2.4 Privacy and Confidentiality Issues

Each country has different laws, regulations and protocols for how to protect patient data. It is important to understand the laws or regulations related to the collection, use, dissemination and protection of personal information. Laws can be reviewed, and policies for collection, management and use of data can be implemented prior to initiating a congenital anomalies surveillance programme. Ideally, the authority to operate a surveillance programme will be made explicit by law and its regulations. It is important to have regulations in place to protect the public, as well as the providers and surveillance staff who report the information.

During the preparation of the protocol for a congenital anomalies surveillance programme, it is important to specify:

  • the purpose of surveillance
  • the types of data that will be collected and why these are necessary
  • how they will be collected (paper based, electronically or both)
  • who will have access to the data
  • how the data will be used
  • where the data will be stored and secured
  • how long the law requires the data to be archived.

Also, it is important to educate hospital personnel on the purpose of the surveillance programme, and how patient privacy and confidentiality will be protected. Lastly, it is essential that surveillance programme personnel sign confidentiality agreements prior to beginning work in the programme.


In the matter of personal health information, privacy is an individual’s right to control the acquisition, use and disclosure of his or her identifiable health information. To avoid using personal information, and to protect a family’s privacy, each fetus or neonate with a congenital anomaly is assigned a unique identifier.


In terms of patient data, confidentiality refers to an individual’s right to have his or her personal, identifiable medical information kept secure. Confidential information must be kept secure according to the regulations in each country, and out of sight of unauthorized people. It is important to note that confidential information can be made available only to specific health-care providers and to specific personnel overseeing the surveillance programme. When sharing the data with others in the country (e.g. hospital managers and policy-makers) all reports are aggregated and do not have any potential patient identifiers (e.g. name or address). If possible, confidentiality agreements are signed on a regular basis, to ensure that personnel are reminded of the importance of this practice.


When dealing with patient information, security refers to the technological and administrative safeguards and practices designed to protect data systems against unwarranted disclosure, modification or destruction. All individuals have the right to have personal, identifiable medical information kept secure. Security, in this context, refers specifically to how personal information is stored, who has access to this information, and with whom this information can be shared.

Informed consent

The processes and requirements related to informed consent vary by country. Because of the public health importance of evaluating and tracking the occurrence of congenital anomalies, most countries do not require informed consent prior to reporting a congenital anomaly diagnosis to a surveillance programme. If the country has a law that requires a consent form, then information may be shared only once this form has been signed. If the law does not require a consent form, parents can be told orally that the non-identifiable information will be shared.