Service providers routinely collect data relating to the care received by people living with and affected by HIV. These data are critical to the provision of patient care since they are used to inform the public health response to HIV, including evaluation of prevention initiatives, and further inform the commissioning of services and development of clinical guidelines. Use of identifiable, anonymised and pseudonymised information is bound by strict information governance policies and confidentiality rules.
Public Health Surveillance
Data collected locally in England, Wales and Northern Ireland are sent securely to Public Health England (PHE), and in Scotland to Health Protection Scotland (HPS) for surveillance purposes. These data are used to monitor the number of people newly diagnosed and living with HIV, access to HIV care and treatment and key outcomes including virological undetectability on ART, and to target prevention initiatives. The data provide national and local outputs such as the Public Health Outcomes Framework indicator for reducing late HIV diagnosis and NHS England’s HIV Quality Dashboard, and are used to plan and commission appropriate services for people living with HIV.
Public Health data are also linked to other public health and clinical datasets to monitor coinfections and other indicators (e.g. transmitted drug resistance).
Confidentiality
The duty of confidentiality of personal medical information is protected by law in the UK. This means that all personal medical information, whether held on paper, computer, visually or audio recorded, or held in the memory of the professional, must not normally be disclosed without the consent of the patient.
Patient consent, implied or explicit, is required for any handling of personal confidential information. This includes any data that can potentially be linked to the individual via, for example name (including Soundex code), date of birth, address, post code of residence, clinic or national ID number. Data without personal identifiers is anonymous and is not personal information. Data with names, dates of birth and addresses removed is called pseudonymised data and could still be personal information if it is possible to link the data back to the patient.
The Health and Social Care Information Centre (HSCIC), now known as NHS Digital, defines consent as ‘the approval or agreement for something to happen after consideration’. Explicit consent can be given in writing, orally or through other forms of communication such as signing. Implied consent refers to instances where the consent can be assumed without the patient making any positive action. HSCIC refers to a ‘care team’ stating that information must not leak outside this team but needs to be shared within it in order to provide a seamless, integrated service (e.g. doctors and nurses working on a ward caring for a patient or referrals from an HIV team or GP to another speciality).
Consent should be explicitly sought where information is being disclosed to third parties (e.g. insurance companies, employers). Consent for information sharing, implied or explicit, is only valid if the patient understands what data are stored and who can access their information.
Patients can explicitly refuse consent to share information with teams that provide direct care and this decision should be respected. If the personal confidential information, such as HIV-positive status, is considered by the healthcare professional to be essential for safe provision of direct care, they should explain to the patient that not providing this information may compromise their care. In exceptional circumstances, withholding consent to sharing information may amount to refusal of care.
There are some situations where disclosure is required without an explicit requirement for patient consent such as legal obligation to disclose, for example a court order, or if the clinician believes that there is an overriding public interest to do so such as to aid the prevention, detection or prosecution of serious crime or prevent the spread or reduce risk from serious communicable diseases. These situations are exceptional, and consent should still be sought where possible. In situations of partner notification of HIV, disclosing a person’s HIV status without their consent is a last resort with many factors taken into account including harm to the index patient if disclosure occurs, risk of non-disclosure to the partner’s or others health and well-being.
Information governance
At all levels, identifiable or potentially identifiable data must be held securely with access strictly restricted to trained data managers and clinical/epidemiological/research staff, and in compliance with information governance standards and the relevant legislation.
For national surveillance data, all staff within the national public health agency have a legal duty to keep patient information confidential. All those who have access to data are bound by strict data security guidelines.
In order to ensure data are accurate, limited patient identifiers are collected for epidemiological surveillance purposes. These data do not include names and addresses of people living with HIV (this information is only retained by the local service providers with which individuals are in direct contact). Without these limited identifiers, the number of people living with HIV would be overestimated as people living with HIV can, and frequently do, access any HIV service across the UK. This information is also used to check the accuracy of data and to correct any errors. In addition, these data are also used to monitor longer-term outcomes of people living with HIV, through linking data between years. Linkage to other secure public health and clinical datasets enables the monitoring of key outputs such as late HIV diagnoses and treatment coverage, and allows service needs to be planned accordingly. Secondary analyses of these data may also be conducted for surveillance and research after all patient identifiers have been removed.
Digital records and national patient ID numbers
Electronic/digital patient management systems may involve several electronic systems for various functions (e.g. appointments management, case notes, management investigations, prescribing and dispensing of drugs, and communications management). The individual patients are linked on these systems using a unique identifier, usually a clinic ID. National patient ID numbers such as the NHS number in England, Wales and the Isle of Man, Community Hospital Index (CHI) number in Scotland, and the Health and Care number in Northern Ireland could be used to link all (primary care and secondary care) care records for a patient. All electronic and web-based systems used in healthcare settings should be compliant with the UK Data Security Centre good practice guidance.
Patients have the right of access to their records under the Data Protection Act and have the right to have factual inaccuracies corrected.
Patient-owned data systems are also available as websites and apps. These offer opportunities for recording detailed patient monitoring and activity data but offer challenges for information governance.