Lawful and ethical means of using data without consent

If legal or ethical conditions prima facie require you to obtain consent in order to use personal data for your research project you essentially have two options:

(1) Seek consent for data use

In some circumstances it will be necessary for consent to be obtained before you can use personal information in your research project. If patients are to be contacted for consent, you must ensure that they receive a sufficient amount of information about your proposed research project to ensure that any consent given is legally valid. You should however be aware that the very process of obtaining consent could in itself raise privacy issues.

If patients are to be contacted for consent directly by their General Medical Practice or someone within the patient's healthcare team, for example a hospital consultant etc, then no privacy issues should arise as this would involve no disclosure of confidential information to people outside the General Practice.

However, if patients are to be contacted by someone on the research team who is outside the patient’s General Medical Practice, then issues of confidentiality may arise as this would necessarily involve personal information, such as the patient’s name, address and even medical history, to travel outside the General Medical Practice. This could mean that you will need to obtain Ethical approval before you obtain such information, and you will need to be able to demonstrate that it is necessary and justifiable for you to have access to this information.

The SHIP research co-ordinator will be able to help advise you on the best way to obtain consent should this be deemed necessary.

Return to top of page

(2) Use data without consent

It is recognised in law that there are certain circumstances where seeking consent may not be practicable. When deciding whether it is practicable to obtain consent, you should take account of:

  • The number of records involved
  • The age and likely traceability of patients
  • The possibility of introducing bias because of a low response rate
  • The cost of obtaining consent

Under the SHIP model, if it is not practicable to obtain consent, then it might be possible to still access the data either by anonymising it, or by seeking authorisation from the relevant authorising body.

Anonymisation

The process of anonymisation involves the removal of personal identifiers from a dataset to minimise the risk of disclosure of personal information. Data which is ‘truly anonymised’ contains no information that could reasonably be used, by anyone, to identify the individual whose data it is. Data which is pseudonymised is anonymous to the people who receive and hold it (i.e. to the research team), but it contains information or codes which would allow others (e.g. the data controller) to identify an individual from it.

Generally information can be used more freely if the subject of the information is not identifiable in any way. Although good practice in governance dictates that there should still be safeguards in place to prevent inappropriate use of even anonymous information, legally consent does not need to be obtained for the use of anonymous data.

However, it will not always be appropriate to use anonymised data, as some research projects will require richer datasets, the richness of which would be lost by the anonymisation process. If this is the case you will either need to obtain consent from individual to use their personal data, or you will need to obtain authorisation from the relevant authorising body for the use of the data.

For more information please see the guidance page on ‘anonymisation.’

Authorisation

Whether authorisation to use identifiable information without consent will be obtained essentially depends on:

  • Whether the use of identifiable information is really necessary,
  • Whether consent is really unfeasible,
  • The sensitivity of the information you seek to access,
  • Whether your proposed research project is in the public interest,
  • The security mechanisms in place to protect the data.

Each of these considerations will need to be addressed on a case by case basis and you as a researcher should address each of these points in your data access application form. The SHIP research co-ordinator will then direct your application for authorisation from the relevant authorising bodies.

Return to top of page

Return to route-map