Skip to main content

Part of A guide to confidentiality in health and social care: references

Section 16: Legislation that controls confidential information disclosures

Previous Chapter

Section 15

Current Chapter

Current chapter – Section 16: Legislation that controls confidential information disclosures

View all

Next Chapter

Section 17

There is a wide range of legislation that impacts upon the way that information is used and shared. This is clearly an evolving picture and the HSCIC will endeavour to maintain an up-to-date reference guide. At the present time the most complete guide is the DH publication: NHS Information Governance Guidance on Legal and Professional Obligations

Whilst this guidance covers a large proportion of the legislation that controls information disclosure, for specialist areas not covered in this guidance, organisations should seek legal advice.

Section 251 of the NHS Act 2006 support

A specific example of legislation that controls confidential information disclosures is Section 251 of the NHS Act 2006 which allows sharing of confidential information in the ‘public interest.’ It sets a high threshold (but lower than the public interest test) before the duty of confidentiality can be set aside for the purposes of research, audit and other important activities not directly associated with care.

This application process is very rigorous and is managed by the Confidentiality Advisory Committee (CAG). Applicants must demonstrate that the aim of the processing is in the public interest, that anonymised information could not be used to achieve the required results, and that it would be impractical - both in terms of feasibility and appropriateness - to seek specific consent from each individual affected. For research, the approval of a Research Ethics Committee is also needed. The test is one of necessity, not convenience.

The powers under the section 251 regulations only provide relief from the common law duty of confidence. Any activity taking place with the support of section 251 must still comply in full with the Data Protection Act. For example, there must be a clear purpose rather than a fishing expedition for what can be found. The CAG also needs to be certain that appropriate processes are in place to ensure the confidential information is handled responsibly and securely

Last edited: 17 January 2022 1:46 pm

Previous Chapter

Section 15

Next Chapter

Section 17

Chapters

  1. A guide to confidentiality in health and social care: references
  2. Section 1: The information governance review
  3. Section 2: The common law of confidentiality and consent
  4. Section 3: The Data Protection Act 1998
  5. Section 4: Human Rights Act provisions
  6. Section 5: Professional regulators’ guidance
  7. Section 6: Record-keeping best practice
  8. Section 7: Sharing information for direct care
  9. Section 8: Carers, family members and friends
  10. Section 9: Safeguarding
  11. Section 10: Using health and social care information –direct care and indirect care purposes
  12. Section 11: Privacy Impact Assessments
  13. Section 12: Anonymisation guidance
  14. Section 13: Accredited Safe Havens
  15. Section 14: Data sharing contracts and agreements
  16. Section 15: The Health and Social Care Information Centre’s powers under the Health and Social Care Act 2012
  17. Section 16: Legislation that controls confidential information disclosures
  18. Section 17: Information security management
  19. Section 18: Objections to sharing
  20. List of key documents
  21. Glossary