Authors: Michael Devlin
Publication date: 14 Feb 2017
When using patient case histories, it’s important to think about whether details make the case identifiable, as the MDU’s Michael Devlin explains
Case studies and personal reflections can be a valuable educational tool, whether for your own practice or to enhance understanding more widely. But it’s important to take a cautious approach to avoid inadvertently breaching patient confidentiality.
Last year, a hospital trust apologised to a family who recognised their relative in a case study about the unusual condition that had apparently caused his death. In another case, a trainee doctor agreed to the release of their detailed written reflections about a significant event but it has been reported that this material was later used against the trainee in court.
These incidents show what can go wrong when doctors inadvertently disclose identifiable information about a patient in a case study or their training records. It highlights the risks of what the Information Commissioner’s Office (ICO) calls “re-identification.” This is where an individual or a group already knows about the subject of a case study, perhaps because they are a family member or colleague, and are therefore able to identify them, even though an ordinary member of the public or an organisation could not.
The General Medical Council recognises that using patient information for research, epidemiology, education, and training can serve the public interest. It emphasises that doctors have an ethical duty to take part in systems of quality assurance, including regular reflection on their standards of practice and the care they provide.
But the GMC’s latest confidentiality guidance, which comes into effect in April 2017, also makes clear that doctors “must anonymise information in training records and case studies as far as it is possible to do so.” It stresses that “simply removing the patient’s name, age, address, or other personal identifiers is unlikely to be enough to anonymise information” to the standards required by the ICO in its anonymisation code of practice.
The ICO considers data to be anonymised if it “does not itself identify any individual and is unlikely to allow any individual to be identified through its combination with other data.”
Getting patient consent
If it is difficult to anonymise material and retain enough detail for it to be useful, or if it is necessary to include identifiers to allow a record to be audited, the GMC says you should seek the patient’s consent. If this is not practicable the GMC draws a distinction between a training record that “will be kept securely” and managed in line with data protection requirements, and information “that is likely to be more widely accessible,” such as a case study in a journal.
For the former, it should be possible to include the information, provided you have removed as many identifiers as you can. Otherwise, you should usually only use the information with the patient’s explicit and informed consent.
When seeking consent from the patient (or someone with legal authority to act for them), you must describe the information you plan to disclose, indicate who will have access to it, and how it will be used. You still need to remove as many identifiers as you can and only use the information for this purpose. A patient’s refusal should be respected.
Remember that your duty of confidentiality continues after the patient’s death. Respect any instructions left by the deceased patient but if there are none, the GMC says that you should take into account the following: whether the disclosure is likely to cause distress to their family; whether the material would identify a third party; whether the information is already public knowledge or can be anonymised or de-identified; and the purpose of the disclosure.
Tips on anonymisation
The following tips should help you avoid the pitfalls when anonymising cases:
Avoid referring to the patient’s gender—use neutral pronouns such as they/their/theirs instead
Rather than saying exactly how old a patient is, give a broad indication of age: “a patient in their 60s,” for example. Dates of birth are identifiable and should not be used
If you need to refer to a particular patient or colleague, don’t use their initials but use a single letter unconnected with their name, for example “Patient X”
Take particular care when writing about rare conditions or unusual presentations that might easily identify the patient
Even if you take steps to ensure anonymisation, remember that the combination of published information could be enough to identify a patient or someone close to them, especially to anyone familiar with one or two details
Beware of discussing cases on social media, even in online forums for doctors only. It is safest to avoid doing so. It’s easy to drop your guard if you think you are communicating with colleagues but the information may be seen by others or shared more widely
If you cannot remove identifiable details without defeating the purpose, you should usually ask for the patient’s informed consent and respect their decision if they refuse
If it is impossible to seek consent as the patient cannot be traced, you can still publish the case if you are satisfied that it is in the public interest but you should take independent legal advice and record what you disclosed, your reasons, and the advice you received
Seek advice from your medical defence organisation if you are unsure about your duty of confidentiality.
Competing interests: I have read and understood the BMJ policy on declaration of interests and declare that I have no competing interests.
- Wythenshawe Hospital. “Bagpipe lung” case study inquiry launched. 2016. [Link] .
- Health Education England. Position statement on trainees’ written reflections. 2016. [Link] .
- Information Commissioner’s Office. Anonymisation. 2012. [Link] .
- General Medical Council. Confidentiality: disclosing information for education and training purposes. 2017. [Link] .
Michael Devlin Medical Defence Union