Unit 1.2: Legal and Ethical Frameworks

• Topic 01

  Consent and Mental Capacity

  45 questions
• Topic 02

  Confidentiality and Data Protection

  45 questions
• Topic 03

  Negligence, Duty of Care and Liability

  45 questions
• Topic 04

  Whistleblowing and Raising Concerns

  45 questions

A few questions from this unit, with the answer and a full explanation. The complete bank is available when you start practising.

1. An NHS trust shares a dataset with a university research team, describing it as 'anonymised.' The dataset includes patient age, postcode sector, diagnosis, treatment date, and length of stay. The university team identifies that certain combinations of these fields allow re-identification of specific patients. What are the information governance implications for the trust?

   • A
     The trust only has data protection obligations if the re-identification of patients is deliberate rather than accidental or incidental
   • B
     If the data allows re-identification by reasonable means, it is personal data under UK GDPR, not anonymised data — the sharing was potentially unlawful and may constitute a data breach requiring ICO notification and review of the sharing arrangement
     Correct answer
   • C
     As long as no names or NHS numbers are included in the dataset, the data cannot constitute a data breach under UK GDPR or ICO guidance
   • D
     The university team bears sole responsibility for any re-identification that occurs — the trust's obligations end at the point of transfer
   Explanation

   Under UK GDPR Recital 26, data is personal data if individuals are identifiable by 'reasonable means,' even if direct identifiers are absent. If a combination of quasi-identifiers (age, postcode sector, diagnosis, treatment date, length of stay) allows re-identification, the dataset is personal data, not truly anonymised data. The trust's disclosure was therefore the sharing of personal data without a lawful basis, potentially constituting a data breach. The ICO Information Commissioner has provided guidance on anonymisation (the Anonymisation Code of Practice) setting out the standard for achieving true anonymisation. The trust should review the data sharing agreement, notify the ICO if required, and take steps to prevent recurrence.

2. A nurse administers a clearly incorrect medication dose, causing a patient to experience a severe adverse reaction requiring admission to intensive care. The patient sues. The nurse argues the pharmacist who dispensed the drug bears sole responsibility. Which analysis of liability is most accurate?

   • A
     Only the NHS trust is liable — vicarious liability means individual clinicians bear no personal responsibility
   • B
     The nurse may be primarily liable for administering a dose they should have recognised as unsafe; the pharmacist may share liability if they dispensed an incorrectly labelled dose; both may be independently negligent
     Correct answer
   • C
     No individual is liable — medication errors in complex systems are treated as system failures only
   • D
     The nurse is fully liable because they administered the drug, regardless of the pharmacist's role
   Explanation

   Each professional in the medication administration chain owes an independent duty of care. The nurse is responsible for verifying the drug, dose, patient, route, and time before administering — if a dose is clearly unsafe, the nurse has a professional duty to query it before proceeding. The pharmacist owes a duty to dispense and label correctly. Both may have independently breached their duty of care, and both may share liability for the harm. The NHS trust may be vicariously liable for the actions of its employed staff. Individual professional accountability under the NMC Code means that following instructions (from the pharmacy or the prescriber) does not remove the nurse's personal responsibility if an obvious error should have been challenged.

3. A patient undergoes a hip replacement and post-operatively is found to have a permanent nerve injury in an area unrelated to the operation site. Res ipsa loquitur is pleaded. The defendant argues this doctrine does not apply because nerve injuries can occur in the absence of negligence. How should this argument be resolved?

   • A
     The claimant wins automatically because the nerve damage was unforeseeable and therefore cannot have occurred in the absence of clinical error
   • B
     Res ipsa loquitur applies automatically because the patient was under general anaesthetic and therefore unable to prevent the injury from occurring
   • C
     Res ipsa loquitur applies where the event is of a kind that, in the ordinary course of things, does not happen without negligence — if nerve injuries at an unrelated site can occur without negligence, the doctrine may not apply and the claimant must prove negligence conventionally
     Correct answer
   • D
     Res ipsa loquitur always applies to any injury discovered post-operatively, as the patient was unable to protect themselves while under general anaesthetic
   Explanation

   Res ipsa loquitur requires that three conditions are met: (1) the event was of a kind that does not ordinarily occur without negligence; (2) the event was caused by an agent within the defendant's control; and (3) there was no negligence by the claimant contributing to the event. If a nerve injury at an unrelated site can occur as an inherent risk of surgery — for example, due to positioning or an unusual anatomical variant — then it is not of a kind that does not happen without negligence, and res ipsa loquitur may not apply. The defendant's argument is legally sound, and the claimant may need to prove negligence through conventional expert evidence.