Confidentiality

Although certain information is considered especially sensitive, all information about someone's health and the care they are given must be treated with regard to confidentiality at all times.

There are a limited number of people authorised to have online access to the data, all of who must adhere to the written protocol issued by The NHS Information Centre on the dissemination of HES data. For example guidance is given on handling the very small numbers that sometimes occur in tables, in case local knowledge enables identification of either a patient, the only consultant of a particular specialty within a trust, or a single-handed GP.

Although HES does not hold names and addresses, it is a record level data warehouse and it contains information that could (if it was made freely available) potentially identify patients or the consultant teams treating them. In some cases record level data may be provided for medical/health care research purposes. For example data is likely to be required by the Healthcare Commission and other such bodies. The information may be given following a stringent application procedure, where the project can justify the need and where aggregated data will not suffice. Any request involving sensitive information, or where there may be potential for identification of an individual, is referred to the Data Access Advisory Group (DAAG).

DAAG consider each request for record level data in view of data security and patient confidentiality, together with the specified use of the data and the justification of the request, before they give their agreement. In line with the principles set out in the Caldicott Review of Patient-Identifiable Information, the DAAG seeks to limit data access to what is absolutely necessary for the purpose. All recipients of record level data must sign an agreement to use the data only for the specified purpose, to keep the data only for the specified length of time, and not to further disclose the data (in line with the Data Protection Act). The DAAG would also be involved in considering any requests for access to data that could potentially identify individual consultants.

Currently, the following groups of information are considered sensitive:

• information about the medical practitioners treating them
• information about legal status under Mental Health legislation.

Any request involving the potential for identification of an individual is referred to the Ethics and Confidentiality Committee (ECC) (formerly Patient Information Advisory Group).

The following data fields are considered identifiable.

• patient's date of birth
• the post code of their home address and any low level data derived from it
• identifiers, such as the NHS number, that relate to individuals

Requests for information which include both sensitive and identifiable information are referred to the ECC.