Freedom of Information Requests
It is possible that your clinical ethics service will receive a freedom of information (FOI) request, which (for example) asks the service to disclose the minutes of its meetings. Here we outline how you might respond to such a request, in light of the legal considerations.
Although we seek to summarise the legal position below, this is not formal legal advice. We initially summarise some key points, before explaining these in more detail.
Summary of key points:
The clinical ethics service receiving a FOI request should seek advice and support from within the organisation
The clinical ethics service should be aware that there is a presumption in favour of disclosure. Disclosure should therefore be made unless an exception applies. The main exceptions are outlined below:
- The clinical ethics service should avoid disclosing information that would mean a patient can be identified, even indirectly (for example, if anonymised information can be put together with other information in such a way that the patient can be identified)
- The clinical ethics service should avoid disclosing information that is confidential
- In some circumstances, the Chief Executive of the public authority can certify, as part of a reasoned opinion on reasonable grounds, that disclosure would be likely to inhibit the free and frank provision of advice, the free and frank exchange of views for the purposes of deliberation, or would otherwise be likely to prejudice the effective conduct of public affairs
The clinical ethics service may wish to prepare an annual report to the organisation that contains disclosable information (such as membership, general activities, governance) and, separately, more sensitive information that can and should be redacted and/or anonymised before it is shared
Freedom of Information
- Seek advice and support from within the organisation. If your clinical ethics services receives a FOI request, UKCEN advises that you discuss this with the relevant experts in your organisation (such as the organisation’s legal team).
- Presumption in favour of disclosure. UKCEN understands that all information held by public authorities will potentially be disclosable under the Freedom of Information Act 2000 (“the 2000 Act”). As such, the information relating to clinical ethics services that is held by NHS organisations will potentially be disclosable. The 2000 Act suggests there is a presumption in favour of disclosing such information, unless an exception applies.
- Disclosure should be made unless an exception applies. Although there is a presumption in favour of disclosure, the extent of the information that can be released will need to be considered carefully. As a rule of thumb, the main issue to address is what information can safely be released into the public domain. This test has to be filtered through the various exemptions that are likely to be relevant. The exceptions likely to be most relevant to clinical ethics services are summarised below.
- Do not disclose patient identifiable information. According to the 2000 Act (sections 40(2), (3A), (5A) and (5B)), the personal data of third parties is exempt from disclosure if the disclosure would result in a breach of the data protection principles under the GDPR, covered by the Data Protection Act 2018. Given the nature of healthcare information, virtually any release of patient identifiable information will be a breach of the data protection principles. Even confirming or denying whether information in relation to a specific patient was held could be a breach of the GDPR. This does not mean that all information requests can be refused, as case law indicates that information can still be disclosed if it is in an anonymised form. Thus, any information that could be released – without identifying the individual patient – can and should be released. However, this is a complex issue, as we explore further in the next point.
- Disclose anonymised information provided it cannot lead to “jigsaw identification”. The law indicates that information can be released only if the identification of an individual is reasonably impossible once the information is in the public domain. “Jigsaw identification” is when various pieces of information can be put together to reveal the identity of a person. A clinical ethics service should take care to ensure that the anonymised information it releases cannot be put together with other information in such a way that a patient’s identity will be revealed. The risk of jigsaw identification might be especially high in cases involving patients with rare conditions. Clinical ethics services should therefore redact minutes to ensure that identification of patients is reasonably impossible. If a request is received for the minutes of a meeting concerning a specific case, the service should probably respond “neither confirm nor deny” – unless the person requesting access is the patient themselves, in which situation, the request should be treated as a subject access request (further advice on subject access request is available from the Information Commissioner’s Office, here).
- Do not disclose confidential information. Section 41 of the 2000 Act covers confidential information. It applies when information has been received from another and disclosure would result in an actionable breach of confidence. A clinical ethics service may (for example) receive such confidential information from the patient or, in some circumstances, from another healthcare organisation. Such information should not be disclosed, although the points above about anonymisation will also apply here. In other words, sufficiently anonymised information will not be regarded as confidential, although care should still be taken to avoid “jigsaw identification”.
- The Chief Executive of the public authority may prevent disclosure in some specific circumstances. Section 36 of the 2000 Act holds that disclosure need not be made if the Chief Executive of the public authority in question certifies, as part of a reasoned opinion on reasonable grounds, that disclosure would be likely to inhibit the free and frank provision of advice, the free and frank exchange of views for the purposes of deliberation, or would otherwise be likely to prejudice the effective conduct of public affairs. This is likely to apply rarely, not least because it requires the personal sanction of the Chief Executive. This exception is also qualified – the test is whether, on balance, disclosure is in the public interest. As such, a balance will need to be struck between protecting the individual patient’s privacy and informing the public about the role and purposes of the clinical ethics service. We understand that the balance might best be struck by allowing (only) the disclosure of anonymised information, provided that “jigsaw identification” is avoided.
- Prepare an annual report that can be lawfully shared. Clinical ethics services may wish to ensure that any annual report they share with the host organisation is capable of meeting the legal obligations outlined here. The annual report could have two parts. The first part could be disclosable information, for example, about membership, activities, governance, etc. The second part could summarise any cases considered. Patient identifiable information should not be included and the second part of the document should be detachable and/or redactable in the event of a FOI request. Preparing a report in this way should help to protect individual patients from being identified, whilst also allowing the public to scrutinise the work and governance of the clinical ethics service.