Consent, patient data and registries

Disease or patient registries are collections of data related to patients with a specific diagnosis, condition, or procedure. They play an important role in research and post marketing surveillance of pharmaceuticals and their effect on people’s conditions. Developing patient data with consent is crucial for a succesful registry.

For the most part registries are collections of data that are sent from health care systems, usually hospitals, directly into databases and often under section 251 of the NHS act 2006. The ability for registries to rely on Section 251 is however becoming increasingly difficult, particularly as the aspirations of the registries themselves, and those that seek to use registry data, develop at pace.

This area is becoming increasingly interesting as there are now scaled opportunities to move away from a reliance on Section 251 and move to a model in which patients are fully consented to take part in registries. Why is this interesting? Because it allows the data to be fully identifiable, provides opportunities to link different datasets together more easily and allows patients to be contactable. This presents myriad of opportunities to connect real world data to registries and starts to really find out the effects of interventions, medications and treatments on patients’ lives.

If we go back to the debacle, NHS England wanted to find ways in which to utilise the data held within the NHS for research but failed spectacularly in executing their intention. After the project was rolled up NHS England said that they “remain absolutely committed to realising the benefits of sharing information” to improve patient care. This of course is the right thing to do and this can still be achieved with pseudonymised and anonymised data bases but where possible let’s ask patients!

A core principle of collecting and using data is consent. In the context of health data, there are two legal requirements in particular that need to be fulfilled: Privacy law (primarily the Data Protection Act 2018 and the General Data Protection Regulation) and the Common Law Duty of Confidentiality (CLDC). Both legal requirements need to be met in order for patient data to be lawfully processed within a registry. The challenge for registries is collecting valid consent from sufficient numbers of individuals in a manner which meets the requirements of both privacy and confidentiality law, and then continuing to uphold and respect the ongoing rights of patients that have chosen to provide their consent.

We have been spending time drawing data flow Architecture diagrams with the 8foldGovernance team in collaboration with some of the national registries to help them understand how to utilise personal health records and other data collection platforms to allow patients to consent (or not) to data being used in registries that will ultimately improve evidence-based medicine.


Digital relationships

If you have a digital relationship with patients and provide the means then the patients can provide their consent for their data to be used, they can consent to be contacted for further research, they can chose to connect their wearable devices (such as activity monitors or smart watches) to their data stream or wear more specialist devices that provide real time vital signs to research trails.

There are a number of companies leading the way in the UK and part of our remit at 8fold is to promote the developing ecosystems between the best of breed companies. To those ends we work with leaders like Mohamad Al Ubaydli the CEO of Patients Know Best who are leading the way with the UK personal health record market. They have designed a Personal Health Record (PHR) with a full consent layer that allows patients to dial up and dial down their consents around who has access to their data, what it can be used for, as well as an agnostic approach to connecting other applications and devices to the patient’s own record.

We have brokered partnerships for PKB, HealthUnlocked, Ampersand, Current Health and VitaAccess as well as supported some of them with their governance and are super excited to be starting work with national registries to support their governance, strategy and implementation.

The goal here is consented data flow architecture! How can we get as much of the data as possible to be as connected as possible, whilst ensuring that people are fully empowered and informed to allow or restrict it from being used. The charities and patient organisations have a key role to play in being the honest brokers in these relationships and it is they that the 8fold team seek to work with. We are uniquely placed to help interpret the technology landscape, who the best companies are to work with, and then support with the information governance that underpins the work.

We will keep blogging in this series and take a deeper dive into how some of the companies mentioned here manage consent for their platforms and devices and how that supports registries and good governance as we move forward with this work.

It is a genuinely exciting time to be around this work. HDRUK seem to be stimulating (and funding) these workstreams in a really effective way and the 8fold team will be working hard to help the UK digital health economy thrive by promoting partnerships, strategy and implementation and providing expert governance services to underpin.


Lyndon Johnson –  Founder at 8FoldGovernance

Lyndon Johnson


Leave a Reply

Your email address will not be published.