data protection and the elogbook
TRANSCRIPT
-
7/27/2019 Data Protection and the eLogbook
1/3
Ann R Coll Surg Engl (Suppl) 2013; 95: 238240
TRAiNEES fORUM
We welcome orgnal artcles for
the Tranees Forum on any suject
of nterest to surgcal tranees
(maxmum 1,500 words). We wll
also consder letters commentng on
artcles pulshed n the Tranees
Forum. Please emal sumssons to
Mantanng a record of procedures performed s an essental component of surgcal
practce ut the rsks assocated wth handlng patent data are not always apprecated.
vesey et al prode clear gudance on the mplcatons that legslaton goernngsenste data hae for tranees. They outlne steps that the nddual can take to make
sure that they use resources such as the eLogook safely and comply wth wth the
Data Protecton Act.
Bjan Moara
Seres Edtor
The pan-specaty surgca
elogbook, mantane by The Roya
Coege o Surgeons o Enburgh
(RCSE) on beha o the our roya
surgca coeges, s now the de
facto too or a surgca tranees.The coeges ssue new terms an
contons at about the same tme
that genera surgca tranees were
obge to transer to the elogbook
rom the prevousy manate
intercoegate Surgca Currcuum
Programme ogbook. Some o
the causes wthn the terms an
contons gave rse to concern,
an severa tranees contacte the
Assocaton o Surgeons n Tranng
(ASiT) to seek clarifcation.
in ths artcle, we hae undertaken
to briey review the most pertinent
legslate ackground and to address the
concerns that arose. Data goernance
n medcne s a large, expandng and
complex ssue and ths monograph s
necessarly narrow n scope. A Jont
Surgcal Colleges Data Goernance
Commttee has recently conened and
s examnng the ssue, wth road terms
of reference on ehalf of all fellows and
memers of the surgcal colleges.
Backgroun
The expresson dgtal reoluton s not
hyperole. Our alty to use computers
to process and transfer ast quanttes of
nformaton almost nstantaneously has
had truly unfathomale consequences.
indeed, as n many domans, computng
has led to a paradgm shft n the world
of medcne; from electronc patent
records all the way to the affordale
and rapd sequencng of an nddualsentre genome (somethng that was
unmagnale 20 years ago). The lst of
examples s endless. These adances
have undoubtedly brought great benet,
ut as wth so many new dscoeres,
other consequences aound. in medcne,
two of the man concerns centre on
data securty and accuracy and the
implications for patient condentiality
and safety. These two concerns are at the
root of the prolem that legslators hae
to contend wth alancng the rghts of
the nddual to control access to ther
personal data aganst the socetal alue
of so-called g data and the rghts and
responsltes of those who hold and
control that data.
in an attempt to strke ths alance, much
legslaton has een drafted and enacted
n the EU and the UK durng the past
30 years. The most recent and germane
pece of UK legslaton s the Data
Protecton Act (DPA) of 1998.
The data Protecton Act 1998
Key Defnitions
> Data subject the identiable
nddual to whom personal
data pertan.
> Data controller any entty
(nddual or organsaton) that
determnes how personal data
are processed.
> Personal data any data that can
e lnked to a lng nddual.
This denition also applies topseudonymsed or lnked-anonymous
data when the data controller has the
means to decrypt such data.
> Senste personal data any
personal data relatng to race,
ethncty, poltcal opnon, relgon,
health, sexual lfe, actual or alleged
crmnal record.
Although complex, the DPA n essence
ensures that personal data s handled
correctly. it sets out to achee a
alance etween protectng the rghts
of the nddual to mantan control of
ther personal data and the rghts of
organsatons to use such data legtmately
wthout undue regulatory strcture.
It achieves this in two ways: rst, the
act places certan olgatons upon data
controllers and, second, t enshrnes
certan rghts for data sujects (that
manly relate to data access, qualty
and use). The whole act s ased upon
eght prncples:
1. Personal data shall e processed
farly and lawfully.
2. Personal data shall e otaned only
for lawful purposes.
data protecton an the elogbookAT Vesey brtsh Heart Foundaton Centre for Cardoascular Research, Unersty of Ednurgh
JEf ftzger a Royal College of Surgeons of England, Assocaton of Surgeons n Tranng
A lamb Royal College of Surgeons of Ednurgh
DOi: 10.1308/147363513X13690603820748
238
-
7/27/2019 Data Protection and the eLogbook
2/3
THE ROYAL COLLEGE OF SURGEONS OF ENGLAND BUllETiN
3. Personal data shall be adequate,
relevant and not excessve.
4. Personal data shall be accurate and
up to date.
5. Personal data shall not be kept
for longer than s necessary.
