Updated April 30th, 2019:
After further consultation with the Data Protection Commission, the Dept. of Health has confirmed that the requirement for explicit consent has been deferred for Retrospective chart reviews carried out by a data controller’s i) health practitioner and ii) employee and iii) affiliated students. More information can be read here
Retrospective chart reviews that are undertaken for the purposes of a) clinical audit, b) service evaluation or c) training do not fall under the remit of the Health Research Regulations, 2018. However, they are still covered by the GDPR and professional and ethical rules.
It is accepted that the distinction between research, clinical audit, service evaluation and training can be a fine one. As with every aspect of the GDPR, it is for the data controller to determine whether a particular processing activity is health research or clinical audit or something else and to be able to justify that view having regard to the individual circumstances involved. Accordingly, Data Protection Officers within organisations are best placed to offer advice on particular processing activities.