Disclosure of confidential information for research
Where research involves the use of patient information without their consent, the Human Research Ethics Application (HREA) must include a request to the HREC for a waiver of consent and a lawful authorisation to disclose confidential information without patient consent must be established during the research governance review process.
Waiver of consent
Where research involves the use of confidential information without patient consent, the Human Research Ethics Application (HREA) must include a request to the HREC for a waiver of consent. The HREA and the research protocol must clearly outline the justification for the waiver of consent according to Chapter 2.3 Qualifying or waiving conditions for consent of the National Statement.
Lawful authorisation
A lawful authorisation to disclose confidential information without patient consent must be established during the research governance review process. All requests for disclosure of confidential information without patient consent require evidence of data custodian approval.
The research protocol and any associated data management plan should detail the requested disclosure of confidential information, with clear alignment to the justification for the waiver of consent provided in the HREA.
Section 150 Permission
The Hospital and Health Boards Act 2011 (HHBA) Section 150 provides for the disclosure of confidential information for the purposes of evaluating, managing, monitoring or planning health services.
These provisions are only applicable for disclosures from one designated person to another designated person. In most cases, a designated person refers to a Queensland Health employee, however the full definition of a designated person is provided in the HHBA Section 139A Meaning of a designated person.
While Section 150 of the HHBA does not specifically refer to research, this provision may apply in limited circumstances to research related to evaluating, managing, monitoring or planning health services that is undertaken by a designated person in their capacity as a designated person.
Applications for disclosure of confidential information via Section 150 will require evidence of data custodian approval. Each Metro North Health site has their own data custodian. A copy of the signed data custodian check list is required to be submitted with the research governance application.
Public Health Act (PHA) Approval
The Public Health Act 2005 (PHA) Chapter 6 Part 4 Research outlines provisions for the disclosure of confidential information without consent from the individual to whom the research relates.
Researchers applying for access to identifiable or potentially re-identifiable information held by Queensland Health where patient consent has not been obtained may be required to submit a PHA application for approval by the Director General of Queensland Health.
A data custodian may also request a PHA approval is granted before disclosing any confidential information.
A copy of the PHA approval letter is required to be submitted with the research governance application.
NHMRC guidelines under section 95 of the Privacy Act 1988
Section 95 of the Privacy Act 1988 (Cth) provides a process that acknowledges that in some circumstances the right to privacy must be weighed against justifiable interests that may benefit society as a whole.
The conduct of medical research can be one of these circumstances. Section 95 of the Privacy Act allows the NHMRC, with approval of the Federal Privacy Commissioner, to issue guidelines for the protection of privacy in the conduct of medical research.
To approve a proposal, the HREC must decide that the public interest in the research outweighs, to a substantial degree, the public interest in the protection of privacy.
Queensland Civil and Administrative Tribunal
For patients who cannot consent for themselves, but are eligible to participate in clinical trials, it is a requirement to seek QCAT approval for the study before it commences.
Data custodian approval
All requests to use confidential information without patient consent require evidence of data custodian approval. In general, data custodians are responsible for either Hospital and Health Service (HHS) or individual Hospital level data, or State-wide or Queensland Health level data.
Metro North Health Data Custodians
Each Metro North facility has their own data custodian. Queensland Health staff can find more information below:
Queensland Health data custodians
The Office of Research and Innovation, Clinical Planning and Service Strategy maintain a Data Custodian contact list for research applications made in accordance with Chapter 6 Part 4 of the Public Health Act 2005.
Health Informatics Services maintain a list of approved Queensland Health data and application custodians for applications. This can be accessed by Queensland Health staff via QHEPS.
Statistical Services Branch
The Statistical Services Branch (SSB) collects, processes, analyses and disseminates statistics on the health of Queenslanders and their use of health services. SSB is the Data Custodian for the following data collections:
- Queensland Hospital Admitted Patient Data Collection (QHAPDC)
- Perinatal Data Collection (PDC)
- Registry of Births, Deaths and Marriages data
- Queensland Trauma Registry (QTR)
- Queensland Health Non-Admitted Patient Data Collection (QHNAPDC)
SSB also offers a data linkage service to researchers and Queensland Health staff for approved projects.
Related Information
Pre-approval planning
The design and conduct of high quality research benefits from comprehensive planning for all stages of the research lifecycle.