Ensuring Confidentiality

It is important to reassure the public and governance bodies that any data held by research organisations is treated with the highest regard to confidentiality. Organisations should be transparent about their activities in this area, ensuring that relevant policies are easily accessible and implemented.


Organisational IT policy

Data that could possibly identify an individual needs to be kept securely with restricted access. The Confidentiality Advisory Group (CAG) of the Health Research Authority (HRA) ensures that any project which receives Section 251 approval has appropriate IT security in place.  It is good practice for all organisations that hold identifiable data to have an appropriate IT security policy and ensure that it is well disseminated and adhered to. 


Research staff working with identifiable data

Research staff need to be aware of their duty of confidence when working with identifiable data, and employing organisations should treat any breaches in confidentiality as serious matters. Employers should ensure that there are transparent measures in place to promote the importance of confidentiality and initiate disciplinary procedures should confidentiality be breached. This can be achieved through employment contracts, and for individual studies by ensuring all relevant staff sign a confidentiality letter or agreement.

Example staff confidentiality letters and agreements have been produced by the MRC Lifecourse Epidemiology Unit, Southampton.


Information Governance Toolkit

NHS Digital has a tool to help NHS organisations increase awareness and develop policies and guidance in this area. The Information Governance Toolkit looks at information governance in its widest sense for NHS organisations.