Ensuring Confidentiality
It is important to reassure the public and governance bodies that any data that is held by research organisations is treated with the highest regard to confidentiality. Organisations should be transparent about their activities in this area, ensuring that relevant policies are are easily accessible and implemented.
Organisational IT policy
Data that could possibly identify an individual needs to be kept securely with restricted access. The National Information Governance Board for Health and Social Care (NIGB) ensure that any project that receives Section 251 approval (formerly Section 60 approval) has an appropriate IT policy in place. A template for such a policy has been produced by NIGB. It is good practice for all organisations that hold identifiable data to have such a policy and ensure that it is well disseminated and adhered to.
Research staff working with identifiable data
Research staff need to be aware of their duty of confidentiality when working with identifiable data, and employing organisations should treat any breaches in confidentiality as serious matters. Employers should ensure that there are transparent measures in place to promote the importance of confidentiality and initiate disciplinary procedures should confidentiality be breached. This can be achieved through employment contracts, and for individual studies by ensuring all relevant staff sign a confidentiality letter or agreement.
Template confidentiality letter and agreements have been produced by MRC Epidemiology Resource Centre, Southampton.
Information Governance Toolkit
Connecting for Health has developed a tool to help NHS organisations increase awareness and develop policies and guidance in this area. This tool looks at information governance in its widest sense for NHS organisations, and many areas are relevant for a research organisation that holds identifiable data. A lot can be learned from the approach taken in the Information Governance Toolkit, as it promotes awareness and self-improvement in managing information governance.