6. Personal data shall be
processed n accordance wth
the rghts of data subjects.
7. Data shall be held and
processed securely.
8. Personal data shall not be
transferred to another countrywthout adequate protecton.
A key theme s consent. in most
cases, the consent of the data subject
should be sought before processng
personal data. in the case of senstve
personal data, obtanng explct
consent s nearly always mandated.
indvduals or organsatons actng as
data controllers must be regstered
as such wth the informaton
Commissioners Ofce (ICO).
The dPA an the elogbook
The eLogbook s a large database
holdng vast amounts of apparently
senstve personal data pertanng to
mllons of people. in order to ensure
full complance wth the DPA, a number
of measures were nsttuted ncludng
the release of the aforementoned
terms and condtons. it should be
noted at the outset that the actual
servers that host the eLogbook
(and iSCP databases) are housed
and mantaned by a company wth
the approprate expertse that has
a contract wth the colleges and the
Jont Commttee on Surgcal Tranng.
Here follow the clauses that gave
rse to concern, accompaned n each
case by a bref analyss and answer.
A lnk to full terms and condtons can be
found at the end of the artcle.
Clauses 1.8, 11.1, 12.1 and 12.7
These clauses relate to the colleges
and users oblgatons as stakeholders
n the eLogbook. The colleges,
as admnstrators of the logbook,
are clearly dened as data controllers
as specied by the DPA but it is
not necessarly clear whether
users should smlarly regster wth
the iCO as ndvdual data controllers.
Two points are relevant. The rst
relates to the ndvdual users employer.As an NHS employee or ndeed a
unversty-employed research fellow, an
ndvdual wll be requred to process
senstve personal data on a daly bass
and therefore wll qualfy as a data
controller. Strctly, n these nstances,
the employer will have notied the
iCO and therefore the employee s
n t heory automatcally covered. if,
however, any data s prvately collected
and processed then an ndvdual s not
covered by the employers notication.
The second pont relates to whether data
collected on the logbook actually count
as personal data. it could be argued
that they do not as no mmedately
identiable information elds are
completed. However, referrng to the
denition of personal data, if the data
controller n queston has the means
to lnk anonymous data back to an
ndvdual (easly done wth a Communty
Health index or hosptal number)then such data do ndeed qualfy as
personal data and a user should notfy
the iCO. Furthermore, n the case of
senstve personal data (e all the data
on the logbook), explct and nformed
consent should also be obtaned before
collectng such data. Gven that falure
to comply wth the oblgatons as set
out by the DPA consttutes a crmnal
offence, should all users of the eLogbook
therefore regster wth the iCO as data
controllers and obtan explct and
nformed consent for every patent
they operate on? is ths realstc?
The royal surgcal colleges legal team has
conrmed that those who record or use
personal data or senstve personal data
n a self-employed capacty (e outsde
of ther employment wth the NHS or
universities) will need to be notied with
the iCO as data controllers. Gven that
most tranees wll at some stage assst
ther consultant traners n the prvate
sector and that many wll tran wthn
ndependent sector treatment centres
(iSTCs) outsde the NHS, regsterng
wth the nformaton commssoner as
a data controller should be regarded as
mandatory. Furthermore, data collected,
processed and retaned by an ndvdual
durng a perod of transent employment
wth a unversty (e as a research
fellow) may also fall out of the remt of
the universities ICO notication once
such employment ends. Ths should be
regarded as another absolute ndcatonfor individual notication. It should,
however, be noted that personally
retanng non-anonymous
(e lnked-anonymous or pseudonymous)
personal research data on laptops or
personal computers s not advsable.
if strctly necessary, these data
should be properly encrypted.
Ganng wrtten, explct consent from
prvate or iSTC patents for collectng
logbook data s a must. Although t s thecase that ths s not strctly necessary
for NHS patents, there s a strong
deontologcal argument for dong so;
the standard should apply to all patents.
Ganng such consent s also consstent
wth the sprt of the DPA as well as
General Medcal Councl gudance on
the matter. A tranee should always
meet a patent before partcpatng n
ther surgery. Most consent forms
now have a eld relating to data
collecton and audt; a few extrawords about the need to mantan
a logbook for tranng shouldnt
represent a signicant burden.
Clause 6.3
To the fullest extent permitted by law, we
shall not be liable, including for any indirect,
special or consequential loss or economic
damage (such as without limitation loss of
bargain, prot, data, reputation, placement,
position, learning agreement, resultant
losses or otherwise), and whether in
contract, tort, or otherwise, arising out of
the use of the website or the reliance on
any of the information displayed on it.
