Skip to content
8foldgovernance master
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • +44 (0)1273 569172
Book a Call

← From our blog

Consent, patient data and registries

  • Published: March 7, 2020
  • Category: Industry Insights

Share this post

8fold logo
8fold

Share this post

Disease or patient registries are collections of data related to patients with a specific diagnosis, condition, or procedure. They play an important role in research and post marketing surveillance of pharmaceuticals and their effect on people’s conditions. Developing patient data with consent is crucial for a succesful registry.

For the most part registries are collections of data that are sent from health care systems, usually hospitals, directly into databases and often under section 251 of the NHS act 2006. The ability for registries to rely on Section 251 is however becoming increasingly difficult, particularly as the aspirations of the registries themselves, and those that seek to use registry data, develop at pace.

This area is becoming increasingly interesting as there are now scaled opportunities to move away from a reliance on Section 251 and move to a model in which patients are fully consented to take part in registries. Why is this interesting? Because it allows the data to be fully identifiable, provides opportunities to link different datasets together more easily and allows patients to be contactable. This presents myriad of opportunities to connect real world data to registries and starts to really find out the effects of interventions, medications and treatments on patients’ lives.

If we go back to the care.data debacle, NHS England wanted to find ways in which to utilise the data held within the NHS for research but failed spectacularly in executing their intention. After the project was rolled up NHS England said that they “remain absolutely committed to realising the benefits of sharing information” to improve patient care. This of course is the right thing to do and this can still be achieved with pseudonymised and anonymised data bases but where possible let’s ask patients!

A core principle of collecting and using data is consent. In the context of health data, there are two legal requirements in particular that need to be fulfilled: Privacy law (primarily the Data Protection Act 2018 and the General Data Protection Regulation) and the Common Law Duty of Confidentiality (CLDC). Both legal requirements need to be met in order for patient data to be lawfully processed within a registry. The challenge for registries is collecting valid consent from sufficient numbers of individuals in a manner which meets the requirements of both privacy and confidentiality law, and then continuing to uphold and respect the ongoing rights of patients that have chosen to provide their consent.

We have been spending time drawing data flow Architecture diagrams with the 8foldGovernance team in collaboration with some of the national registries to help them understand how to utilise personal health records and other data collection platforms to allow patients to consent (or not) to data being used in registries that will ultimately improve evidence-based medicine.

 

Digital relationships

If you have a digital relationship with patients and provide the means then the patients can provide their consent for their data to be used, they can consent to be contacted for further research, they can chose to connect their wearable devices (such as activity monitors or smart watches) to their data stream or wear more specialist devices that provide real time vital signs to research trails.

There are a number of companies leading the way in the UK and part of our remit at 8fold is to promote the developing ecosystems between the best of breed companies. To those ends we work with leaders like Mohamad Al Ubaydli the CEO of Patients Know Best who are leading the way with the UK personal health record market. They have designed a Personal Health Record (PHR) with a full consent layer that allows patients to dial up and dial down their consents around who has access to their data, what it can be used for, as well as an agnostic approach to connecting other applications and devices to the patient’s own record.

We have brokered partnerships for PKB, HealthUnlocked, Ampersand, Current Health and VitaAccess as well as supported some of them with their governance and are super excited to be starting work with national registries to support their governance, strategy and implementation.

The goal here is consented data flow architecture! How can we get as much of the data as possible to be as connected as possible, whilst ensuring that people are fully empowered and informed to allow or restrict it from being used. The charities and patient organisations have a key role to play in being the honest brokers in these relationships and it is they that the 8fold team seek to work with. We are uniquely placed to help interpret the technology landscape, who the best companies are to work with, and then support with the information governance that underpins the work.

We will keep blogging in this series and take a deeper dive into how some of the companies mentioned here manage consent for their platforms and devices and how that supports registries and good governance as we move forward with this work.

It is a genuinely exciting time to be around this work. HDRUK seem to be stimulating (and funding) these workstreams in a really effective way and the 8fold team will be working hard to help the UK digital health economy thrive by promoting partnerships, strategy and implementation and providing expert governance services to underpin.

 

 

We’re the experts that have your back.

Let us help you find a route from from where you are, to where you need to go. We’re here to help.

Book a Call with our Expert Team

Other Articles​

Loading...
Title graphic reading 'ISO 14971 and DCB0129: Alignment over Duplication'

ISO 14971 and DCB0129: Alignment over Duplication

Read More →

May 6, 2026
HoplonAI

8foldGovernance & HoplonAI Partner to Safeguard the AI Generation of Healthcare Innovation

Read More →

April 2, 2026
Title graphic reading 'Digital Mental Health: Inclusion by Design' with a team meeting photo background

Digital Mental Health: Inclusion by Design

Read More →

December 29, 2025
8foldgovernance master

+44 (0) 1273 569172

info@8foldgovernance.com

SERVICES

  • AI Governance
  • Medical Device Registration
  • ISO Compliance
  • Full DTAC Support
  • Information Governance
  • Clinical Safety
  • Data Security & Protection
  • CQC Services
  • Cyber Security
  • 8foldTraining

LINKS

  • Contact
  • About
  • Meet The Team
  • Blog
  • Join Us
  • Case Studies
  • Charity Work
  • Partnerships
  • FAQs
DSPT Data Security And protection Toolkit 8Fold
Information Governance Badge 8 Fold
NPSORE
ABHI Member

 © 2026 8fold | Privacy Policy | Cookie Policy | Terms & Conditions

X We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Read More ACCEPT Cookie settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Save & Accept