Young people aged 16 or 17 are presumed to be competent to consent for treatment on their own behalf. The Family Law Reform Act 1969, section 8(1), states that a child aged 16 or 17 can consent to treatment and such consent shall be as effective as that of an adult. Again, this could be presumed in the case of therapeutic research, however the common law is unclear, particularly in the context of research that will not benefit the young person.
Are the consent materials sufficient?
For the avoidance of doubt, this standard deals with consent in the context of meeting the duty of confidentiality, which is separate and in addition to the need for a lawful basis in GDPR. Usually an application for NHS Digital data will not utilise consent under GDPR (i.e. Art 6(1)(a) &/or Art 9(2)(a)) but if it does so then the consent should be reviewed in line with published detailed guidance from the ICO.
Where the applicant is relying on consent as the basis in data protection legislation for processing and has met the requirements for consent, it will be taken that the consent material also meets the standard required in respect of the duty of confidentiality.
Many longitudinal studies are based on a consent standard which has now been superseded by modern best practice. It must be recognised that consent is an ongoing process and the law is developed by decided cases, with the consequence that even if a particular consent statement is deemed adequate today, it may later be found to be insufficient due to changes in the fact of what is being done with the data, or in light of subsequent legal decisions including:
- Supreme Court case in 2015 moved the test for consent for treatment from the so-called Bolam test. The Justices said that the doctor has a duty to “take reasonable care that the patient is aware of any material risks … The test of materiality is whether, in the circumstances of the particular case, a reasonable person in the patient’s position would be likely to attach significance to it” Montgomery v Lanarkshire Health Board  SC 11  1 AC 1430. The focus on “this particular patient” is key; a material risk to one person may not be to another
- the Court of Appeal in WXY&Z v SSH  EWCA Civ 1034 at para 26 stated the test as to whether the disclosure breached the common law rights to privacy and confidentiality involves the question as to whether the reasonable person of ordinary sensibilities had a reasonable expectation of privacy in relation to the information
Applications with amended or additional data flows or substantive changes to the purposes of a study that could not have been foreseen by the data subject at the time of original consent will need to consider the duty of confidentiality. When considering whether the consent materials provide adequate information about the nature and purpose of the proposed use of their data, a good approach is to adopt the Caldicott concept that there should be ‘no surprises’ for the individual.
For example, in a consented research study there is, generally, the opportunity to inform participants about the research activities and data uses, which may lead to the expectation that there should be a relatively narrow interpretation of what activities might be inferred to be included within any consent given, that is the consent should be relatively specific and explicit about the processing activities. Medicines for Human Use (Clinical Trials) Regulations 2004 Schedule 1 para 3(1) describes the requirements for consent for clinical trials, which must be freely given after that person is informed of the nature, significance, implications and risks of the trial. It is recognised that in some cases, consent is relatively broad, and this is potentially acceptable, as long as the research participants have been adequately informed of the nature and purposes of the processing, and in particular the associated risks. See Appendix 1 which describes some of the questions that the Health Research Authority (HRA) advises researchers should ask themselves about the risk to confidentiality when developing their consent materials.
Appendix 2 lays out a (non-exhaustive) list of matters that might be considered in forming an opinion about whether consent is sufficient to allow the confidential patient information to be used as laid in the application. The following references may also be helpful: