Abstract
ABSTRACTIn this article, we analyse the legal components of disclosing confidential patient information under the UK’s common law duty of confidentiality (CLDoC) and processing personal (health) data under the UK’s General Data Protection Regulation (GDPR) and Data Protection Act 2018. We describe the ostensible divide between the CLDoC and data protection law when it comes to the requirements of a valid signal of consent by a patient to use and disclose patient information, obtained by a health professional in the context of direct care, for health care and health research purposes. Ultimately, our analysis suggests that we are saddled, at least in the medium term, with two regimes operating with different standards of a valid consent—while putatively protecting similar interests. There is, however, opportunity for progress. It is possible to improve professional guidance on the interaction between the regimes and to achieve significant normative alignment without aligning the signalling standard for consent; this would promote consistent protection of reasonable expectations of patients across both regimes. Further coherence would require aligning not only the standard, but also the role played by consent under each regime. Here we argue that, in relation to direct care, any such shift should be away from consent as the normal justification. In relation to health research, on the contrary, it should be toward consent as the normal justification for use and disclosure of patient information under both the CLDoC and data protection law.
Highlights
On 2 October 2019, the National Data Guardian (NDG), an independent, non-regulatory, advice-giving body in England sponsored by the Department of Health and Social Care,1 tweeted a series of key points emerging from the ‘Healthcare Excellence Through Technology’ conference happening in London
We focus on the distinction that can be drawn between how a valid consent may be signalled under, respectively, the common law duty of confidentiality (CLDoC) and data protection law, with a view to determining the extent to which the requirements are conceptually aligned—and the implications for interplay between the regimes
66 While not recognised as conditions for valid consent under data protection law, the requirements for notification and the right to object to data processing, which are set out in data protection law as two distinct data subject rights (GDPR, arts 12–14 and 21, respectively), accord with what we have described as Level 1 consent
Summary
The clearest and most consistent statements on the requirements of an active and unambiguous signal of consent are found not in the common law, but in a statutory legal regime, namely data protection law.6 This is not as helpful in health care and research as it might be in other contexts, because health professionals and researchers are advised normally not to seek a patient’s consent for the purposes of meeting obligations under data protection law.. We argue most significant progress is reliant upon two significant changes: (i) a move away from consent as the normal justification for the use and disclosure of patient information under the CLDoC for the purposes of direct care and local clinical audit, and (ii) a move towards consent as the normal justification for disclosure by a health professional for research purposes under data protection law.. We argue most significant progress is reliant upon two significant changes: (i) a move away from consent as the normal justification for the use and disclosure of patient information under the CLDoC for the purposes of direct care and local clinical audit, and (ii) a move towards consent as the normal justification for disclosure by a health professional for research purposes under data protection law. Normative alignment can be achieved to some extent without full conceptual alignment; full conceptual (or definitional) alignment and normative alignment—a comprehensive bridging—is dependent upon fundamentally reconsidering the role of consent under each regime
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
