates a new identifier, using a key that can be shared between data providers, so that patient records can be linked together. The new identifier is not reversible; patient identity cannot be accidentally revealed, since actual identity would require work to find the details.
This technique alone will not prevent re-identification, but it will go a long way to reassuring those citizens who have been concerned by the recent Care.data debates. The originating organisation would be able to identify patients where patient reidentification is required, using the linkage identifier.
There is also the argument that if, as suggested many times, the use of the NHS number was mandated across all health and care services - including adult social care - section 251 would become redundant, as the unique identifier facilitates full scale pseudonymisation at source using a tool such as OpenPseudonymiser.
As a GP and part of the TPP ResearchOne team, I understand the importance of quality linked data and the benefits it can bring in terms of treating patients and allocating resources.
However, as a citizen, I also understand the concern that legislation such as section 251 too easily allows quick access to identifiable data and opens up the potential for dangerous (or unethical) data use.
Dr John Parry is clinical director at TPP
HSJ/NHS Confederation supplement: 'Pseudonymised' records and an inspiring hospital model
- Currently reading
Pseudonymised data can protect patient confidentiality