DP in Research

Data Protection and Research.

The legislative position as contained in the Data Protection Acts can be somewhat complex in terms of what is expected of a health professional seeking to access patient identifiable data for research or clinical audit purposes in terms of ensuring the fundamental rights and freedoms of the patient.

See guidance from the Data Protection Commissioner for more information.

Best practice approach to undertaking research projects using personal data

At its simplest the requirements can be reduced to an obligation to respect the confidentiality of information about our patients (data subjects). Under the Data Protection Acts, the responsibility for ensuring the confidentiality of patient data and for securing any necessary consent for its further use lies with the data controller. The data controller – in this context could typically be the hospital, or an organisation such as the Health Research Board, a Third level educational institution, HIQA, National Cancer Registry of Ireland etc. Equally a data controller could be an individual such as a GP or other medical professional working in a private capacity who is responsible for collecting information in the context of the treatment of a patient. It is this data controller who is legally responsible for the processing of the data under the Data Protection Acts.

The most straightforward way in which access to patient identifiable information for research or clinical audit purposes can take place is with the consent of the person for the intended use.

If you have any queries in relation to data protection in research, please contact us at patientfeedback@stjames.ie