[Skip to content]

National Research Ethics Service
Search our Site
Health Research Authority
National Patient Safety Agency - National Research Ethics Service - facilitating and promoting ethical research

Processing confidential patient information without consent

Under the Health Service (Control of Patient Information) Regulations 2002, confidential patient information may be processed for medical purposes in certain circumstances, provided that the processing has been approved by the Secretary of State for Health.

In the case of medical research, the processing must also be approved by a REC.

The 2002 Regulations were originally made under Section 60 of the Health and Social Care Act 2001, and continue in force under Section 251 of the National Health Service Act 2006.  Approvals under the Regulations are referred to as ‘Section 251 approval

The Secretary of State is advised on Section 251 applications by the National Information Governance Board’s Ethics and Confidentiality Committee (NIGB ECC).  Refer to the NIGB website for detailed guidance. Contact the NIGB for specific advice

Where Section 251 approval is given both by NIGB ECC and a REC, anything done by a person that is necessary for processing the information is lawful despite any obligation of confidence owed by that person.  Approval therefore has the effect of setting aside the legal duty of confidentiality owed by a healthcare professional in respect of information provided by the patient in the course of clinical care.


Ethical approval of applications under section 251 may be given by any REC within the UK Health Departments’ Research Ethics Service.  Application should normally be made to a REC in England or Wales.