Ths clause lmts the lablty of the
colleges for user actvtes. There had
been concern that ths was a way of
lmtng the colleges lablty n the
event of data loss (by the webste) and
the professional difculties for the user
that would arse as a consequence.
The royal surgcal colleges legal team
have gven assurances that ths does
not relate to data loss but rather the
qualty of the data on the webste.
As the colleges are not themselves
enterng patent data, data are ever-
changng and there s an ever-present
239
-
7/27/2019 Data Protection and the eLogbook
3/3
THE ROYAL COLLEGE OF SURGEONS OF ENGLAND BUllETiN
rsk of llegtmate access, t s evdently
not possble to track and qualty control
all of the content all of the tme. The
colleges therefore cannot reasonably be
expected to assume lablty for llegal
or rresponsble use. Such dsclamersare standard practce for webstes.
Several tranees h ave therefore enqured
whether keepng a personal backup of
ther logbook would be advsable.
The ofcial legal advice is that this is
not advsable. A meanngful personally
controlled logbook could clearly not be
truly anonymous as recordng outcomes
would become mpossble and the rsk
to the ndvdual of losng data or t beng
accessed by a thrd party would not bensubstantal. Furthermore, the company
to whch the colleges sub-contract
the physcal runnng of the eLogbook
and iSCP data has robust securty
arrangements, sophstcated back-up
systems and a very clear nformaton
governance framework n place.
There are many examples of doctors
gettng nto serous trouble wth
respect to data loss, commonly as
a result of lost laptops or droppedash drives. However, if a trainee
is notied with the ICO, has adequately
encrypted the data and has ganed
consent, mantanng a prvate logbook
s entrely legal and many may
opt to do ths n addton to
mantanng ther eLogbook database.
Cauton s, of course, advsed.
A further queston that arose relatng to
ths clause concerned the lablty of the
ndvdual user n the event of data beng
accessed by a thrd party, ether by accdent
or malcous ntent. The surgcal colleges
legal team have emphassed that userlablty would only arse f such a breach
had occurred as a result of the users own
falure to take reasonable securty steps
(for example, not dsclosng passwords,
etc). indvduals would not be lable were
the colleges or some other entty at fault.
The team also noted that enforcement
actions and nes for breaches of the DPA
are unlkely to arse unless there has been
substantal damage and dstress caused as a
result (for example, loss of a large database
of personal data).
Clause 12.3
Special care must be used when
inputting data in any free elds, including
for other informationaccordingly.
Questons arose relatng to whch
data ths referred to. The formal
advce s to strctly avod nputtng
any data that mght lnk the entry
to an ndvdual (addresses, telephone
numbers, names). Further clncalor operatve detals are acceptable.
Notfyng the iCO of status as ata
controer
Ths can be done onlne by usng the
lnks quoted at the end of the artcle.
There s a self-assessment tool that
will recommend notication. The New
Notication icon then needs to be
selected and nstructons wll follow.
There is a specic template for junior
surgeons usng the eLogbook (N955) to
follow. The annual fee s 35.
Summary
The oblgatons placed upon ndvduals
by the DPA are strct and probably
not apprecated by many eLogbook
users. All tranees are strongly advsed
to notfy the iCO of ther status as
data controllers.
Ganng explct, nformed and wrtten
consent to collect data for the purposes
of logbook mantenance should now
be encouraged.
Mantanng a detaled personal logbook
of operatons wth outcomes wll
appeal to many tranees and s an am
that should be commended. Cauton s
advsed, however ndvduals should
ensure that they are notied with the
iCO, famlar wth the DPA and encrypt
the data adequately.
Usefu lnks
intercoegate elogbook Termsan Contons:
www.elogbook.org/ste/2903/default.aspx
How to notfy the informaton
Commissioners Ofce:
www.co.gov.uk/for_organsatons/data_
protection/notication.aspx
Assococaton of Surgeons webste:
www.asit.org and @ASiTOfcial on Twitter
APPLYTO
DAY
MSc in Translational
Cardiovascular Medicine
A distance e-learning programme (full time: one year, part time: two years) delivered byclinicians and scientists and designed to appeal to a wide range of students.
It includes three two-week residential workshops, which will be held in Bristol, United
Kingdom, for hands-on experience and assessments.
For more information, visit:www.bris.ac.uk/prospectus/postgraduate/2013or email Professor Sarah Jane George:[email protected]
240
http://www.elogbook.org/site/2903/default.aspxhttp://www.ico.gov.uk/for_organisations/data_http://www.asit.org/http://www.bris.ac.uk/prospectus/postgraduate/2013http://www.bris.ac.uk/prospectus/postgraduate/2013http://www.asit.org/http://www.ico.gov.uk/for_organisations/data_http://www.elogbook.org/site/2903/default.aspx