As regards Retrospective Chart Reviews carried out for research purposes, and having consulted with the Data Protection Commission, it has been determined that the requirement for explicit consent will commence on 1 May 2019. This is to allow hospitals and other data controllers who carry out such reviews to adapt their procedures to capture the relevant explicit consent from patients. All other suitable and specified safeguards set out in the Health Research Regulations will continue to apply in the interim period as will other requirements arising under the General Data Protection Regulation. Where a hospital or other data controller does not use this time to put a mechanism in place to capture explicit consent for retrospective chart reviews for research purposes then applications to the Consent Declaration Committee for a consent declaration for such reviews will be unlikely to succeed.
Retrospective chart reviews that are undertaken for the purposes of a) clinical audit, b) service evaluation or c) training do not fall under the remit of the Health Research Regulations, 2018. However, they are still covered by the GDPR and professional and ethical rules.
It is accepted that the distinction between research, clinical audit, service evaluation and training can be a fine one. As with every aspect of the GDPR, it is for the data controller to determine whether a particular processing activity is health research or clinical audit or something else and to be able to justify that view having regard to the individual circumstances involved. Accordingly, Data Protection Officers within organisations are best placed to offer advice on particular processing activities.
It is acknowledged that, in the past, retrospective studies sought REC approval for a consent waiver. Unfortunately, consent waivers by RECs do not and never had any legal validity. However, it is recognised that such REC consent waivers were generally issued in good faith.
The Department of Health has indicated that it is willing to look further at the challenges posed by the consent waivers given by RECs and retrospective chart reviews to see if something can be done to ameliorate the situation. Any potential positive outcome would have to be consistent with the parameters of GDPR and protecting the rights of data subjects.