Error message

Deprecated function: The each() function is deprecated. This message will be suppressed on further calls in menu_set_active_trail() (line 2405 of /homepages/3/d274688683/htdocs/devdrupalseven/includes/

Public interest

Why do I need to know about public interest?

  • It has been reported that secondary uses of patient data in research are being hampered by a ‘culture of caution’ where concerns about risks to patient confidentiality may be elevated at the expense of the pursuit of scientifically sound and ethically robust research, which is in the interest of protecting the health of the public.

  • Both researchers and data custodians are in a position to help rectify this balance by attending to and making robust cases for the public interest in any proposed research project.

What is the ‘public interest test’?

In the absence any of three possible conditions - that patient consent for your proposed research use of the data exists, or that the data has been anonymised, or that there exists a particular obligation under the law (for example for the purposes of a criminal investigation) - any decision as to whether patient identifiable information can be disclosed must be made on a case by case basis and must be justified by being in the public interest.

The public interest test operates as a device by which we can determine the course of action which best serves the interests of the public. In the context of information disclosure therefore this involves deciding, on a case by case basis, whether it better serves the public interest to disclose the information or keep it confidential.

When is disclosing information in the public interest?

There are two primary justifications for disclosing information in the public interest: to protect individuals or society from the risk of serious harm, or to enable secondary uses of the information, such as for research or educational purposes, which will benefit society over time.

There are clearly benefits to society in conducting research for the future development of healthcare in the UK. As such, the GMC advises that a disclosure of identifiable information without consent can be justified in the public interest to enable medical research. Society has an interest in promoting research within an acceptable and workable framework. Such a framework must give due consideration to confidentiality, however at the same time it must not impose impossibly high standards as this would have the effect of hindering research and pushing some research out of the UK.

Striking a balance: weighing confidentiality and public interest

In order to determine whether identifiable information may be disclosed without the consent of an individual, we must determine whether it serves the interests of the public to disclose or not to disclose. This determination involves the balancing of two public interests: the public interest in maintaining confidentiality and the public interesting in disclosing information to further medical research.

The decision as to what is in the public interest must be made on a case by case basis, by taking into consideration the specific qualities and risks of the proposed research project. As such, it is not possible to provide definitive guidance on which way the balance should be struck. However, generally you must consider:

  • The nature and sensitivity of the information to be disclosed,
  • The use to be made of the information,
  • The context in which the information was generated,
  • The reasonable expectations of the individual whose information it is,
  • Any harm which could be caused to the individual or others,
  • The purpose of the request for information,
  • The number of people to have access to the information,
  • The confidentiality and security arrangements in place to protect the information from further disclosure,
  • The advice of a Caldicott Guardian or similar expert advisor who is not directly connected with the use for which the disclosure is being considered,
  • The advice of a Research Ethics Committee,
  • The advice of the Privacy Advisory Committee,
  • The potential for harm or distress to patients,
  • The importance of the information to be obtained from the research output.

If, after considering these factors, it is decided that the information should be disclosed, the disclosing body must only disclose the minimum of information necessary to achieve the objective of the research project.

SHIP Guiding Principles and Best Practice

SHIP Guiding Principles and Best Practices reflect the values which underpin the SHIP project. They are designed to act as a guide for all those involved in SHIP and data sharing. You as a researcher or data custodian should be aware of these guiding principles and best practices as they provide useful guidance as to the standards of information governance promoted and expected by SHIP.

  • Scientifically sound and ethically robust research is in the interest of protecting the health of the public.
  • The objective of SHIP is to facilitate scientifically sound and ethically robust research through the appropriate use of health data.
  • The rights of individuals should be respected with adequate privacy protection, while at the same time the benefits for all in the appropriate use of health data for research purposes should be recognised.
  • Data sharing and use should be carried out under transparent controls and security processes, and the purposes and protection mechanisms should be communicated publicly and to oversight bodies/individuals with responsibility for data processing.
  • The responsible use of health data should be a stated objective of all organisations adhering to this instrument.
Best Practice
  • It is the data controller's responsibility to ensure the development of transparent policies that demonstrate their understanding of public interest and the basis upon which they will use and disclose health data; equally importantly this must include the protection mechanisms under which use will take place. It is possible that these policies may not be developed solely by data controllers, but in conjunction with others, e.g. lawyers, but ultimate responsibility for implementation of such policies will lie with the data controller.

Return to top of page