Indemnity and GDPR
Clinical negligence arising during the course of research is covered by the introduction of the Clinical Negligence Scheme for primary Care (CNSGP). This scheme brings clarity around the indemnity provision for research in primary care. For example, the new scheme would cover a doctor if he / she were to misread a dose of a trial drug and end up giving too much to the patient resulting in causing harm to the patient.
Any risk from the design of the clinical study, or if the patient comes to harm from the study despite the protocol being followed with no errors, is covered by trial sponsor’s indemnity. The Clinical Research Network checks for evidence that the trial sponsor has indemnity before the study is sent out to practices.
The progress that the new process brings is excellent news and removes uncertainties around research indemnity and also confirms that additional indemnity cover for research from the Medical Defence Organisation is not required.
With this reassurance we can deliver more research in primary care safe in the knowledge that indemnity is provided for the research activity we undertake. General Data Protection Regulation (GDPR) and Research
GDPR has implications for practices who wish to take part in research where patient data is to be utilised or extracted. However, GDPR has regulations that allow both academic research bodies and commercial research companies to utilise data providing that data protection principles are met.
Advantages/Disadvantages for GP & Research Teams from Using Data:
Provides real world evidence for trial data!
More automated so less workload for practices and less reliant on staff members; allowing the opportunity for more practices to take part.
Data breaches which can lead to fines
Breakdown in trust between patients and the practice
To mitigate against the above risks it is important that, for any trial that involves data extraction;
The practice needs to ensure that they display on their website/notice board that research is taking place using data and MUST stipulate patients can opt out, and also have a privacy statement which explains the process of doing so.
If you have a Data Protection Officer (DPO), involve them early on to liaise with the trial team. They will review the data protection impact assessment (DPIA) from the trial team to ensure it is GDPR compliant and give their approval to say it is above board.
Please note that NOT all studies will need to be reviewed with a Data Protection Officer:
For instance, PIC (Patient Identification Centre Studies) only require a practice to identify and communicate study opportunities with eligible patients. Patient consent is taken by the study team directly. The practice would not be required to provide any patient data.
Research data-link organisations such as The Oxford RCGP Research Surveillance Centre and Clinical Practice Research Datalink CPRD are GDPR compliant.
Please check with organisations directly and they can provide you with further details on request.
Further Reading:
ICO advice: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/ | https://sites.google.com/nihr.ac.uk/pcresearchtoolkit/get-involved/indemnity-gdpr
Big Data Advice about data sharing from ICO: https://ico.org.uk/media/for-organisations/documents/2013559/big-data-ai-ml-and-data-protection.pdf
This is an excellent report on GP views about data sharing: http://understandingpatientdata.org.uk/news/new-research-primary-care-professionals-views-use-health-data