Policy on the use of personal information in research

Our mission is to foster and promote research with the aim of improving health. Research using personal information has and will continue to make an important contribution towards achieving this aim, provided that appropriate safeguards are in place to protect an individual's confidentiality.

This position statement deals with information that relates to an individual, for example information contained within patient medical records, information relating to an individual collected as part of a cohort study, or other information associated with human biosamples.

The terms 'patient information' and 'patient records' are used broadly to cover all these types of information.

We recognise that, for the purposes of the Data Protection Act 1998, information covered by this position statement may be either 'personal data' (for example date of birth, postcode) or 'sensitive personal data' (for example relating to the health of an individual). We use the phrase 'identifying data' where information may enable identification of an individual.

The benefits of using personal information for research

The use of patient records provides significant potential for biomedical and healthcare research. Data is used for epidemiological research, to understand more about the causes of disease, to detect outbreaks of infectious diseases, to monitor the safety and efficacy of drugs, and to study the effectiveness of treatments and interventions. Patient records also offer a helpful starting point to identify potential recruits to invite to take part in a clinical trial or cohort study.

The move to electronic records increasingly opens up the possibility of conducting studies that require access to very large numbers of patient records, to address research questions that would previously have been unanswerable, and to integrate the information with other datasets. Building on existing work, this offers new and exciting opportunities for research, but also highlights the need to ensure appropriate safeguards are in place to protect the security of data.

Ensuring patient confidentiality

We recognise that patient information is potentially both sensitive and private, and every research participant has a right to confidentiality.

It is therefore crucial to ensure appropriate safeguards are in place to maintain patient confidentiality and security of data.

Procedures for the anonymisation of data are well established, but we recognise that in some cases, researchers need access to identifying data. In such cases, there must be clear mechanisms of accreditation and accountability, with researchers placed under the same duty of confidentiality as a health professional. It is important to ensure that appropriate and proportionate processes are adopted that take into account both the potential risks and the likelihood of identification.

Applying best practice

We are actively supporting the research community to shape and apply best practice in the use of personal information for research. Researchers and their host institutions are responsible for ensuring they are aware of the issues surrounding the use of personal information in research, and have obtained all necessary approvals.

As with all work involving human participants, we expect the work to be undertaken in accordance with the highest ethical standards.

Raising public awareness

Recent studies suggest that members of the public are supportive of the use of patient data for research. An Ipsos MORI poll found that nearly 70 per cent of people would be 'likely' or 'certain' to allow their personal health information to be used for research, while focus groups suggest that people become more positive when they are given additional information about the use of patient data for research.

It will be important to ensure patients and the public are provided with better information about how their records may be used for research. Patients should also be provided the opportunity to opt out of the use of their identifying data in research, if they wish.

Contact us

If you have questions about any of our policies, contact the policy team.