Using routinely collected health data for surveillance, quality improvement and research: Framework and key questions to assess ethics, privacy and data access

Simon de Lusignan, Harshana Liyanage, Concetta Tania Di Iorio, Tom Chan, Siaw-Teng Liaw


Background The use of health data for public health, surveillance, quality improvement and research is crucial to improve health systems and health care. However, bodies responsible for privacy and ethics often limit access to routinely collected health data. Ethical approvals, issues around protecting privacy and data access are often dealt with by different layers of regulations, making approval processes appear disjointed.

Objective To create a comprehensive framework for defining the ethical and privacy status of a project and for providing guidance on data access.

Method The framework comprises principles and related questions. The core of the framework will be built using standard terminology definitions such as ethics-related controlled vocabularies and regional directives. It is built in this way to reduce ambiguity between different definitions. The framework is extensible: principles can be retired or added to, as can their related questions. Responses to these questions should allow data processors to define ethical issues, privacy risk and other unintended consequences.

Results The framework contains three steps: (1) identifying possible ethical and privacy principles relevant to the project; (2) providing ethics and privacy guidance questions that inform the type of approval needed; and (3) assessing case-specific ethics and privacy issues. The outputs from this process should inform whether the balance between public interests and privacy breach and any ethical considerations are tipped in favour of societal benefits. If they are then this should be the basis on which data access is permitted. Tightly linking ethical principles to governance and data access may help maintain public trust.


confidentiality; jurisprudence; patient data privacy; patient rights; public health surveillance; research ethics

Full Text:



OECD, Health Data Governance: Privacy, Monitoring and Research, OECD Health Policy Studies, Paris: OECD Publishing, 2015. Available from Accessed on 20 Nov 2015.

Liaw ST and Tam CW. Research ethics and approval process: a guide for new GP researchers. Australian Family Physician 2015;44(6):419–22.

de Lusignan S, Chan T, Theadom A and Dhoul N. The roles of policy and professionalism in the protection of processed clinical data: a literature review. International Journal of Medical Informatics 2007;76(4):261–8.

Cayton H and Denegri S. Is what’s mine my own? Journal of Health Services Research and Policy 2003;8(Suppl 1):33–5.

Liyanage H, Krause P and de Lusignan S. Using ontologies to improve semantic interoperability in health data. Journal of Innovation in Health Informatics 2015;22(2):309–15.

Koepsell D, Arp R, Fostel J and Smith B. Creating a Controlled Vocabulary for the Ethics of Human Research: Towards a Biomedical Ethics Ontology. Journal of Empirical Research on Human Research Ethics 2009;4(1):43–58. http://dx.doi:10.1525/jer.2009.4.1.43.

European Union. EU Directive 95/46/EC – The Data Protection Directive. Available from Accessed on 20 Nov 2015.

Australian Privacy Principles. Available from Accessed on 20 Nov 2015.

Malin B, Loukides G, Benitez K and Clayton EW. Identifiability in biobanks: models, measures and mitigation strategies. Human Genetics and Embryology 2011;130(3):383–92.

Di Iorio CT, Carinci F, Brillante M, Azzopardi J, Beck P and Bratina N et al. Cross-border flow of health information: is ‘privacy by design’ enough? Privacy performance assessment in EUBIROD. European Journal of Public Health 2013;23(2):247–53.

Faden RR, Kass NE, Goodman SN, Pronovost P and Tunis S et al. An ethics framework for a learning health care system: a departure from traditional research ethics and clinical ethics. The Hastings Center Report 2013;S16–27.

Babu GR, Tn S, Bhan A, Lakshmi JK and Kishore M. An appraisal of the tuberculosis programme in India using an ethics framework. Indian Journal of Medical Ethics 2014;11(1):11–5.

Willison DJ, Ondrusek N, Dawson A, Emerson C, Ferris LE and Saginur R et al. What makes public health studies ethical? Dissolving the boundary between research and practice. BMC Medical Ethics 2014;15:61.

Tangwa GB. Ethical principles in health research and review process. Acta Tropica 2009;112(Suppl 1):S2–7.

T.L. Beauchamp and J.F. Childress. Principles of Biomedical Ethics, fourth edition. New York: Basic Books, 1994.

Thompson AK, Faith K, Gibson JL and Upshur RE. Pandemic influenza preparedness: an ethical framework to guide decision-making. BMC Medical Ethics 2006;7:E12.

Lowrance W. Learning from experience: privacy and the secondary use of data in health research. Journal of Health Services Research and Policy 2003 Jul;8 (Suppl 1):2–7.

de Lusignan S, Cashman J, Poh N, Michalakidis G, Mason A and Desombre T et al. Conducting requirements analyses for research using routinely collected health data: a model driven approach. Studies in Health Technology and Informatics 2012;180:1105–7.

Kuchinke W, Ohmann C, Verheij RA, van Veen EB, Arvanitis TN and Taweel A et al. A standardised graphic method for describing data privacy frameworks in primary care research using a flexible zone model. International Journal of Medical Informatics 2014;83(12):941–57.

Jacobson I, Grady B and James R. The unified Software Development Process. Boston: Addison-Wesley, 1999;1.



  • There are currently no refbacks.

This is an open access journal, which means that all content is freely available without charge to the user or their institution. Users are allowed to read, download, copy, distribute, print, search, or link to the full texts of the articles in this journal starting from Volume 21 without asking prior permission from the publisher or the author. This is in accordance with the BOAI definition of open accessFor permission regarding papers published in previous volumes, please contact us.

Privacy statement: The names and email addresses entered in this journal site will be used exclusively for the stated purposes of this journal and will not be made available for any other purpose or to any other party.

Online ISSN 2058-4563 - Print ISSN 2058-4555. Published by BCS, The Chartered Institute for IT