How do NCEPOD comply with the Data Protection Act, Confidentiality and Ethical Approval?
There are two Government Acts, related to confidentiality, that NCEPOD are requested to comply with. The first is the Data Protection Act 1998. The second is the NHS Act 2006.
The Data Protection Act 1998
NCEPOD is committed to maintaining a recognised level of best practice for its information security procedures. In 2009 we undertook an external audit of our information security procedures. Recommendations included in this report are being acted upon and our information security procedures have been formulated in conjunction with the International Standard ISO/IEC 27001:2005. 'Information technology – Code of practice for information security management'.
All NCEPOD staff manage data according to the information security procedures as a means of ensuring integrity and confidentiality of data submitted to NCEPOD. The procedures apply to both physical and electronic data formats.
Although it is understood that the DPA 1998 does not apply to deceased patients NCEPOD will apply its standards to all data regardless of patient outcome.
The NHS Act 2006
Whilst the Government has stated that consent is the fundamental principle governing the use of patient identifiable information by any part of the NHS or research community they have recognised that in some instances that this approach may be difficult. Section 251 of this Act therefore provides the Secretary of State for Health with a power to authorise that patient identifiable data can be used whilst alternative methods of data collection/obtaining consent are being implemented. Section 251 approval has been granted to NCEPOD. The National Information Governance Board (NIGB) has reviewed our work programme and we submit an annual report to them.
Our registration number is PAIG 4-08(b)/2003 and current status of all applications can be viewed on online at http://www.nigb.nhs.uk/s251/registerapp (App No 0077).
NRES – Ethical Approval
At the present time NRES (previously COREC) have agreed that it is not necessary for NCEPOD to obtain ethical approval for our work, the reasons are listed below:
- Our work is a ‘confidential enquiry’ and not strictly research or audit – we do not interact directly with patients or have influence in the treatment of an individual.
- We have approval from PIAG to continue without consent whilst we identify alternative methods.
- Many of the cases we investigate are deceased patients.
- Our work is supported by the Department of Health and the GMC