Sunday, March 13, 2011
This article analyses the legality of the use of electronic patient records in the NHS for research without explicit patient consent under UK and EU law, with particular reference to the adequacy of the information provided to patients and the increasing difficulties of achieving de-identification. In section II, we describe the main NHS databases used for medical research purposes in England and the transparency of this use, and the general problem of re-identification. In section III, we examine the English common law position of confidentiality in relation to the use of medical records for research. Section IV sets out the European data protection standards on such use of that data. In section V, we summarise our findings and assessments and set out our conclusions and recommendations.