3. www.eurosocap.org
Right to Privacy
Article 8 of the European Convention on Human Rights
1. Everyone has the right to respect for his private and
family life, his home and his correspondence.
2. There shall be no interference by a public authority
with the exercise of this right except such as is in
accordance with the law and is necessary in a
democratic society in the interests of national security,
public safety or the economic well-being of the country,
for the prevention of disorder or crime, for the protection
of health or morals, or for the protection of the rights and
freedoms of others.
4. www.eurosocap.org
Right to Privacy
EU Charter of Fundamental Rights
Article 7 Respect for private and family life
Everyone has the right to respect for his or her private and family life, home and
communications.
Article 8 protection of personal data
1. Everyone has the right to the protection of personal data concerning him or her.
2. Such data must be processed fairly for specified purposes and on the basis of the
consent of the person concerned or some other legitimate basis laid down by law.
Everyone has the right of access
to data which has been collected concerning him or her, and the right to have it
rectified.
3. Compliance with these rules shall be subject to control by an independent
authority.
5. www.eurosocap.org
Data Protection
Data Protection Directive Article 8 (1)
Member states shall prohibit the
processing of personal data revealing
racial or ethnic origin, political opinions,
religious or philosophical beliefs, trade-
union membership, and the processing of
data concerning health or sex life.
6. www.eurosocap.org
Data Protection
Data Protection Directive Article 8 (3)
Paragraph 1 shall not apply where processing of
the data is required for the purposes of
preventive medicine, medical diagnosis, the
provision of care or treatment or the
management of healthcare services, and where
those data are processed by a health
professional subject under national law or rules
established by national competent bodies to the
obligations of professional secrecy or by another
person also subject to an equivalent obligation
of secrecy. [Emphasis added]
9. www.eurosocap.org
Aims of the European Standards
• establish the ethical and legal framework and
principles supporting the protection of
confidentiality and informational privacy of
people in healthcare;
10. www.eurosocap.org
Aims of the European Standards
• establish the ethical and legal framework and
principles supporting the protection of
confidentiality and informational privacy of
people in healthcare;
• delineate the ethically necessary protections of
confidential information and those
circumstances where the use or disclosure of
private or confidential information may be
legitimate;
11. www.eurosocap.org
Aims of the European Standards
• establish the ethical and legal framework and
principles supporting the protection of
confidentiality and informational privacy of
people in healthcare;
• delineate the ethically necessary protections of
confidential information and those
circumstances where the use or disclosure of
private or confidential information may be
legitimate;
• provide Guidance on best ethical practice for
healthcare professionals and policy
Recommendations for provider institutions.
14. www.eurosocap.org
Categories of Protection
• general considerations;
• protections, uses, and disclosures of patient
information for their healthcare (Section 3.2);
• protections, uses, and disclosures of patient
information for healthcare purposes not directly
related to their healthcare (Section 3.3);
15. www.eurosocap.org
Categories of Protection
• general considerations;
• protections, uses, and disclosures of patient
information for their healthcare (Sect. 3.2);
• protections, uses, and disclosures of patient
information for healthcare purposes not directly
related to their healthcare (Sect. 3.3); and
• obligations and justifications for the disclosure of
patient identifiable information for purposes not
related to their healthcare (Sect. 3.4).
16. www.eurosocap.org
Protection, Use and Disclosure of Patient
Information—General Considerations
• Patient consent.
• Circumstances where a patient is unable to
consent.
• Disclosure to protect interests that override the
patient’s right to confidentiality
• Disclosure after a patient’s death;
• Patient access to a patient’s healthcare records.
17. www.eurosocap.org
Protection, Use and Disclosure of Patient
Information for their Healthcare
• Keeping patients informed.
• Consent to the use and disclosure of
patient information.
• Clinical audit.
• Disclosure to a patient’s carers.
• Multidisciplinary and Inter-agency working.
• Dual roles and obligations.
18. www.eurosocap.org
Protection, Use and Disclosure of Patient
Information for Healthcare Purposes not directly
related to their Healthcare
• Keeping patients informed about secondary
uses
• Consent for secondary use or disclosure of
confidential patient information
• Maintaining the information in a form which
protects the identity of the patient
• Use of information for teaching purposes
• Anonymisation and research uses
• Research databases containing personal
identifiable information.
19. www.eurosocap.org
Disclosure of Patient Identifiable Information
for Purposes not Related to their Healthcare
• Legal obligations to disclose
E.g. notifiable disease
• Justifications to disclose
E.g. to protect third party from death
21. www.eurosocap.org
Ethical Boundaries to
Confidentiality
• ‘None of the ethical arguments lead to the
conclusion that the healthcare
professional’s duty of confidentiality is
absolute.’ (Sect. 2.3.3)
• ‘The confidentiality requirement exists
within a wider social context in which
healthcare professionals have other
duties, which may conflict with their duty of
confidentiality.’ (Sect. 2.3.3)
22. www.eurosocap.org
Legitimising Public Health Uses of
Confidential Information
‘Many uses of confidential healthcare
information not directly related to the
healthcare of the patient are legitimate for
limited and specified healthcare purposes
provided certain criteria are met.’
(Sect. 3.3)
23. www.eurosocap.org
Legitimising Public Health Uses of
Confidential Information
‘All health service organisations must have
policies for informing patients and/or their
legal representative of the protections,
uses and disclosures of their information
for secondary purposes.’ (Sect. 3.3.1)
24. www.eurosocap.org
Legitimising Public Health Uses of
Confidential Information
• ‘Express consent from the patient or their legal
representative should wherever possible be
obtained before any proposed secondary uses
of patient personal information.’ (Sect. 3.3.2)
• ‘Where there is agreement to disclosure, only
the minimum necessary patient identifiable
information should be used for each legitimate
healthcare purpose.’ (Sect. 3.3.2)
25. www.eurosocap.org
Legitimising Public Health Uses of
Confidential Information
‘A possible exception to the requirement of
gaining consent for a particular secondary
use would be where a legal obligation to
disclose for that purpose exists.’
(Sect. 3.3)
26. www.eurosocap.org
Legitimising Public Health Uses of
Confidential Information
‘In general, any use or disclosure of confidential
healthcare information without consent:
• ‘should clearly serve one of the purposes specified in
international human rights law as being a legitimate
limitation on the right to privacy.’
• ‘Such disclosures must also meet the criteria of being
proportionate to the legitimate aim of the disclosure’; and
• must be ‘in accordance with (domestic) law.’
(Sect. 1)
27. www.eurosocap.org
Legitimising Public Health Uses of
Confidential Information
‘Personal information should wherever
possible be maintained in a form that
protects the identity of the patient.’
(Sect. 3.3)
28. www.eurosocap.org
Criteria necessary to justify
disclosure
• Patients must always be informed
AND
• Consent must be obtained
OR
• A statutory gateway must be created which is:
– Human Rights compliant
– Must be proportionate to the aim
– Must be in accord with domestic law
OR
• Information must be held securely in a form which protects the
identity of the patient
29. www.eurosocap.org
Ethical Standards
• ‘Ethical standards may be different from the legal
standards of a particular jurisdiction.’ (Sect. 2.1)
• Similar considerations of the primacy of patient consent,
and the necessity and proportionality of disclosure apply
in ethical decision-making as in legal decision–making.
• ‘Where the ethical standards require greater protection
for patient confidentiality and privacy than the legal
standards, then healthcare professionals should follow
their ethical obligations and work to promote the
protections required by ethics.’ (Sect. 2.1)