How regulatory bodies approach the problem of data misuse?

How regulatory bodies approach the problem of data misuse?

CHRE was asked by the Department of Health to provide advice on how the health professional regulators manage issues of data misuse by registrants.

The confidentiality and security of patients’ data is a core value for all health professionals and this is reflected in all regulators’ core codes and standards. Some regulators also issue supplementary guidance to help registrants manage patients’ information in particular situations they may encounter in the course of their practice. Wider legal duties govern health professionals’ use of patients’ data, and professionals can also refer to guidance provided by professional bodies and employers as the NHS. These sources are cross-referenced in regulators’ standards and codes.

The principles embedded in regulators’ codes and standards about confidentiality and security are neutral in terms of practice settings and the current provision is satisfactory. However, their interpretation by health professionals has to respond to new risks and expectations, as well as established threats. In our advice, we concluded that while the standards themselves are satisfactory, when regulators provide guidance to registrants it is essential that changes in the public’s expectations around these issues are noted and reflected, as well as new legal requirements or challenges that emerge from innovative use of information technology.

The health professional regulators are one part of the framework guiding professionals’ use of patients’ data. The regulators’ role and responsibility in influencing the conduct of health professionals is complemented by the work of other agencies, notably employers, commissioners, other regulators and governments. Ultimately the prevention of data misuse is a joint effort across these organisations, and the actions that regulators can take to prevent data misuse or to apply sanctions in cases of misconduct are one element of this endeavour.

For a quick summary of this project, read the summary paper

More details can be found in our final report